|
196751
|
4.8 |
MEDIUM
Network
|
editable-table_project
|
editable_table
|
The EditableTable WordPress plugin through 0.1.4 does not sanitise and escape any of the Table and Column fields, which could allow high privilege users to perform Cross-Site Scripting attacks even w…
|
-
|
CVE-2021-24898
|
2024-11-21 14:53 |
2022-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196752
|
8.8 |
HIGH
Network
|
wpscan
|
wp_cloudy
|
The WP Cloudy, weather plugin WordPress plugin before 4.4.9 does not escape the post_id parameter before using it in a SQL statement in the admin dashboard, leading to a SQL Injection issue
|
-
|
CVE-2021-24864
|
2024-11-21 14:53 |
2022-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196753
|
8.1 |
HIGH
Network
|
schiocco
|
support_board
|
The Support Board WordPress plugin before 3.3.6 does not have any CSRF checks in actions handled by the include/ajax.php file, which could allow attackers to make logged in users do unwanted actions.…
|
-
|
CVE-2021-24823
|
2024-11-21 14:53 |
2022-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196754
|
6.5 |
MEDIUM
Network
|
bold-themes
|
cost_calculator
|
The Cost Calculator WordPress plugin through 1.6 allows authenticated users (Contributor+ in versions < 1.5, and Admin+ in versions <= 1.6) to perform path traversal and local PHP file inclusion on W…
|
-
|
CVE-2021-24820
|
2024-11-21 14:53 |
2022-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196755
|
8.8 |
HIGH
Network
|
core_tweaks_wp_setup_project
|
core_tweaks_wp_setup
|
The Core Tweaks WP Setup WordPress plugin through 4.1 allows to bulk-set many settings in WordPress, including the admin email, as well as creating a new admin account. There is no CSRF protection in…
|
-
|
CVE-2021-24803
|
2024-11-21 14:53 |
2022-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196756
|
4.3 |
MEDIUM
Network
|
infornweb
|
logo_showcase_with_slick_slider
|
The Logo Showcase with Slick Slider WordPress plugin before 1.2.5 does not have CSRF and authorisation checks in the lswss_save_attachment_data AJAX action, allowing any authenticated users, such as …
|
-
|
CVE-2021-24730
|
2024-11-21 14:53 |
2022-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196757
|
8.8 |
HIGH
Network
|
orange-form_project
|
orange-form
|
In the Orange Form WordPress plugin through 1.0, the process_bulk_action() function in "admin/orange-form-email.php" performs an unprepared SQL query with an unsanitized parameter ($id). Only admin c…
|
-
|
CVE-2021-24704
|
2024-11-21 14:53 |
2022-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196758
|
4.9 |
MEDIUM
Network
|
wpeverest
|
contact_form
|
The Contact Forms - Drag & Drop Contact Form Builder WordPress plugin through 1.0.5 allows high privilege users to download arbitrary files from the web server via a path traversal attack
|
CWE-22
Path Traversal
|
CVE-2021-24689
|
2024-11-21 14:53 |
2022-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196759
|
4.3 |
MEDIUM
Network
|
orange-form_project
|
orange-form
|
The Orange Form WordPress plugin through 1.0.1 does not have any authorisation and CSRF checks in all of its AJAX calls, for example the or_delete_filed one which is available to both unauthenticated…
|
CWE-352
Origin Validation Error
|
CVE-2021-24688
|
2024-11-21 14:53 |
2022-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196760
|
9.8 |
CRITICAL
Network
|
accesspressthemes
|
accessbuddy
accesspress_basic
accesspress_lite
accesspress_mag
accesspress_parallax
accesspress_ray
accesspress_root
accesspress_staple
accesspress_store
agency_lite
apl…
|
Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are a…
|
-
|
CVE-2021-24867
|
2024-11-21 14:53 |
2022-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
