|
196391
|
6.1 |
MEDIUM
Network
|
gowebsolutions
|
wp_customer_reviews
|
Unvalidated input and lack of output encoding in the WP Customer Reviews WordPress plugin, versions before 3.4.3, lead to multiple Stored Cross-Site Scripting vulnerabilities allowing remote attacker…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24135
|
2024-11-21 14:52 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196392
|
4.8 |
MEDIUM
Network
|
constantcontact
|
constant_contact_forms
|
Unvalidated input and lack of output encoding in the Constant Contact Forms WordPress plugin, versions before 1.8.8, lead to multiple Stored Cross-Site Scripting vulnerabilities, which allowed high-p…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24134
|
2024-11-21 14:52 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196393
|
4.3 |
MEDIUM
Network
|
activecampaign
|
activecampaign
|
Lack of CSRF checks in the ActiveCampaign WordPress plugin, versions before 8.0.2, on its Settings form, which could allow attacker to make a logged-in administrator change API Credentials to attacke…
|
CWE-352
Origin Validation Error
|
CVE-2021-24133
|
2024-11-21 14:52 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196394
|
8.8 |
HIGH
Network
|
10web
|
slider
|
The Slider by 10Web WordPress plugin, versions before 1.2.36, in the bulk_action, export_full and save_slider_db functionalities of the plugin were vulnerable, allowing a high privileged user (Admin)…
|
CWE-89
SQL Injection
|
CVE-2021-24132
|
2024-11-21 14:52 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196395
|
7.2 |
HIGH
Network
|
cleantalk
|
anti-spam
|
Unvalidated input in the Anti-Spam by CleanTalk WordPress plugin, versions before 5.149, lead to multiple authenticated SQL injection vulnerabilities, however, it requires high privilege user (admin+…
|
CWE-89
SQL Injection
|
CVE-2021-24131
|
2024-11-21 14:52 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196396
|
7.2 |
HIGH
Network
|
flippercode
|
wp_google_map
|
Unvalidated input in the WP Google Map Plugin WordPress plugin, versions before 4.1.5, in the Manage Locations page within the plugin settings was vulnerable to SQL Injection through a high privilege…
|
CWE-89
SQL Injection
|
CVE-2021-24130
|
2024-11-21 14:52 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196397
|
5.4 |
MEDIUM
Network
|
themify
|
portfolio_post
|
Unvalidated input and lack of output encoding in the Themify Portfolio Post WordPress plugin, versions before 1.1.6, lead to Stored Cross-Site Scripting (XSS) vulnerabilities allowing low-privileged …
|
CWE-79
Cross-site Scripting
|
CVE-2021-24129
|
2024-11-21 14:52 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196398
|
5.4 |
MEDIUM
Network
|
wpdarko
|
team_members
|
Unvalidated input and lack of output encoding in the Team Members WordPress plugin, versions before 5.0.4, lead to Cross-site scripting vulnerabilities allowing medium-privileged authenticated attack…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24128
|
2024-11-21 14:52 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196399
|
5.4 |
MEDIUM
Network
|
caseproof
|
thirstyaffiliates_affiliate_link_manager
|
Unvalidated input and lack of output encoding in the ThirstyAffiliates Affiliate Link Manager WordPress plugin, versions before 3.9.3, was vulnerable to authenticated Stored Cross-Site Scripting (XSS…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24127
|
2024-11-21 14:52 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196400
|
5.4 |
MEDIUM
Network
|
enviragallery
|
envira_gallery
|
Unvalidated input and lack of output encoding in the Envira Gallery Lite WordPress plugin, versions before 1.8.3.3, did not properly sanitise the images metadata (namely title) before outputting them…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24126
|
2024-11-21 14:52 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
