|
196121
|
6.1 |
MEDIUM
Network
|
getastra
|
wp_hardening
|
The WP Hardening – Fix Your WordPress Security WordPress plugin before 1.2.2 did not sanitise or escape the historyvalue GET parameter before outputting it in a Javascript block, leading to a reflect…
|
-
|
CVE-2021-24373
|
2024-11-21 14:52 |
2021-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196122
|
6.1 |
MEDIUM
Network
|
getastra
|
wp_hardening
|
The WP Hardening – Fix Your WordPress Security WordPress plugin before 1.2.2 did not sanitise or escape the $_SERVER['REQUEST_URI'] before outputting it in an attribute, leading to a reflected Cross-…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24372
|
2024-11-21 14:52 |
2021-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196123
|
9.8 |
CRITICAL
Network
|
radykal
|
fancy_product_designer
|
The Fancy Product Designer WordPress plugin before 4.6.9 allows unauthenticated attackers to upload arbitrary files, resulting in remote code execution.
|
-
|
CVE-2021-24370
|
2024-11-21 14:52 |
2021-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196124
|
5.4 |
MEDIUM
Network
|
ayecode
|
getpaid
|
In the GetPaid WordPress plugin before 2.3.4, users with the contributor role and above can create a new Payment Form, however the Label and Help Text input fields were not getting sanitized properly…
|
-
|
CVE-2021-24369
|
2024-11-21 14:52 |
2021-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196125
|
5.4 |
MEDIUM
Network
|
wp_config_file_editor_project
|
wp_config_file_editor
|
The WP Config File Editor WordPress plugin through 1.7.1 was affected by an Authenticated Stored Cross-Site Scripting (XSS) vulnerability.
|
-
|
CVE-2021-24367
|
2024-11-21 14:52 |
2021-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196126
|
5.4 |
MEDIUM
Network
|
admincolumns
|
admin_columns
|
The Admin Columns WordPress plugin before 4.3 and Admin Columns Pro WordPress plugin before 5.5.1 do not sanitise and escape its Label settings, which could allow high privilege users such as admin t…
|
-
|
CVE-2021-24366
|
2024-11-21 14:52 |
2021-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196127
|
6.1 |
MEDIUM
Network
|
tielabs
|
jannah
|
The Jannah WordPress theme before 5.4.4 did not properly sanitize the options JSON parameter in its tie_get_user_weather AJAX action before outputting it back in the page, leading to a Reflected Cros…
|
-
|
CVE-2021-24364
|
2024-11-21 14:52 |
2021-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196128
|
9.8 |
CRITICAL
Network
|
ayecode
|
location_manager
|
In the Location Manager WordPress plugin before 2.1.0.10, the AJAX action gd_popular_location_list did not properly sanitise or validate some of its POST parameters, which are then used in a SQL stat…
|
-
|
CVE-2021-24361
|
2024-11-21 14:52 |
2021-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196129
|
5.4 |
MEDIUM
Network
|
podsfoundation
|
pods
|
The Pods – Custom Content Types and Fields WordPress plugin before 2.7.27 was vulnerable to an Authenticated Stored Cross-Site Scripting (XSS) security vulnerability within the 'Menu Label' field par…
|
-
|
CVE-2021-24339
|
2024-11-21 14:52 |
2021-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196130
|
5.4 |
MEDIUM
Network
|
podsfoundation
|
pods
|
The Pods – Custom Content Types and Fields WordPress plugin before 2.7.27 was vulnerable to an Authenticated Stored Cross-Site Scripting (XSS) security vulnerability within the 'Singular Label' field…
|
-
|
CVE-2021-24338
|
2024-11-21 14:52 |
2021-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
