|
197961
|
8.8 |
HIGH
Network
|
cashtomer_project
|
cashtomer
|
An editid GET parameter of the Cashtomer WordPress plugin through 1.0.0 is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.
|
CWE-89
SQL Injection
|
CVE-2021-24391
|
2024-11-21 14:52 |
2021-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197962
|
7.2 |
HIGH
Network
|
alipay_project
|
alipay
|
A proid GET parameter of the WordPress???Alipay|???Tenpay|??PayPal???? WordPress plugin through 3.7.2 is not sanitised, properly escaped or validated before inserting to a SQL statement not delimited…
|
-
|
CVE-2021-24390
|
2024-11-21 14:52 |
2021-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197963
|
8.8 |
HIGH
Network
|
jiangqie
|
official_website_mini_program
|
The JiangQie Official Website Mini Program WordPress plugin before 1.1.1 does not escape or validate the id GET parameter before using it in SQL statements, leading to SQL injection issues
|
CWE-89
SQL Injection
|
CVE-2021-24303
|
2024-11-21 14:52 |
2021-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197964
|
7.8 |
HIGH
Local
|
oculus
|
desktop
|
Due to a bug with management of handles in OVRServiceLauncher.exe, an attacker could expose a privileged process handle to an unprivileged process, leading to local privilege escalation. This issue a…
|
CWE-269
Improper Privilege Management
|
CVE-2021-24038
|
2024-11-21 14:52 |
2021-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197965
|
4.3 |
MEDIUM
Network
|
shantz_wordpress_qotd_project
|
shantz_wordpress_qotd
|
The Shantz WordPress QOTD WordPress plugin through 1.2.2 is lacking any CSRF check when updating its settings, allowing attackers to make logged in administrators change them to arbitrary values.
|
CWE-352
Origin Validation Error
|
CVE-2021-24380
|
2024-11-21 14:52 |
2021-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197966
|
4.9 |
MEDIUM
Network
|
10web
|
photo_gallery
|
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin before 1.5.75 did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put i…
|
-
|
CVE-2021-24363
|
2024-11-21 14:52 |
2021-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197967
|
6.1 |
MEDIUM
Network
|
10web
|
photo_gallery
|
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin before 1.5.75 did not ensure that uploaded SVG files added to a gallery do not contain malicious content. As a result, user…
|
-
|
CVE-2021-24362
|
2024-11-21 14:52 |
2021-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197968
|
6.1 |
MEDIUM
Network
|
tagdiv
|
newsmag
|
The Newsmag WordPress theme before 5.0 does not sanitise the td_block_id parameter in its td_ajax_block AJAX action, leading to an unauthenticated Reflected Cross-site Scripting (XSS) vulnerability.
|
-
|
CVE-2021-24304
|
2024-11-21 14:52 |
2021-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197969
|
6.1 |
MEDIUM
Network
|
fortinet
|
fortisandbox
|
Multiple instances of improper neutralization of input during web page generation vulnerabilities in FortiSandbox before 4.0.0 may allow an unauthenticated attacker to perform an XSS attack via speci…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24014
|
2024-11-21 14:52 |
2021-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197970
|
8.8 |
HIGH
Adjacent
|
fortinet
|
fortios
|
A buffer underwrite vulnerability in the firmware verification routine of FortiOS before 7.0.1 may allow an attacker located in the adjacent network to potentially execute arbitrary code via a specif…
|
CWE-787
Out-of-bounds Write
|
CVE-2021-24018
|
2024-11-21 14:52 |
2021-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
