|
196081
|
4.3 |
MEDIUM
Network
|
motopress
|
timetable_and_event_schedule
|
The Timetable and Event Schedule WordPress plugin before 2.4.2 does not have proper access control when deleting a timeslot, allowing any user with the edit_posts capability (contributor+) to delete …
|
CWE-352
Origin Validation Error
|
CVE-2021-24583
|
2024-11-21 14:53 |
2021-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196082
|
5.4 |
MEDIUM
Network
|
thinktwit_project
|
thinktwit
|
The ThinkTwit WordPress plugin before 1.7.1 did not sanitise or escape its "Consumer key" setting before outputting it its settings page, leading to a Stored Cross-Site Scripting issue.
|
-
|
CVE-2021-24582
|
2024-11-21 14:53 |
2021-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196083
|
4.8 |
MEDIUM
Network
|
alojapro
|
alojapro_widget
|
The Alojapro Widget WordPress plugin through 1.1.15 doesn't properly sanitise its Custom CSS settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_h…
|
-
|
CVE-2021-24530
|
2024-11-21 14:53 |
2021-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196084
|
5.4 |
MEDIUM
Network
|
getshortcodes
|
shortcodes_ultimate
|
The Shortcodes Ultimate WordPress plugin before 5.10.2 allows users with Contributor roles to perform stored XSS via shortcode attributes. Note: the plugin is inconsistent in its handling of shortcod…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24525
|
2024-11-21 14:53 |
2021-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196085
|
6.5 |
MEDIUM
Network
|
motopress
|
timetable_and_event_schedule
|
The Timetable and Event Schedule WordPress plugin before 2.4.0 outputs the Hashed Password, Username and Email Address (along other less sensitive data) of the user related to the Even Head of the Ti…
|
-
|
CVE-2021-24585
|
2024-11-21 14:53 |
2021-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196086
|
5.4 |
MEDIUM
Network
|
motopress
|
timetable_and_event_schedule
|
The Timetable and Event Schedule WordPress plugin before 2.4.2 does not have proper access control when updating a timeslot, allowing any user with the edit_posts capability (contributor+) to update …
|
-
|
CVE-2021-24584
|
2024-11-21 14:53 |
2021-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196087
|
7.2 |
HIGH
Network
|
dpl
|
product_feed_on_woocommerce
|
The fetch_product_ajax functionality in the Product Feed on WooCommerce WordPress plugin before 3.3.1.0 uses a `product_id` POST parameter which is not properly sanitised, escaped or validated before…
|
-
|
CVE-2021-24511
|
2024-11-21 14:53 |
2021-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196088
|
8.8 |
HIGH
Network
|
wp-board_project
|
wp-board
|
The options.php file of the WP-Board WordPress plugin through 1.1 beta accepts a postid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL inje…
|
-
|
CVE-2021-24404
|
2024-11-21 14:53 |
2021-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196089
|
7.2 |
HIGH
Network
|
wpagecontact_project
|
wpagecontact
|
The Orders functionality in the WordPress Page Contact plugin through 1.0 has an order_id parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL in…
|
-
|
CVE-2021-24403
|
2024-11-21 14:53 |
2021-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196090
|
7.2 |
HIGH
Network
|
solvercircle
|
wp_icommerce
|
The Orders functionality in the WP iCommerce WordPress plugin through 1.1.1 has an `order_id` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQ…
|
-
|
CVE-2021-24402
|
2024-11-21 14:53 |
2021-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
