|
197741
|
7.8 |
HIGH
Local
|
ciphercoin
|
contact_form_7_database_addon
|
Unvalidated input in the Contact Form 7 Database Addon plugin, versions before 1.2.5.6, was prone to a vulnerability that lets remote attackers inject arbitrary formulas into CSV files.
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2021-24144
|
2024-11-21 14:52 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197742
|
8.8 |
HIGH
Network
|
accesspressthemes
|
accesspress_social_icons
|
Unvalidated input in the AccessPress Social Icons plugin, versions before 1.8.1, did not sanitise its widget attribute, allowing accounts with post permission, such as author, to perform SQL injectio…
|
CWE-89
SQL Injection
|
CVE-2021-24143
|
2024-11-21 14:52 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197743
|
7.2 |
HIGH
Network
|
webfactoryltd
|
301_redirects
|
Unvaludated input in the 301 Redirects - Easy Redirect Manager WordPress plugin, versions before 2.51, did not sanitise its "Redirect From" column when importing a CSV file, allowing high privilege u…
|
CWE-89
SQL Injection
|
CVE-2021-24142
|
2024-11-21 14:52 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197744
|
7.2 |
HIGH
Network
|
sigmaplugin
|
advanced_database_cleaner
|
Unvaludated input in the Advanced Database Cleaner plugin, versions before 3.0.2, lead to SQL injection allowing high privilege users (admin+) to perform SQL attacks.
|
CWE-89
SQL Injection
|
CVE-2021-24141
|
2024-11-21 14:52 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197745
|
7.2 |
HIGH
Network
|
connekthq
|
ajax_load_more
|
Unvalidated input in the Ajax Load More WordPress plugin, versions before 5.3.2, lead to SQL Injection in POST /wp-admin/admin-ajax.php with param repeater=' or sleep(5)#&type=test.
|
CWE-89
SQL Injection
|
CVE-2021-24140
|
2024-11-21 14:52 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197746
|
9.8 |
CRITICAL
Network
|
10web
|
photo_gallery
|
Unvalidated input in the Photo Gallery (10Web Photo Gallery) WordPress plugin, versions before 1.5.55, leads to SQL injection via the frontend/models/model.php bwg_search_x parameter.
|
CWE-89
SQL Injection
|
CVE-2021-24139
|
2024-11-21 14:52 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197747
|
5.5 |
MEDIUM
Network
|
ajdg
|
adrotate
|
Unvalidated input in the AdRotate WordPress plugin, versions before 5.8.4, leads to Authenticated SQL injection via param "id". This requires an admin privileged user.
|
CWE-89
SQL Injection
|
CVE-2021-24138
|
2024-11-21 14:52 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197748
|
8.8 |
HIGH
Network
|
adenion
|
blog2social
|
Unvalidated input in the Blog2Social WordPress plugin, versions before 6.3.1, lead to SQL Injection in the Re-Share Posts feature, allowing authenticated users to inject arbitrary SQL commands.
|
CWE-89
SQL Injection
|
CVE-2021-24137
|
2024-11-21 14:52 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197749
|
5.4 |
MEDIUM
Network
|
axelerant
|
testimonials_widget
|
Unvalidated input and lack of output encoding in the Testimonials Widget WordPress plugin, versions before 4.0.0, lead to multiple Cross-Site Scripting vulnerabilities, allowing remote attackers to i…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24136
|
2024-11-21 14:52 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197750
|
6.1 |
MEDIUM
Network
|
gowebsolutions
|
wp_customer_reviews
|
Unvalidated input and lack of output encoding in the WP Customer Reviews WordPress plugin, versions before 3.4.3, lead to multiple Stored Cross-Site Scripting vulnerabilities allowing remote attacker…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24135
|
2024-11-21 14:52 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
