|
196061
|
7.2 |
HIGH
Network
|
wp-domain-redirect_project
|
wp-domain-redirect
|
The Edit domain functionality in the WP Domain Redirect WordPress plugin through 1.0 has an `editid` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leadin…
|
-
|
CVE-2021-24401
|
2024-11-21 14:52 |
2021-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196062
|
7.2 |
HIGH
Network
|
wp-display-users_project
|
wp-display-users
|
The Edit Role functionality in the Display Users WordPress plugin through 2.0.0 had an `id` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL …
|
-
|
CVE-2021-24400
|
2024-11-21 14:52 |
2021-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196063
|
7.2 |
HIGH
Network
|
ombu
|
the_sorter
|
The check_order function of The Sorter WordPress plugin through 1.0 uses an `area_id` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL inject…
|
-
|
CVE-2021-24399
|
2024-11-21 14:52 |
2021-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196064
|
7.2 |
HIGH
Network
|
webpsilon
|
responsive_3d_slider
|
The Add new scene functionality in the Responsive 3D Slider WordPress plugin through 1.2 uses an id parameter which is not sanitised, escaped or validated before being inserted to a SQL statement, le…
|
-
|
CVE-2021-24398
|
2024-11-21 14:52 |
2021-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196065
|
7.2 |
HIGH
Network
|
activemedia
|
microcopy
|
The edit functionality in the MicroCopy WordPress plugin through 1.1.0 makes a get request to fetch the related option. The id parameter used is not sanitised, escaped or validated before inserting t…
|
-
|
CVE-2021-24397
|
2024-11-21 14:52 |
2021-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196066
|
7.2 |
HIGH
Network
|
bestiaweb
|
gseor
|
A pageid GET parameter of the GSEOR – WordPress SEO Plugin WordPress plugin through 1.3 is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.
|
-
|
CVE-2021-24396
|
2024-11-21 14:52 |
2021-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196067
|
9.8 |
CRITICAL
Network
|
facebook
|
parlai
|
Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files could provide malicious input, resulting in remote code execution or similar ris…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2021-24040
|
2024-11-21 14:52 |
2021-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196068
|
8.8 |
HIGH
Network
|
fortinet
|
fortimanager
|
An improper access control vulnerability in FortiManager versions 6.4.0 to 6.4.3 may allow an authenticated attacker with a restricted user profile to access the SD-WAN Orchestrator panel via directl…
|
NVD-CWE-Other
|
CVE-2021-24006
|
2024-11-21 14:52 |
2021-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196069
|
7.2 |
HIGH
Network
|
geekwebsolution
|
embed_youtube_video
|
The editid GET parameter of the Embed Youtube Video WordPress plugin through 1.0 is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.
|
CWE-89
SQL Injection
|
CVE-2021-24395
|
2024-11-21 14:52 |
2021-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196070
|
7.2 |
HIGH
Network
|
easy_testimonial_manager_project
|
easy_testimonial_manager
|
An id GET parameter of the Easy Testimonial Manager WordPress plugin through 1.2.0 is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection
|
CWE-89
SQL Injection
|
CVE-2021-24394
|
2024-11-21 14:52 |
2021-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
