|
196241
|
6.5 |
MEDIUM
Network
|
strategy11
|
business_directory_plugin_-_easy_listing_directories
|
The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in admini…
|
-
|
CVE-2021-24249
|
2024-11-21 14:52 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196242
|
7.2 |
HIGH
Network
|
strategy11
|
business_directory_plugin_-_easy_listing_directories
|
The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.1 did not properly check for imported files, forbidding certain extension via a blacklist approach,…
|
-
|
CVE-2021-24248
|
2024-11-21 14:52 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196243
|
5.4 |
MEDIUM
Network
|
mooveagency
|
contact_form_check_tester
|
The Contact Form Check Tester WordPress plugin through 1.0.2 settings are visible to all registered users in the dashboard and are lacking any sanitisation. As a result, any registered user, such as …
|
-
|
CVE-2021-24247
|
2024-11-21 14:52 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196244
|
5.4 |
MEDIUM
Network
|
purethemes
|
workscout_core
workscout
|
The Workscout Core WordPress plugin before 1.3.4, used by the WorkScout Theme did not sanitise the chat messages sent via the workscout_send_message_chat AJAX action, leading to Stored Cross-Site Scr…
|
-
|
CVE-2021-24246
|
2024-11-21 14:52 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196245
|
6.1 |
MEDIUM
Network
|
trumani
|
stop_spammers
|
The Stop Spammers WordPress plugin before 2021.9 did not escape user input when blocking requests (such as matching a spam word), outputting it in an attribute after sanitising it to remove HTML tags…
|
-
|
CVE-2021-24245
|
2024-11-21 14:52 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196246
|
6.5 |
MEDIUM
Network
|
wpbakery_page_builder_clipboard_project
|
wpbakery_page_builder_clipboard
|
An AJAX action registered by the WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin before 4.5.8 did not have capability checks, allowing low privilege users, such as subscribers, to …
|
-
|
CVE-2021-24244
|
2024-11-21 14:52 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196247
|
5.4 |
MEDIUM
Network
|
wpbakery_page_builder_clipboard_project
|
wpbakery_page_builder_clipboard
|
An AJAX action registered by the WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin before 4.5.6 did not have capability checks nor sanitization, allowing low privilege users (subscri…
|
-
|
CVE-2021-24243
|
2024-11-21 14:52 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196248
|
9.8 |
CRITICAL
Network
|
imagements_project
|
imagements
|
The Imagements WordPress plugin through 1.2.5 allows images to be uploaded in comments, however only checks for the Content-Type in the request to forbid dangerous files. This allows unauthenticated …
|
-
|
CVE-2021-24236
|
2024-11-21 14:52 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196249
|
6.1 |
MEDIUM
Network
|
daggerhartlab
|
openid_connect_generic_client
|
The OpenID Connect Generic Client WordPress plugin 3.8.0 and 3.8.1 did not sanitise the login error when output back in the login form, leading to a reflected Cross-Site Scripting issue. This issue d…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24214
|
2024-11-21 14:52 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196250
|
8.8 |
HIGH
Network
|
strategy11
|
business_directory_plugin_-_easy_listing_directories
|
The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administ…
|
-
|
CVE-2021-24179
|
2024-11-21 14:52 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
