|
197511
|
8.1 |
HIGH
Network
|
database-backups_project
|
database-backups
|
The Database Backups WordPress plugin through 1.2.2.6 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the database, change the plu…
|
-
|
CVE-2021-24174
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197512
|
6.1 |
MEDIUM
Network
|
vm_backups_project
|
vm_backups
|
The VM Backups WordPress plugin through 1.0 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as update the plugin's options, leading to a Stored Cross-Sit…
|
CWE-352
Origin Validation Error
|
CVE-2021-24173
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197513
|
4.3 |
MEDIUM
Network
|
vm_backups_project
|
vm_backups
|
The VM Backups WordPress plugin through 1.0 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the DB, plugins, and current .
|
CWE-352
Origin Validation Error
|
CVE-2021-24172
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197514
|
9.8 |
CRITICAL
Network
|
woocommerce
|
upload_files
|
The WooCommerce Upload Files WordPress plugin before 59.4 ran a single sanitization pass to remove blocked extensions such as .php. It was possible to bypass this and upload a file with a PHP extensi…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2021-24171
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197515
|
7.5 |
HIGH
Network
|
cozmoslabs
|
user_profile_picture
|
The REST API endpoint get_users in the User Profile Picture WordPress plugin before 2.5.0 returned more information than was required for its functionality to users with the upload_files capability. …
|
CWE-200
Information Exposure
|
CVE-2021-24170
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197516
|
6.1 |
MEDIUM
Network
|
algolplus
|
advanced_order_export_for_woocommerce
|
This Advanced Order Export For WooCommerce WordPress plugin before 3.1.8 helps you to easily export WooCommerce order data. The tab parameter in the Admin Panel is vulnerable to reflected XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2021-24169
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197517
|
5.4 |
MEDIUM
Network
|
easy_contact_form_pro_project
|
easy_contact_form_pro
|
The Easy Contact Form Pro WordPress plugin before 1.1.1.9 did not properly sanitise the text fields (such as Email Subject, Email Recipient, etc) when creating or editing a form, leading to an authen…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24168
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197518
|
7.5 |
HIGH
Network
|
web-stat
|
web-stat
|
When visiting a site running Web-Stat < 1.4.0, the "wts_web_stat_load_init" function used the visitor’s browser to send an XMLHttpRequest request to https://wts2.one/ajax.htm?action=lookup_WP_account.
|
CWE-200
Information Exposure
|
CVE-2021-24167
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197519
|
5.4 |
MEDIUM
Network
|
ninjaforms
|
ninja_forms
|
The wp_ajax_nf_oauth_disconnect from the Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 had no nonce protection making it possible for attacker…
|
CWE-352
Origin Validation Error
|
CVE-2021-24166
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197520
|
6.1 |
MEDIUM
Network
|
ninjaforms
|
ninja_forms
|
In the Ninja Forms Contact Form WordPress plugin before 3.4.34, the wp_ajax_nf_oauth_connect AJAX action was vulnerable to open redirect due to the use of a user supplied redirect parameter and no pr…
|
CWE-601
Open Redirect
|
CVE-2021-24165
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
