|
197621
|
6.1 |
MEDIUM
Network
|
awesome_weather_widget_project
|
awesome_weather_widget
|
The Awesome Weather Widget WordPress plugin through 3.0.2 does not sanitize the id parameter of its awesome_weather_refresh AJAX action, leading to an unauthenticated Reflected Cross-Site Scripting (…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24474
|
2024-11-21 14:53 |
2021-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197622
|
5.4 |
MEDIUM
Network
|
cozmoslabs
|
user_profile_picture
|
The User Profile Picture WordPress plugin before 2.6.0 was affected by an IDOR issue, allowing users with the upload_image capability (by default author and above) to change and delete the profile pi…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2021-24473
|
2024-11-21 14:53 |
2021-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197623
|
9.8 |
CRITICAL
Network
|
qantumthemes
|
kentharadio
onair2
|
The OnAir2 WordPress theme before 3.9.9.2 and QT KenthaRadio WordPress plugin before 2.0.2 have exposed proxy functionality to unauthenticated users, sending requests to this proxy functionality will…
|
-
|
CVE-2021-24472
|
2024-11-21 14:53 |
2021-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197624
|
5.4 |
MEDIUM
Network
|
yada_wiki_project
|
yada_wiki
|
The Yada Wiki WordPress plugin before 3.4.1 did not sanitise, validate or escape the anchor attribute of its shortcode, leading to a Stored Cross-Site Scripting issue
|
CWE-79
Cross-site Scripting
|
CVE-2021-24470
|
2024-11-21 14:53 |
2021-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197625
|
5.4 |
MEDIUM
Network
|
bozdoz
|
leaflet_map
|
The Leaflet Map WordPress plugin before 3.0.0 does not escape some shortcode attributes before they are used in JavaScript code or HTML, which could allow users with a role as low as Contributors to …
|
CWE-79
Cross-site Scripting
|
CVE-2021-24468
|
2024-11-21 14:53 |
2021-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197626
|
5.4 |
MEDIUM
Network
|
wpdevart
|
youtube_embed\
_playlist_and_popup
|
The YouTube Embed, Playlist and Popup by WpDevArt WordPress plugin before 2.3.9 did not escape, validate or sanitise some of its shortcode options, available to users with a role as low as Contributo…
|
-
|
CVE-2021-24464
|
2024-11-21 14:53 |
2021-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197627
|
8.8 |
HIGH
Network
|
ays-pro
|
image_slider
|
The get_sliders() function in the Image Slider by Ays- Responsive Slider and Carousel WordPress plugin before 2.5.0 did not use whitelist or validate the orderby parameter before using it in SQL stat…
|
-
|
CVE-2021-24463
|
2024-11-21 14:53 |
2021-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197628
|
8.8 |
HIGH
Network
|
ays-pro
|
photo_gallery
|
The get_gallery_categories() and get_galleries() functions in the Photo Gallery by Ays – Responsive Image Gallery WordPress plugin before 4.4.4 did not use whitelist or validate the orderby parameter…
|
-
|
CVE-2021-24462
|
2024-11-21 14:53 |
2021-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197629
|
8.8 |
HIGH
Network
|
ays-pro
|
faq_builder
|
The get_faqs() function in the FAQ Builder AYS WordPress plugin before 1.3.6 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB c…
|
-
|
CVE-2021-24461
|
2024-11-21 14:53 |
2021-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197630
|
8.8 |
HIGH
Network
|
ays-pro
|
popup_box
|
The get_fb_likeboxes() function in the Popup Like box – Page Plugin WordPress plugin before 3.5.3 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to t…
|
-
|
CVE-2021-24460
|
2024-11-21 14:53 |
2021-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
