|
196341
|
7.5 |
HIGH
Network
|
cozmoslabs
|
user_profile_picture
|
The REST API endpoint get_users in the User Profile Picture WordPress plugin before 2.5.0 returned more information than was required for its functionality to users with the upload_files capability. …
|
CWE-200
Information Exposure
|
CVE-2021-24170
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196342
|
6.1 |
MEDIUM
Network
|
algolplus
|
advanced_order_export_for_woocommerce
|
This Advanced Order Export For WooCommerce WordPress plugin before 3.1.8 helps you to easily export WooCommerce order data. The tab parameter in the Admin Panel is vulnerable to reflected XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2021-24169
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196343
|
5.4 |
MEDIUM
Network
|
easy_contact_form_pro_project
|
easy_contact_form_pro
|
The Easy Contact Form Pro WordPress plugin before 1.1.1.9 did not properly sanitise the text fields (such as Email Subject, Email Recipient, etc) when creating or editing a form, leading to an authen…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24168
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196344
|
7.5 |
HIGH
Network
|
web-stat
|
web-stat
|
When visiting a site running Web-Stat < 1.4.0, the "wts_web_stat_load_init" function used the visitor’s browser to send an XMLHttpRequest request to https://wts2.one/ajax.htm?action=lookup_WP_account.
|
CWE-200
Information Exposure
|
CVE-2021-24167
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196345
|
5.4 |
MEDIUM
Network
|
ninjaforms
|
ninja_forms
|
The wp_ajax_nf_oauth_disconnect from the Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 had no nonce protection making it possible for attacker…
|
CWE-352
Origin Validation Error
|
CVE-2021-24166
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196346
|
6.1 |
MEDIUM
Network
|
ninjaforms
|
ninja_forms
|
In the Ninja Forms Contact Form WordPress plugin before 3.4.34, the wp_ajax_nf_oauth_connect AJAX action was vulnerable to open redirect due to the use of a user supplied redirect parameter and no pr…
|
CWE-601
Open Redirect
|
CVE-2021-24165
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196347
|
4.3 |
MEDIUM
Network
|
ninjaforms
|
ninja_forms
|
In the Ninja Forms Contact Form WordPress plugin before 3.4.34.1, low-level users, such as subscribers, were able to trigger the action, wp_ajax_nf_oauth, and retrieve the connection url needed to es…
|
CWE-862
Missing Authorization
|
CVE-2021-24164
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196348
|
8.8 |
HIGH
Network
|
ninjaforms
|
ninja_forms
|
The AJAX action, wp_ajax_ninja_forms_sendwp_remote_install_handler, did not have a capability check on it, nor did it have any nonce protection, therefore making it possible for low-level users, such…
|
CWE-862
Missing Authorization
|
CVE-2021-24163
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196349
|
8.8 |
HIGH
Network
|
expresstech
|
responsive_menu
|
In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into importing all new settings. These settings could be modified to in…
|
CWE-352
Origin Validation Error
|
CVE-2021-24162
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196350
|
8.8 |
HIGH
Network
|
expresstech
|
responsive_menu
|
In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into uploading a zip archive containing malicious PHP files. The attack…
|
CWE-352
Origin Validation Error
|
CVE-2021-24161
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
