|
197921
|
8.8 |
HIGH
Network
|
easy-form-builder-by-bitware_project
|
easy-form-builder-by-bitware
|
The EFBP_verify_upload_file AJAX action of the Easy Form Builder WordPress plugin through 1.0, available to authenticated users, does not have any security in place to verify uploaded files, allowing…
|
-
|
CVE-2021-24224
|
2024-11-21 14:52 |
2021-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197922
|
9.8 |
CRITICAL
Network
|
n5_upload_form_project
|
n5_upload_form
|
The N5 Upload Form WordPress plugin through 1.0 suffers from an arbitrary file upload issue in page where a Form from the plugin is embed, as any file can be uploaded. The uploaded filename might be …
|
-
|
CVE-2021-24223
|
2024-11-21 14:52 |
2021-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197923
|
9.8 |
CRITICAL
Network
|
williamluis
|
wp-curriculo_vitae_free
|
The WP-Curriculo Vitae Free WordPress plugin through 6.3 suffers from an arbitrary file upload issue in page where the [formCadastro] is embed. The form allows unauthenticated user to register and su…
|
-
|
CVE-2021-24222
|
2024-11-21 14:52 |
2021-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197924
|
8.8 |
HIGH
Network
|
facebook
|
facebook
|
The wp_ajax_save_fbe_settings and wp_ajax_delete_fbe_settings AJAX actions of the Facebook for WordPress plugin before 3.0.4 were vulnerable to CSRF due to a lack of nonce protection. The settings in…
|
-
|
CVE-2021-24218
|
2024-11-21 14:52 |
2021-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197925
|
8.8 |
HIGH
Network
|
expresstech
|
quiz_and_survey_master
|
The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin before 7.1.12 did not sanitise the result_id GET parameter on pages with the [qsm_result] shortcode without id attr…
|
-
|
CVE-2021-24221
|
2024-11-21 14:52 |
2021-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197926
|
9.1 |
CRITICAL
Network
|
thrivethemes
|
ignition
luxe
minus
performag
pressive
rise
squared
storied
voice
focusblog
|
Thrive “Legacy” Rise by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, Minus by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes …
|
-
|
CVE-2021-24220
|
2024-11-21 14:52 |
2021-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197927
|
5.3 |
MEDIUM
Network
|
thrivethemes
|
thrive_ovation
thrive_dashboard
thrive_visual_editor
thrive_apprentice
thrive_quiz_builder
thrive_headline_optimizer
thrive_comments
thrive_optimize
thrive_clever_widgets
f…
|
The Thrive Optimize WordPress plugin before 1.4.13.3, Thrive Comments WordPress plugin before 1.4.15.3, Thrive Headline Optimizer WordPress plugin before 1.3.7.3, Thrive Leads WordPress plugin before…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2021-24219
|
2024-11-21 14:52 |
2021-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197928
|
8.1 |
HIGH
Network
|
facebook
|
facebook
|
The run_action function of the Facebook for WordPress plugin before 3.0.0 deserializes user supplied data making it possible for PHP objects to be supplied creating an Object Injection vulnerability.…
|
-
|
CVE-2021-24217
|
2024-11-21 14:52 |
2021-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197929
|
9.8 |
CRITICAL
Network
|
wpruby
|
controlled_admin_access
|
An Improper Access Control vulnerability was discovered in the Controlled Admin Access WordPress plugin before 1.5.2. Uncontrolled access to the website customization functionality and global CMS set…
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2021-24215
|
2024-11-21 14:52 |
2021-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197930
|
6.1 |
MEDIUM
Network
|
givewp
|
givewp
|
The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.10.0 was affected by a reflected Cross-Site Scripting vulnerability inside of the administration panel, via the 's' GET…
|
-
|
CVE-2021-24213
|
2024-11-21 14:52 |
2021-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
