|
197751
|
4.8 |
MEDIUM
Network
|
constantcontact
|
constant_contact_forms
|
Unvalidated input and lack of output encoding in the Constant Contact Forms WordPress plugin, versions before 1.8.8, lead to multiple Stored Cross-Site Scripting vulnerabilities, which allowed high-p…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24134
|
2024-11-21 14:52 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197752
|
4.3 |
MEDIUM
Network
|
activecampaign
|
activecampaign
|
Lack of CSRF checks in the ActiveCampaign WordPress plugin, versions before 8.0.2, on its Settings form, which could allow attacker to make a logged-in administrator change API Credentials to attacke…
|
CWE-352
Origin Validation Error
|
CVE-2021-24133
|
2024-11-21 14:52 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197753
|
8.8 |
HIGH
Network
|
10web
|
slider
|
The Slider by 10Web WordPress plugin, versions before 1.2.36, in the bulk_action, export_full and save_slider_db functionalities of the plugin were vulnerable, allowing a high privileged user (Admin)…
|
CWE-89
SQL Injection
|
CVE-2021-24132
|
2024-11-21 14:52 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197754
|
7.2 |
HIGH
Network
|
cleantalk
|
anti-spam
|
Unvalidated input in the Anti-Spam by CleanTalk WordPress plugin, versions before 5.149, lead to multiple authenticated SQL injection vulnerabilities, however, it requires high privilege user (admin+…
|
CWE-89
SQL Injection
|
CVE-2021-24131
|
2024-11-21 14:52 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197755
|
7.2 |
HIGH
Network
|
flippercode
|
wp_google_map
|
Unvalidated input in the WP Google Map Plugin WordPress plugin, versions before 4.1.5, in the Manage Locations page within the plugin settings was vulnerable to SQL Injection through a high privilege…
|
CWE-89
SQL Injection
|
CVE-2021-24130
|
2024-11-21 14:52 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197756
|
5.4 |
MEDIUM
Network
|
themify
|
portfolio_post
|
Unvalidated input and lack of output encoding in the Themify Portfolio Post WordPress plugin, versions before 1.1.6, lead to Stored Cross-Site Scripting (XSS) vulnerabilities allowing low-privileged …
|
CWE-79
Cross-site Scripting
|
CVE-2021-24129
|
2024-11-21 14:52 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197757
|
5.4 |
MEDIUM
Network
|
wpdarko
|
team_members
|
Unvalidated input and lack of output encoding in the Team Members WordPress plugin, versions before 5.0.4, lead to Cross-site scripting vulnerabilities allowing medium-privileged authenticated attack…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24128
|
2024-11-21 14:52 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197758
|
5.4 |
MEDIUM
Network
|
caseproof
|
thirstyaffiliates_affiliate_link_manager
|
Unvalidated input and lack of output encoding in the ThirstyAffiliates Affiliate Link Manager WordPress plugin, versions before 3.9.3, was vulnerable to authenticated Stored Cross-Site Scripting (XSS…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24127
|
2024-11-21 14:52 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197759
|
5.4 |
MEDIUM
Network
|
enviragallery
|
envira_gallery
|
Unvalidated input and lack of output encoding in the Envira Gallery Lite WordPress plugin, versions before 1.8.3.3, did not properly sanitise the images metadata (namely title) before outputting them…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24126
|
2024-11-21 14:52 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197760
|
7.2 |
HIGH
Network
|
contact_form_submissions_project
|
contact_form_submissions
|
Unvalidated input in the Contact Form Submissions WordPress plugin before 1.7.1, could lead to SQL injection in the wpcf7_contact_form GET parameter when submitting a filter request as a high privile…
|
CWE-89
SQL Injection
|
CVE-2021-24125
|
2024-11-21 14:52 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
