|
196881
|
9.8 |
CRITICAL
Network
|
molie_instructure_canvas_linking_tool_project
|
molie_instructure_canvas_linking_tool
|
The MOLIE WordPress plugin through 0.5 does not validate and escape a post parameter before using in a SQL statement, leading to an SQL Injection
|
-
|
CVE-2021-25007
|
2024-11-21 14:54 |
2022-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196882
|
6.1 |
MEDIUM
Network
|
molie_instructure_canvas_linking_tool_project
|
molie_instructure_canvas_linking_tool
|
The MOLIE WordPress plugin through 0.5 does not escape the course_id parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting issue
|
-
|
CVE-2021-25006
|
2024-11-21 14:54 |
2022-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196883
|
9.8 |
CRITICAL
Network
|
wptaskforce
|
wpcargo_track_\&_trace
|
The WPCargo Track & Trace WordPress plugin before 6.9.0 contains a file which could allow unauthenticated attackers to write a PHP file anywhere on the web server, leading to RCE
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2021-25003
|
2024-11-21 14:54 |
2022-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196884
|
6.1 |
MEDIUM
Network
|
wki
|
idpay_for_contact_form_7
|
The IDPay for Contact Form 7 WordPress plugin through 2.1.2 does not sanitise and escape the idpay_error parameter before outputting it back in the page leading to a Reflected Cross-Site Scripting
|
-
|
CVE-2021-24996
|
2024-11-21 14:54 |
2022-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196885
|
4.8 |
MEDIUM
Network
|
html5_responsive_faq_project
|
html5_responsive_faq
|
The HTML5 Responsive FAQ WordPress plugin through 2.8.5 does not properly sanitise and escape some of its settings, which could allow a high privilege users to perform Cross-Site Scripting attacks ev…
|
-
|
CVE-2021-24995
|
2024-11-21 14:54 |
2022-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196886
|
6.4 |
MEDIUM
Network
|
childtheme-generator
|
child_theme_generator
|
The Child Theme Generator WordPress plugin through 2.2.7 does not sanitise escape the parade parameter before outputting it back, leading to a Reflected Cross-Site Scripting in the admin dashboard
|
-
|
CVE-2021-24982
|
2024-11-21 14:54 |
2022-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196887
|
4.9 |
MEDIUM
Network
|
bestwebsoft
|
error_log_viewer
|
The Error Log Viewer WordPress plugin through 1.1.1 does not validate the path of the log file to clear, allowing high privilege users to clear arbitrary files on the web server, including those outs…
|
-
|
CVE-2021-24966
|
2024-11-21 14:54 |
2022-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196888
|
8.8 |
HIGH
Network
|
techspawn
|
wp-email-users
|
The WP Email Users WordPress plugin through 1.7.6 does not escape the data_raw parameter in the weu_selected_users_1 AJAX action, available to any authenticated users, allowing them to perform SQL in…
|
-
|
CVE-2021-24959
|
2024-11-21 14:54 |
2022-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196889
|
5.4 |
MEDIUM
Network
|
mekshq
|
meks_easy_photo_feed_widget
|
The Meks Easy Photo Feed Widget WordPress plugin before 1.2.4 does not have capability and CSRF checks in the meks_save_business_selected_account AJAX action, available to any authenticated user, and…
|
-
|
CVE-2021-24958
|
2024-11-21 14:54 |
2022-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196890
|
5.4 |
MEDIUM
Network
|
thememove
|
insight_core
|
The Insight Core WordPress plugin through 1.0 does not have any authorisation and CSRF checks in the insight_customizer_options_import (available to any authenticated user), does not validate user in…
|
-
|
CVE-2021-24950
|
2024-11-21 14:54 |
2022-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
