|
196201
|
9.8 |
CRITICAL
Network
|
boostifythemes
|
goto
|
The Goto WordPress theme before 2.1 did not sanitise, validate of escape the keywords GET parameter from its listing page before using it in a SQL statement, leading to an Unauthenticated SQL injecti…
|
-
|
CVE-2021-24314
|
2024-11-21 14:52 |
2021-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196202
|
6.1 |
MEDIUM
Network
|
catzsoft
|
redi_restaurant_reservation
|
The ReDi Restaurant Reservation WordPress plugin before 21.0426 provides the functionality to let users make restaurant reservations. These reservations are stored and can be listed on an 'Upcoming' …
|
CWE-79
Cross-site Scripting
|
CVE-2021-24299
|
2024-11-21 14:52 |
2021-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196203
|
6.1 |
MEDIUM
Network
|
de-baat
|
store_locator_plus
|
There are several endpoints in the Store Locator Plus for WordPress plugin through 5.5.15 that could allow unauthenticated attackers the ability to inject malicious JavaScript into pages.
|
-
|
CVE-2021-24290
|
2024-11-21 14:52 |
2021-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196204
|
8.8 |
HIGH
Network
|
de-baat
|
store_locator_plus
|
There is functionality in the Store Locator Plus for WordPress plugin through 5.5.14 that made it possible for authenticated users to update their user meta data to become an administrator on any sit…
|
-
|
CVE-2021-24289
|
2024-11-21 14:52 |
2021-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196205
|
6.1 |
MEDIUM
Network
|
acymailing
|
acymailing
|
When subscribing using AcyMailing, the 'redirect' parameter isn't properly sanitized. Turning the request from POST to GET, an attacker can craft a link containing a potentially malicious landing pag…
|
-
|
CVE-2021-24288
|
2024-11-21 14:52 |
2021-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196206
|
7.5 |
HIGH
Network
|
cleantalk
|
spam_protection\
_antispam\
_firewall
|
It was possible to exploit an Unauthenticated Time-Based Blind SQL Injection vulnerability in the Spam protection, AntiSpam, FireWall by CleanTalk WordPress Plugin before 5.153.4. The update_log func…
|
-
|
CVE-2021-24295
|
2024-11-21 14:52 |
2021-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196207
|
5.4 |
MEDIUM
Network
|
wedevs
|
happy_addons_for_elementor
|
The Happy Addons for Elementor WordPress plugin before 2.24.0, Happy Addons Pro for Elementor WordPress plugin before 1.17.0 have a number of widgets that are vulnerable to stored Cross-Site Scriptin…
|
-
|
CVE-2021-24292
|
2024-11-21 14:52 |
2021-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196208
|
6.1 |
MEDIUM
Network
|
10web
|
photo_gallery
|
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin before 1.5.69 was vulnerable to Reflected Cross-Site Scripting (XSS) issues via the gallery_id, tag, album_id and _id GET p…
|
-
|
CVE-2021-24291
|
2024-11-21 14:52 |
2021-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196209
|
6.1 |
MEDIUM
Network
|
mooveagency
|
select_all_categories_and_taxonomies\
_change_checkbox_to_radio_buttons
|
The settings page of the Select All Categories and Taxonomies, Change Checkbox to Radio Buttons WordPress plugin before 1.3.2 did not properly sanitise the tab parameter before outputting it back, le…
|
-
|
CVE-2021-24287
|
2024-11-21 14:52 |
2021-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196210
|
6.1 |
MEDIUM
Network
|
mooveagency
|
redirect_404_to_parent
|
The settings page of the Redirect 404 to parent WordPress plugin before 1.3.1 did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue
|
-
|
CVE-2021-24286
|
2024-11-21 14:52 |
2021-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
