|
196531
|
5.4 |
MEDIUM
Network
|
elementor
|
website_builder
|
In the Elementor Website Builder WordPress plugin before 3.1.4, the column element (includes/elements/column.php) accepts an ‘html_tag’ parameter. Although the element control lists a fixed set of po…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24201
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196532
|
6.5 |
MEDIUM
Network
|
themeum
|
tutor_lms
|
The tutor_place_rating AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 was vulnerable to blind and time based SQL injections that could be exploite…
|
CWE-89
SQL Injection
|
CVE-2021-24185
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196533
|
8.8 |
HIGH
Network
|
themeum
|
tutor_lms
|
Several AJAX endpoints in the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 were unprotected, allowing students to modify course information and elevate their privile…
|
-
|
CVE-2021-24184
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196534
|
6.5 |
MEDIUM
Network
|
themeum
|
tutor_lms
|
The tutor_quiz_builder_get_question_form AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be …
|
CWE-89
SQL Injection
|
CVE-2021-24183
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196535
|
6.5 |
MEDIUM
Network
|
themeum
|
tutor_lms
|
The tutor_quiz_builder_get_answers_by_question AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that cou…
|
CWE-89
SQL Injection
|
CVE-2021-24182
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196536
|
6.5 |
MEDIUM
Network
|
themeum
|
tutor_lms
|
The tutor_mark_answer_as_correct AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 was vulnerable to blind and time based SQL injections that could b…
|
CWE-89
SQL Injection
|
CVE-2021-24181
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196537
|
5.4 |
MEDIUM
Network
|
never5
|
related_posts
|
Unvalidated input and lack of output encoding within the Related Posts for WordPress plugin before 2.0.4 lead to a Reflected Cross-Site Scripting (XSS) vulnerability within the 'lang' GET parameter w…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24180
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196538
|
5.4 |
MEDIUM
Network
|
webdesi9
|
file_manager
|
In the default configuration of the File Manager WordPress plugin before 7.1, a Reflected XSS can occur on the endpoint /wp-admin/admin.php?page=wp_file_manager_properties when a payload is submitted…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24177
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196539
|
5.4 |
MEDIUM
Network
|
jh_404_logger_project
|
jh_404_logger
|
The JH 404 Logger WordPress plugin through 1.1 doesn't sanitise the referer and path of 404 pages, when they are output in the dashboard, which leads to executing arbitrary JavaScript code in the Wor…
|
-
|
CVE-2021-24176
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196540
|
9.8 |
CRITICAL
Network
|
posimyth
|
the_plus_addons_for_elementor
|
The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.7 was being actively exploited to by malicious actors to bypass authentication, allowing unauthenticated users to log in as any …
|
CWE-287
Improper Authentication
|
CVE-2021-24175
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
