|
196021
|
5.3 |
MEDIUM
Network
|
silkypress
|
wp_image_zoom
|
The WP Image Zoom WordPress plugin before 1.47 did not validate its tab parameter before using it in the include_once() function, leading to a local file inclusion issue in the admin dashboard
|
-
|
CVE-2021-24447
|
2024-11-21 14:53 |
2021-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196022
|
6.1 |
MEDIUM
Network
|
boldgrid
|
w3_total_cache
|
The W3 Total Cache WordPress plugin before 2.1.4 was vulnerable to a reflected Cross-Site Scripting (XSS) security vulnerability within the "extension" parameter in the Extensions dashboard, which is…
|
-
|
CVE-2021-24436
|
2024-11-21 14:53 |
2021-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196023
|
6.1 |
MEDIUM
Network
|
boldgrid
|
w3_total_cache
|
The W3 Total Cache WordPress plugin before 2.1.5 was affected by a reflected Cross-Site Scripting (XSS) issue within the "extension" parameter in the Extensions dashboard, when the 'Anonymously track…
|
-
|
CVE-2021-24452
|
2024-11-21 14:53 |
2021-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196024
|
6.1 |
MEDIUM
Network
|
yop-poll
|
yop_poll
|
In the YOP Poll WordPress plugin before 6.2.8, when a pool is created with the options "Allow other answers", "Display other answers in the result list" and "Show results", it can lead to Stored Cros…
|
-
|
CVE-2021-24454
|
2024-11-21 14:53 |
2021-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196025
|
9.8 |
CRITICAL
Network
|
wpdevart
|
poll\
_survey\
_questionnaire_and_voting_system
|
The Poll, Survey, Questionnaire and Voting system WordPress plugin before 1.5.3 did not sanitise, escape or validate the date_answers[] POST parameter before using it in a SQL statement when sending …
|
-
|
CVE-2021-24442
|
2024-11-21 14:53 |
2021-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196026
|
8.0 |
HIGH
Network
|
fetchdesigns
|
sign-up_sheets
|
The Sign-up Sheets WordPress plugin before 1.0.14 does not not sanitise or validate the Sheet title when generating the CSV to export, which could lead to a CSV injection issue
|
-
|
CVE-2021-24441
|
2024-11-21 14:53 |
2021-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196027
|
4.8 |
MEDIUM
Network
|
fetchdesigns
|
sign-up_sheets
|
The Sign-up Sheets WordPress plugin before 1.0.14 did not sanitise or escape some of its fields when creating a new sheet, allowing high privilege users to add JavaScript in them, leading to a Stored…
|
-
|
CVE-2021-24440
|
2024-11-21 14:53 |
2021-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196028
|
5.4 |
MEDIUM
Network
|
prothemedesign
|
browser_screenshots
|
The Browser Screenshots WordPress plugin before 1.7.6 allowed authenticated users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks as the image_class parameter of the …
|
-
|
CVE-2021-24439
|
2024-11-21 14:53 |
2021-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196029
|
6.1 |
MEDIUM
Network
|
codeblab
|
glass
|
The Glass WordPress plugin through 1.3.2 does not sanitise or escape its "Glass Pages" setting before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin did…
|
CWE-352
CWE-79
Origin Validation Error
Cross-site Scripting
|
CVE-2021-24434
|
2024-11-21 14:53 |
2021-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196030
|
6.1 |
MEDIUM
Network
|
salonbookingsystem
|
salon_booking_system
|
The Salon booking system WordPress plugin before 6.3.1 does not properly sanitise and escape the First Name field when booking an appointment, allowing low privilege users such as subscriber to set J…
|
-
|
CVE-2021-24429
|
2024-11-21 14:53 |
2021-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
