|
196331
|
6.5 |
MEDIUM
Network
|
themeum
|
tutor_lms
|
The tutor_quiz_builder_get_answers_by_question AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that cou…
|
CWE-89
SQL Injection
|
CVE-2021-24182
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196332
|
6.5 |
MEDIUM
Network
|
themeum
|
tutor_lms
|
The tutor_mark_answer_as_correct AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 was vulnerable to blind and time based SQL injections that could b…
|
CWE-89
SQL Injection
|
CVE-2021-24181
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196333
|
5.4 |
MEDIUM
Network
|
never5
|
related_posts
|
Unvalidated input and lack of output encoding within the Related Posts for WordPress plugin before 2.0.4 lead to a Reflected Cross-Site Scripting (XSS) vulnerability within the 'lang' GET parameter w…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24180
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196334
|
5.4 |
MEDIUM
Network
|
webdesi9
|
file_manager
|
In the default configuration of the File Manager WordPress plugin before 7.1, a Reflected XSS can occur on the endpoint /wp-admin/admin.php?page=wp_file_manager_properties when a payload is submitted…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24177
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196335
|
5.4 |
MEDIUM
Network
|
jh_404_logger_project
|
jh_404_logger
|
The JH 404 Logger WordPress plugin through 1.1 doesn't sanitise the referer and path of 404 pages, when they are output in the dashboard, which leads to executing arbitrary JavaScript code in the Wor…
|
-
|
CVE-2021-24176
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196336
|
9.8 |
CRITICAL
Network
|
posimyth
|
the_plus_addons_for_elementor
|
The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.7 was being actively exploited to by malicious actors to bypass authentication, allowing unauthenticated users to log in as any …
|
CWE-287
Improper Authentication
|
CVE-2021-24175
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196337
|
8.1 |
HIGH
Network
|
database-backups_project
|
database-backups
|
The Database Backups WordPress plugin through 1.2.2.6 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the database, change the plu…
|
-
|
CVE-2021-24174
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196338
|
6.1 |
MEDIUM
Network
|
vm_backups_project
|
vm_backups
|
The VM Backups WordPress plugin through 1.0 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as update the plugin's options, leading to a Stored Cross-Sit…
|
CWE-352
Origin Validation Error
|
CVE-2021-24173
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196339
|
4.3 |
MEDIUM
Network
|
vm_backups_project
|
vm_backups
|
The VM Backups WordPress plugin through 1.0 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the DB, plugins, and current .
|
CWE-352
Origin Validation Error
|
CVE-2021-24172
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196340
|
9.8 |
CRITICAL
Network
|
woocommerce
|
upload_files
|
The WooCommerce Upload Files WordPress plugin before 59.4 ran a single sanitization pass to remove blocked extensions such as .php. It was possible to bypass this and upload a file with a PHP extensi…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2021-24171
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
