|
196191
|
6.1 |
MEDIUM
Network
|
ibenic
|
simple_giveaways
|
The method and share GET parameters of the Giveaway pages were not sanitised, validated or escaped before being output back in the pages, thus leading to reflected XSS
|
-
|
CVE-2021-24298
|
2024-11-21 14:52 |
2021-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196192
|
6.1 |
MEDIUM
Network
|
boostifythemes
|
goto
|
The Goto WordPress theme before 2.1 did not properly sanitize the formvalue JSON POST parameter in its tl_filter AJAX action, leading to an unauthenticated Reflected Cross-site Scripting (XSS) vulner…
|
-
|
CVE-2021-24297
|
2024-11-21 14:52 |
2021-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196193
|
4.8 |
MEDIUM
Network
|
gowebsolutions
|
wp_customer_reviews
|
The WP Customer Reviews WordPress plugin before 3.5.6 did not sanitise some of its settings, allowing high privilege users such as administrators to set XSS payloads in them which will then be trigge…
|
-
|
CVE-2021-24296
|
2024-11-21 14:52 |
2021-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196194
|
6.1 |
MEDIUM
Network
|
mlfactory
|
dsgvo_all_in_one_for_wp
|
The dsgvoaio_write_log AJAX action of the DSGVO All in one for WP WordPress plugin before 4.0 did not sanitise or escape some POST parameter submitted before outputting them in the Log page in the ad…
|
-
|
CVE-2021-24294
|
2024-11-21 14:52 |
2021-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196195
|
4.8 |
MEDIUM
Network
|
clogica
|
seo_redirection_plugin
|
The SEO Redirection Plugin – 301 Redirect Manager WordPress plugin before 6.4 did not sanitise the Redirect From and Redirect To fields when creating a new redirect in the dashboard, allowing high pr…
|
-
|
CVE-2021-24327
|
2024-11-21 14:52 |
2021-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196196
|
5.4 |
MEDIUM
Network
|
clogica
|
all_404_redirect_to_homepage
|
The tab parameter of the settings page of the All 404 Redirect to Homepage WordPress plugin before 1.21 was vulnerable to an authenticated reflected Cross-Site Scripting (XSS) issue as user input was…
|
-
|
CVE-2021-24326
|
2024-11-21 14:52 |
2021-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196197
|
6.1 |
MEDIUM
Network
|
clogica
|
seo_redirection_plugin
|
The tab parameter of the settings page of the 404 SEO Redirection WordPress plugin through 1.3 is vulnerable to a reflected Cross-Site Scripting (XSS) issue as user input is not properly sanitised or…
|
-
|
CVE-2021-24325
|
2024-11-21 14:52 |
2021-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196198
|
6.5 |
MEDIUM
Network
|
clogica
|
all_404_redirect_to_homepage
|
The 404 SEO Redirection WordPress plugin through 1.3 is lacking CSRF checks in all its settings, allowing attackers to make a logged in user change the plugin's settings. Due to the lack of sanitisat…
|
-
|
CVE-2021-24324
|
2024-11-21 14:52 |
2021-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196199
|
4.8 |
MEDIUM
Network
|
woocommerce
|
woocommerce
|
When taxes are enabled, the "Additional tax classes" field was not properly sanitised or escaped before being output back in the admin dashboard, allowing high privilege users such as admin to use XS…
|
-
|
CVE-2021-24323
|
2024-11-21 14:52 |
2021-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196200
|
4.8 |
MEDIUM
Network
|
givewp
|
givewp
|
The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.10.4 did not sanitise or escape the Background Image field of its Stripe Checkout Setting and Logo field in its Email s…
|
-
|
CVE-2021-24315
|
2024-11-21 14:52 |
2021-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
