|
197011
|
4.8 |
MEDIUM
Network
|
inspirational_quote_rotator_project
|
inspirational_quote_rotator
|
The Inspirational Quote Rotator WordPress plugin through 1.0.0 does not sanitize and escape some of its quote fields when adding/editing a quote as admin, leading to Stored Cross-Site scripting issue…
|
-
|
CVE-2021-24771
|
2024-11-21 14:53 |
2021-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197012
|
6.1 |
MEDIUM
Network
|
wp_system_log_project
|
wp_system_log
|
The WP System Log WordPress plugin before 1.0.21 does not sanitise, validate and escape the IP address retrieved from login requests before outputting them in the admin dashboard, which could allow u…
|
-
|
CVE-2021-24756
|
2024-11-21 14:53 |
2021-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197013
|
7.2 |
HIGH
Network
|
cleverplugins
|
seo_booster
|
The SEO Booster WordPress plugin before 3.8 allows for authenticated SQL injection via the "fn_my_ajaxified_dataloader_ajax" AJAX request as the $_REQUEST['order'][0]['dir'] parameter is not properly…
|
-
|
CVE-2021-24747
|
2024-11-21 14:53 |
2021-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197014
|
4.8 |
MEDIUM
Network
|
basixonline
|
nex-forms
|
The NEX-Forms WordPress plugin before 8.4.3 does not have CSRF checks in place when editing a form, and does not escape some of its settings as well as form fields before outputting them in attribute…
|
-
|
CVE-2021-24705
|
2024-11-21 14:53 |
2021-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197015
|
9.8 |
CRITICAL
Network
|
wpdataaccess
|
wp_data_access
|
The WP Data Access WordPress plugin before 5.0.0 does not properly sanitise and escape the backup_date parameter before using it a SQL statement, leading to a SQL injection issue and could allow arbi…
|
-
|
CVE-2021-24866
|
2024-11-21 14:53 |
2021-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197016
|
5.4 |
MEDIUM
Network
|
pdf.js_viewer_project
|
pdf.js_viewer
|
The PDF.js Viewer WordPress plugin before 2.0.2 does not escape some of its shortcode and Gutenberg Block attributes, which could allow users with a role as low as Contributor to to perform Cross-Sit…
|
-
|
CVE-2021-24759
|
2024-11-21 14:53 |
2021-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197017
|
4.8 |
MEDIUM
Network
|
reputeinfosystems
|
contact_form\
_survey_\&_popup_form_plugin_for_wordpress_-_arforms_form_builder
|
The Contact Form, Survey & Popup Form Plugin for WordPress plugin before 1.5 does not properly sanitize some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even…
|
-
|
CVE-2021-24718
|
2024-11-21 14:53 |
2021-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197018
|
4.8 |
MEDIUM
Network
|
soflyy
|
wp_all_import
|
The Import any XML or CSV File to WordPress plugin before 3.6.3 does not escape the Import's Title and Unique Identifier fields before outputting them in admin pages, which could allow high privilege…
|
-
|
CVE-2021-24714
|
2024-11-21 14:53 |
2021-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197019
|
6.1 |
MEDIUM
Network
|
wpchill
|
check_\&_log_email
|
The Check & Log Email WordPress plugin before 1.0.4 does not escape the d parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting
|
CWE-79
Cross-site Scripting
|
CVE-2021-24908
|
2024-11-21 14:53 |
2021-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197020
|
4.8 |
MEDIUM
Network
|
media-tags_project
|
media-tags
|
The Media-Tags WordPress plugin through 3.2.0.2 does not sanitise and escape any of its Labels settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the u…
|
-
|
CVE-2021-24899
|
2024-11-21 14:53 |
2021-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
