|
197941
|
5.4 |
MEDIUM
Network
|
themeum
|
wp_page_builder
|
The editor of the WP Page Builder WordPress plugin before 1.2.4 allows lower-privileged users to insert unfiltered HTML, including JavaScript, into pages via the “Raw HTML” widget and the “Custom HTM…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24208
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197942
|
4.3 |
MEDIUM
Network
|
themeum
|
wp_page_builder
|
By default, the WP Page Builder WordPress plugin before 1.2.4 allows subscriber-level users to edit and make changes to any and all posts pages - user roles must be specifically blocked from editing …
|
CWE-269
Improper Privilege Management
|
CVE-2021-24207
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197943
|
5.4 |
MEDIUM
Network
|
cm-wp
|
social_slider_widget
|
The Social Slider Widget WordPress plugin before 1.8.5 allowed Authenticated Reflected XSS in the plugin settings page as the ‘token_error’ parameter can be controlled by users and it is directly ech…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24196
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197944
|
5.4 |
MEDIUM
Network
|
clogica
|
seo_redirection
|
The setting page of the SEO Redirection Plugin - 301 Redirect Manager WordPress plugin before 6.4 is vulnerable to reflected Cross-Site Scripting (XSS) as user input is not properly sanitised before …
|
-
|
CVE-2021-24187
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197945
|
6.5 |
MEDIUM
Network
|
themeum
|
tutor_lms
|
The tutor_answering_quiz_question/get_answer_by_id function pair from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection th…
|
CWE-89
SQL Injection
|
CVE-2021-24186
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197946
|
5.4 |
MEDIUM
Network
|
elementor
|
website_builder
|
In the Elementor Website Builder WordPress plugin before 3.1.4, the image box widget (includes/widgets/image-box.php) accepts a ‘title_size’ parameter. Although the element control lists a fixed set …
|
CWE-79
Cross-site Scripting
|
CVE-2021-24206
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197947
|
5.4 |
MEDIUM
Network
|
elementor
|
website_builder
|
In the Elementor Website Builder WordPress plugin before 3.1.4, the icon box widget (includes/widgets/icon-box.php) accepts a ‘title_size’ parameter. Although the element control lists a fixed set of…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24205
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197948
|
5.4 |
MEDIUM
Network
|
elementor
|
website_builder
|
In the Elementor Website Builder WordPress plugin before 3.1.4, the accordion widget (includes/widgets/accordion.php) accepts a ‘title_html_tag’ parameter. Although the element control lists a fixed …
|
CWE-79
Cross-site Scripting
|
CVE-2021-24204
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197949
|
5.4 |
MEDIUM
Network
|
elementor
|
website_builder
|
In the Elementor Website Builder WordPress plugin before 3.1.4, the divider widget (includes/widgets/divider.php) accepts an ‘html_tag’ parameter. Although the element control lists a fixed set of po…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24203
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197950
|
5.4 |
MEDIUM
Network
|
elementor
|
website_builder
|
In the Elementor Website Builder WordPress plugin before 3.1.4, the heading widget (includes/widgets/heading.php) accepts a ‘header_size’ parameter. Although the element control lists a fixed set of …
|
CWE-79
Cross-site Scripting
|
CVE-2021-24202
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
