|
196221
|
5.4 |
MEDIUM
Network
|
kainelabs
|
youzify
|
The About Me widget of the Youzify – BuddyPress Community, User Profile, Social Network & Membership WordPress plugin before 1.0.7 does not properly sanitise its Biography field, allowing any authent…
|
-
|
CVE-2021-24443
|
2024-11-21 14:53 |
2021-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196222
|
4.8 |
MEDIUM
Network
|
premio
|
mystickymenu
|
The Floating Notification Bar, Sticky Menu on Scroll, and Sticky Header for Any Theme – myStickymenu WordPress plugin before 2.5.2 does not sanitise or escape its Bar Text settings, allowing hight pr…
|
-
|
CVE-2021-24425
|
2024-11-21 14:53 |
2021-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196223
|
4.8 |
MEDIUM
Network
|
never5
|
related_posts
|
The Related Posts for WordPress plugin through 2.0.4 does not sanitise its heading_text and CSS settings, allowing high privilege users (admin) to set XSS payloads in them, leading to Stored Cross-Si…
|
-
|
CVE-2021-24482
|
2024-11-21 14:53 |
2021-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196224
|
8.8 |
HIGH
Network
|
include_me_project
|
include_me
|
The Include Me WordPress plugin through 1.2.1 is vulnerable to path traversal / local file inclusion, which can lead to Remote Code Execution (RCE) of the system due to log poisoning and therefore po…
|
-
|
CVE-2021-24453
|
2024-11-21 14:53 |
2021-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196225
|
5.3 |
MEDIUM
Network
|
silkypress
|
wp_image_zoom
|
The WP Image Zoom WordPress plugin before 1.47 did not validate its tab parameter before using it in the include_once() function, leading to a local file inclusion issue in the admin dashboard
|
-
|
CVE-2021-24447
|
2024-11-21 14:53 |
2021-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196226
|
6.1 |
MEDIUM
Network
|
boldgrid
|
w3_total_cache
|
The W3 Total Cache WordPress plugin before 2.1.4 was vulnerable to a reflected Cross-Site Scripting (XSS) security vulnerability within the "extension" parameter in the Extensions dashboard, which is…
|
-
|
CVE-2021-24436
|
2024-11-21 14:53 |
2021-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196227
|
6.1 |
MEDIUM
Network
|
boldgrid
|
w3_total_cache
|
The W3 Total Cache WordPress plugin before 2.1.5 was affected by a reflected Cross-Site Scripting (XSS) issue within the "extension" parameter in the Extensions dashboard, when the 'Anonymously track…
|
-
|
CVE-2021-24452
|
2024-11-21 14:53 |
2021-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196228
|
6.1 |
MEDIUM
Network
|
yop-poll
|
yop_poll
|
In the YOP Poll WordPress plugin before 6.2.8, when a pool is created with the options "Allow other answers", "Display other answers in the result list" and "Show results", it can lead to Stored Cros…
|
-
|
CVE-2021-24454
|
2024-11-21 14:53 |
2021-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196229
|
9.8 |
CRITICAL
Network
|
wpdevart
|
poll\
_survey\
_questionnaire_and_voting_system
|
The Poll, Survey, Questionnaire and Voting system WordPress plugin before 1.5.3 did not sanitise, escape or validate the date_answers[] POST parameter before using it in a SQL statement when sending …
|
-
|
CVE-2021-24442
|
2024-11-21 14:53 |
2021-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196230
|
8.0 |
HIGH
Network
|
fetchdesigns
|
sign-up_sheets
|
The Sign-up Sheets WordPress plugin before 1.0.14 does not not sanitise or validate the Sheet title when generating the CSV to export, which could lead to a CSV injection issue
|
-
|
CVE-2021-24441
|
2024-11-21 14:53 |
2021-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
