|
197701
|
6.1 |
MEDIUM
Network
|
algolplus
|
advanced_order_export_for_woocommerce
|
This Advanced Order Export For WooCommerce WordPress plugin before 3.1.8 helps you to easily export WooCommerce order data. The tab parameter in the Admin Panel is vulnerable to reflected XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2021-24169
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197702
|
5.4 |
MEDIUM
Network
|
easy_contact_form_pro_project
|
easy_contact_form_pro
|
The Easy Contact Form Pro WordPress plugin before 1.1.1.9 did not properly sanitise the text fields (such as Email Subject, Email Recipient, etc) when creating or editing a form, leading to an authen…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24168
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197703
|
7.5 |
HIGH
Network
|
web-stat
|
web-stat
|
When visiting a site running Web-Stat < 1.4.0, the "wts_web_stat_load_init" function used the visitor’s browser to send an XMLHttpRequest request to https://wts2.one/ajax.htm?action=lookup_WP_account.
|
CWE-200
Information Exposure
|
CVE-2021-24167
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197704
|
5.4 |
MEDIUM
Network
|
ninjaforms
|
ninja_forms
|
The wp_ajax_nf_oauth_disconnect from the Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 had no nonce protection making it possible for attacker…
|
CWE-352
Origin Validation Error
|
CVE-2021-24166
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197705
|
6.1 |
MEDIUM
Network
|
ninjaforms
|
ninja_forms
|
In the Ninja Forms Contact Form WordPress plugin before 3.4.34, the wp_ajax_nf_oauth_connect AJAX action was vulnerable to open redirect due to the use of a user supplied redirect parameter and no pr…
|
CWE-601
Open Redirect
|
CVE-2021-24165
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197706
|
4.3 |
MEDIUM
Network
|
ninjaforms
|
ninja_forms
|
In the Ninja Forms Contact Form WordPress plugin before 3.4.34.1, low-level users, such as subscribers, were able to trigger the action, wp_ajax_nf_oauth, and retrieve the connection url needed to es…
|
CWE-862
Missing Authorization
|
CVE-2021-24164
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197707
|
8.8 |
HIGH
Network
|
ninjaforms
|
ninja_forms
|
The AJAX action, wp_ajax_ninja_forms_sendwp_remote_install_handler, did not have a capability check on it, nor did it have any nonce protection, therefore making it possible for low-level users, such…
|
CWE-862
Missing Authorization
|
CVE-2021-24163
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197708
|
8.8 |
HIGH
Network
|
expresstech
|
responsive_menu
|
In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into importing all new settings. These settings could be modified to in…
|
CWE-352
Origin Validation Error
|
CVE-2021-24162
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197709
|
8.8 |
HIGH
Network
|
expresstech
|
responsive_menu
|
In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into uploading a zip archive containing malicious PHP files. The attack…
|
CWE-352
Origin Validation Error
|
CVE-2021-24161
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197710
|
8.8 |
HIGH
Network
|
expresstech
|
responsive_menu
|
In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, subscribers could upload zip archives containing malicious PHP files that would get extracted to the /rmp-menu/ directory. These f…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2021-24160
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
