|
196621
|
9.8 |
CRITICAL
Network
|
ays-pro
|
secure_copy_content_protection_and_content_locking
|
The Secure Copy Content Protection and Content Locking WordPress plugin before 2.8.2 does not escape the sccp_id parameter of the ays_sccp_results_export_file AJAX action (available to both unauthent…
|
-
|
CVE-2021-24931
|
2024-11-21 14:54 |
2021-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196622
|
5.4 |
MEDIUM
Network
|
booking-wp-plugin
|
bookly
|
The WordPress Online Booking and Scheduling Plugin WordPress plugin before 20.3.1 does not escape the Staff Full Name field before outputting it back in a page, which could lead to a Stored Cross-Sit…
|
-
|
CVE-2021-24930
|
2024-11-21 14:54 |
2021-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196623
|
6.1 |
MEDIUM
Network
|
email_log_project
|
email_log
|
The Email Log WordPress plugin before 2.4.8 does not escape the d parameter before outputting it back in an attribute in the Log page, leading to a Reflected Cross-Site Scripting issue
|
-
|
CVE-2021-24924
|
2024-11-21 14:54 |
2021-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196624
|
7.5 |
HIGH
Network
|
wpserveur
|
wps_hide_login
|
The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthentic…
|
CWE-863
Incorrect Authorization
|
CVE-2021-24917
|
2024-11-21 14:54 |
2021-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196625
|
8.0 |
HIGH
Network
|
tawk
|
tawk.to_live_chat
|
The Tawk.To Live Chat WordPress plugin before 0.6.0 does not have capability and CSRF checks in the tawkto_setwidget and tawkto_removewidget AJAX actions, available to any authenticated user. The fir…
|
CWE-352
Origin Validation Error
|
CVE-2021-24914
|
2024-11-21 14:54 |
2021-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196626
|
5.4 |
MEDIUM
Network
|
my_calendar_project
|
my_calendar
|
The My Calendar WordPress plugin before 3.2.18 does not sanitise and escape the callback parameter of the mc_post_lookup AJAX action (available to any authenticated user) before outputting it back in…
|
-
|
CVE-2021-24927
|
2024-11-21 14:54 |
2021-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196627
|
5.4 |
MEDIUM
Network
|
smashballoon
|
smash_balloon_social_post_feed
|
The Smash Balloon Social Post Feed WordPress plugin before 4.0.1 did not have any privilege or nonce validation before saving the plugin's setting. As a result, any logged-in user on a vulnerable sit…
|
-
|
CVE-2021-24918
|
2024-11-21 14:54 |
2021-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196628
|
9.8 |
CRITICAL
Network
|
contest_gallery
|
contest_gallery
|
The Contest Gallery WordPress plugin before 13.1.0.6 does not have capability checks and does not sanitise or escape the cg-search-user-name-original parameter before using it in a SQL statement when…
|
-
|
CVE-2021-24915
|
2024-11-21 14:54 |
2021-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196629
|
4.4 |
MEDIUM
Local
|
sophos
|
exploit_prevention
intercept_x_endpoint
intercept_x_for_server
|
A local administrator could prevent the HMPA service from starting despite tamper protection using an unquoted service path vulnerability in the HMPA component of Sophos Intercept X Advanced and Soph…
|
CWE-428
Unquoted Search Path or Element
|
CVE-2021-25269
|
2024-11-21 14:54 |
2021-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196630
|
5.3 |
MEDIUM
Network
|
isc
debian
fedoraproject
netapp
siemens
oracle
|
bind
debian_linux
fedora
h300s_firmware
h500s_firmware
h700s_firmware
h300e_firmware
h500e_firmware
h700e_firmware
h410s_firmware
h410c_firmware
cloud_backup
sinec…
|
In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BI…
|
NVD-CWE-noinfo
|
CVE-2021-25219
|
2024-11-21 14:54 |
2021-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
