|
197121
|
4.8 |
MEDIUM
Network
|
webfactoryltd
|
maintenance
|
The Maintenance WordPress plugin before 4.03 does not sanitise or escape some of its settings, allowing high privilege users such as admin to se Cross-Site Scripting payload in them (even when the un…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24533
|
2024-11-21 14:53 |
2021-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197122
|
5.4 |
MEDIUM
Network
|
wpcharitable
|
charitable
|
The Charitable – Donation Plugin WordPress plugin before 1.6.51 is affected by an authenticated stored cross-site scripting vulnerability which was found in the add donation feature.
|
-
|
CVE-2021-24531
|
2024-11-21 14:53 |
2021-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197123
|
5.4 |
MEDIUM
Network
|
awplife
|
grid_gallery
|
The Grid Gallery – Photo Image Grid Gallery WordPress plugin before 1.2.5 does not properly sanitize the title field for image galleries when adding them via the admin dashboard, resulting in an auth…
|
-
|
CVE-2021-24529
|
2024-11-21 14:53 |
2021-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197124
|
4.8 |
MEDIUM
Network
|
givewp
|
givewp
|
The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.12.0 did not escape the Donation Level setting of its Donation Forms, allowing high privilege users to use Cross-Site S…
|
-
|
CVE-2021-24524
|
2024-11-21 14:53 |
2021-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197125
|
8.8 |
HIGH
Network
|
quantumcloud
|
slider_hero
|
The Slider Hero with Animation, Video Background & Intro Maker WordPress plugin before 8.2.7 does not sanitise or escape the id attribute of its hero-button shortcode before using it in a SQL stateme…
|
-
|
CVE-2021-24506
|
2024-11-21 14:53 |
2021-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197126
|
7.2 |
HIGH
Network
|
satollo
|
giveaway
|
The Giveaway WordPress plugin through 1.2.2 is vulnerable to an SQL Injection issue which allows an administrative user to execute arbitrary SQL commands via the $post_id on the options.php page.
|
-
|
CVE-2021-24497
|
2024-11-21 14:53 |
2021-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197127
|
5.4 |
MEDIUM
Network
|
wpbrigade
|
simple_social_media_share_buttons
|
The Simple Social Media Share Buttons – Social Sharing for Everyone WordPress plugin before 3.2.3 did not escape the align and like_button_size parameters of its SSB shortcode, which could allow user…
|
-
|
CVE-2021-24486
|
2024-11-21 14:53 |
2021-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197128
|
5.4 |
MEDIUM
Network
|
mimetic
|
mimetic_books
|
The Mimetic Books WordPress plugin through 0.2.13 was vulnerable to Authenticated Stored Cross-Site Scripting (XSS) in the "Default Publisher ID" field on the plugin's settings page.
|
-
|
CVE-2021-24548
|
2024-11-21 14:53 |
2021-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197129
|
5.4 |
MEDIUM
Network
|
wonderplugin
|
wonder_pdf_embed
|
The Wonder PDF Embed WordPress plugin before 1.7 does not escape parameters of its wonderplugin_pdf shortcode, which could allow users with a role as low as Contributor to perform Stored XSS attacks.
|
CWE-79
Cross-site Scripting
|
CVE-2021-24541
|
2024-11-21 14:53 |
2021-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197130
|
5.4 |
MEDIUM
Network
|
wonderplugin
|
wonder_video_embed
|
The Wonder Video Embed WordPress plugin before 1.8 does not escape parameters of its wonderplugin_video shortcode, which could allow users with a role as low as Contributor to perform Stored XSS atta…
|
-
|
CVE-2021-24540
|
2024-11-21 14:53 |
2021-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
