|
196911
|
6.1 |
MEDIUM
Network
|
berocket
|
advanced_ajax_product_filters
|
The Advanced AJAX Product Filters WordPress plugin does not sanitise the 'term_id' POST parameter before outputting it in the page, leading to reflected Cross-Site Scripting issue.
|
CWE-79
Cross-site Scripting
|
CVE-2021-24432
|
2024-11-21 14:53 |
2024-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196912
|
7.5 |
HIGH
Network
|
passster_project
|
passter
|
The Passster WordPress plugin before 3.5.5.9 does not properly check for password, as well as that the post to be viewed is public, allowing unauthenticated users to bypass the protection offered by …
|
NVD-CWE-Other
|
CVE-2021-24881
|
2024-11-21 14:53 |
2023-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196913
|
5.4 |
MEDIUM
Network
|
passster_project
|
passter
|
The Passster WordPress plugin before 3.5.5.8 does not escape the area parameter of its shortcode, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks.
|
-
|
CVE-2021-24837
|
2024-11-21 14:53 |
2023-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196914
|
9.8 |
CRITICAL
Network
|
wedevs
|
wp_user_frontend
|
The WP User Frontend WordPress plugin before 3.5.29 uses a user supplied argument called urhidden in its registration form, which contains the role for the account to be created with, encrypted via w…
|
-
|
CVE-2021-24649
|
2024-11-21 14:53 |
2022-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196915
|
8.8 |
HIGH
Network
|
dplugins
|
scripts_organizer
|
The Scripts Organizer WordPress plugin before 3.0 does not have capability and CSRF checks in the saveScript AJAX action, available to both unauthenticated and authenticated users, and does not valid…
|
-
|
CVE-2021-24890
|
2024-11-21 14:53 |
2022-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196916
|
5.4 |
MEDIUM
Network
|
transposh
|
transposh_wordpress_translation
|
The Transposh WordPress Translation WordPress plugin before 1.0.8 does not have CSRF check in its tp_translation AJAX action, which could allow attackers to make authorised users add a translation. G…
|
-
|
CVE-2021-24912
|
2024-11-21 14:53 |
2022-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196917
|
5.4 |
MEDIUM
Network
|
transposh
|
transposh_wordpress_translation
|
The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape the tk0 parameter from the tp_translation AJAX action, leading to Stored Cross-Site Scripting, which wil…
|
-
|
CVE-2021-24911
|
2024-11-21 14:53 |
2022-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196918
|
6.1 |
MEDIUM
Network
|
transposh
|
transposh_wordpress_translation
|
The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape the a parameter via an AJAX action (available to both unauthenticated and authenticated users when the c…
|
-
|
CVE-2021-24910
|
2024-11-21 14:53 |
2022-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196919
|
7.5 |
HIGH
Network
|
wpusermanager
|
wp_user_manager
|
The WP User Manager WordPress plugin before 2.6.3 does not ensure that the user ID to reset the password of is related to the reset key given. As a result, any authenticated user can reset the passwo…
|
-
|
CVE-2021-24655
|
2024-11-21 14:53 |
2022-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196920
|
4.3 |
MEDIUM
Network
|
designwall
|
dw_question_\&_answer
|
The DW Question & Answer Pro WordPress plugin through 1.3.4 does not properly check for CSRF in some of its functions, allowing attackers to make logged in users perform unwanted actions, such as upd…
|
-
|
CVE-2021-24805
|
2024-11-21 14:53 |
2022-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
