|
196351
|
8.8 |
HIGH
Network
|
expresstech
|
responsive_menu
|
In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, subscribers could upload zip archives containing malicious PHP files that would get extracted to the /rmp-menu/ directory. These f…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2021-24160
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196352
|
8.8 |
HIGH
Network
|
rocklobster
|
contact_form_7
|
Due to the lack of sanitization and lack of nonce protection on the custom CSS feature, an attacker could craft a request to inject malicious JavaScript on a site using the Contact Form 7 Style WordP…
|
CWE-352
Origin Validation Error
|
CVE-2021-24159
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196353
|
6.5 |
MEDIUM
Network
|
themeisle
|
orbit_fox
|
Orbit Fox by ThemeIsle has a feature to add a registration form to both the Elementor and Beaver Builder page builders functionality. As part of the registration form, administrators can choose which…
|
NVD-CWE-Other
|
CVE-2021-24158
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196354
|
5.4 |
MEDIUM
Network
|
themeisle
|
orbit_fox
|
Orbit Fox by ThemeIsle has a feature to add custom scripts to the header and footer of a page or post. There were no checks to verify that a user had the unfiltered_html capability prior to saving th…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24157
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196355
|
5.4 |
MEDIUM
Network
|
testimonial_rotator_project
|
testimonial_rotator
|
Stored Cross-Site Scripting vulnerabilities in Testimonial Rotator 3.0.3 allow low privileged users (Contributor) to inject arbitrary JavaScript code or HTML without approval. This could lead to priv…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24156
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196356
|
7.2 |
HIGH
Network
|
backup-guard
|
backup_guard
|
The WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users (admin+…
|
-
|
CVE-2021-24155
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196357
|
4.9 |
MEDIUM
Network
|
themeeditor
|
theme_editor
|
The Theme Editor WordPress plugin before 2.6 did not validate the GET file parameter before passing it to the download_file() function, allowing administrators to download arbitrary files on the web …
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2021-24154
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196358
|
5.4 |
MEDIUM
Network
|
yoast
|
yoast_seo
|
A Stored Cross-Site Scripting vulnerability was discovered in the Yoast SEO WordPress plugin before 3.4.1, which had built-in blacklist filters which were blacklisting Parenthesis as well as several …
|
CWE-79
Cross-site Scripting
|
CVE-2021-24153
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196359
|
6.1 |
MEDIUM
Network
|
sygnoos
|
popup_builder
|
The "All Subscribers" setting page of Popup Builder was vulnerable to reflected Cross-Site Scripting.
|
CWE-79
Cross-site Scripting
|
CVE-2021-24152
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196360
|
7.5 |
HIGH
Network
|
likebtn-like-button_project
|
likebtn-like-button
|
The LikeBtn WordPress Like Button Rating ? LikeBtn WordPress plugin before 2.6.32 was vulnerable to Unauthenticated Full-Read Server-Side Request Forgery (SSRF).
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2021-24150
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
