|
197621
|
6.1 |
MEDIUM
Network
|
frontend_uploader_project
|
frontend_uploader
|
The Frontend Uploader WordPress plugin through 1.3.2 does not prevent HTML files from being uploaded via its form, allowing unauthenticated user to upload a malicious HTML file containing JavaScript …
|
-
|
CVE-2021-24563
|
2024-11-21 14:53 |
2021-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197622
|
8.8 |
HIGH
Network
|
extendify
|
editorskit
|
The Gutenberg Block Editor Toolkit – EditorsKit WordPress plugin before 1.31.6 does not sanitise and validate the Conditional Logic of the Custom Visibility settings, allowing users with a role as lo…
|
-
|
CVE-2021-24546
|
2024-11-21 14:53 |
2021-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197623
|
5.4 |
MEDIUM
Network
|
wp_html_author_bio_project
|
wp_html_author_bio
|
The WP HTML Author Bio WordPress plugin through 1.2.0 does not sanitise the HTML allowed in the Bio of users, allowing them to use malicious JavaScript code, which will be executed when anyone visit …
|
-
|
CVE-2021-24545
|
2024-11-21 14:53 |
2021-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197624
|
4.8 |
MEDIUM
Network
|
webnus
|
modern_events_calendar_lite
|
The Modern Events Calendar Lite WordPress plugin before 5.22.2 does not escape some of its settings before outputting them in attributes, allowing high privilege users to perform Cross-Site Scripting…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24687
|
2024-11-21 14:53 |
2021-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197625
|
6.1 |
MEDIUM
Network
|
coinmarketstats
|
bitcoin_\/_altcoin_payment_gateway_for_woocommerce
|
The Bitcoin / AltCoin Payment Gateway for WooCommerce WordPress plugin before 1.6.1 does not escape the 's' GET parameter before outputting back in the All Masking Rules page, leading to a Reflected …
|
CWE-79
Cross-site Scripting
|
CVE-2021-24679
|
2024-11-21 14:53 |
2021-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197626
|
5.4 |
MEDIUM
Network
|
cminds
|
tooltip_glossary
|
The CM Tooltip Glossary WordPress plugin before 3.9.21 does not escape some glossary_tooltip shortcode attributes, which could allow users a role as low as Contributor to perform Stored Cross-Site Sc…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24678
|
2024-11-21 14:53 |
2021-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197627
|
6.1 |
MEDIUM
Network
|
codesolz
|
better_find_and_replace
|
The Better Find and Replace WordPress plugin before 1.2.9 does not escape the 's' GET parameter before outputting back in the All Masking Rules page, leading to a Reflected Cross-Site Scripting issue
|
-
|
CVE-2021-24676
|
2024-11-21 14:53 |
2021-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197628
|
4.8 |
MEDIUM
Network
|
dwbooster
|
appointment_hour_booking
|
The Appointment Hour Booking WordPress plugin before 1.3.16 does not escape some of the Calendar Form settings, allowing high privilege users to perform Stored Cross-Site Scripting attacks even when …
|
-
|
CVE-2021-24673
|
2024-11-21 14:53 |
2021-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197629
|
5.4 |
MEDIUM
Network
|
wpeverest
|
user_registration
|
The User Registration WordPress plugin before 2.0.2 does not properly sanitise the user_registration_profile_pic_url value when submitted directly via the user_registration_update_profile_details AJA…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24654
|
2024-11-21 14:53 |
2021-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197630
|
8.1 |
HIGH
Network
|
meowapps
|
meow_gallery
|
The Meow Gallery WordPress plugin before 4.1.9 does not sanitise, validate or escape the ids attribute of its gallery shortcode (available for users as low as Contributor) before using it in an SQL s…
|
CWE-89
SQL Injection
|
CVE-2021-24465
|
2024-11-21 14:53 |
2021-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
