|
196911
|
5.4 |
MEDIUM
Network
|
bootstrapped
|
dynamic_widgets
|
The Dynamic Widgets WordPress plugin through 1.5.16 does not escape the prefix parameter before outputting it back in an attribute when using the term_tree AJAX action (available to any authenticated…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24933
|
2024-11-21 14:54 |
2022-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196912
|
4.8 |
MEDIUM
Network
|
statcounter
|
statcounter
|
The StatCounter WordPress plugin before 2.0.7 does not sanitise and escape the Project ID and Secure Code settings, which could allow high privilege users to perform Cross-Site Scripting attacks even…
|
-
|
CVE-2021-24920
|
2024-11-21 14:54 |
2022-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196913
|
4.3 |
MEDIUM
Network
|
infornweb
|
logo_showcase_with_slick_slider
|
The Logo Showcase with Slick Slider WordPress plugin before 2.0.1 does not have CSRF check in the lswss_save_attachment_data AJAX action, allowing attackers to make a logged in high privilege user, c…
|
-
|
CVE-2021-24913
|
2024-11-21 14:54 |
2022-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196914
|
4.8 |
MEDIUM
Network
|
anti-malware_security_and_brute-force_firewall_project
|
anti-malware_security_and_brute-force_firewall
|
The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.20.94 does not sanitise and escape the POST data before outputting it back in attributes of an admin page, leading to a Re…
|
-
|
CVE-2021-25101
|
2024-11-21 14:54 |
2022-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196915
|
6.1 |
MEDIUM
Network
|
givewp
|
givewp
|
The GiveWP WordPress plugin before 2.17.3 does not escape the s parameter before outputting it back in an attribute in the Donation Forms dashboard, leading to a Reflected Cross-Site Scripting
|
-
|
CVE-2021-25100
|
2024-11-21 14:54 |
2022-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196916
|
6.1 |
MEDIUM
Network
|
givewp
|
givewp
|
The GiveWP WordPress plugin before 2.17.3 does not sanitise and escape the form_id parameter before outputting it back in the response of an unauthenticated request via the give_checkout_login AJAX a…
|
-
|
CVE-2021-25099
|
2024-11-21 14:54 |
2022-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196917
|
8.8 |
HIGH
Network
|
sygnoos
|
popup_builder
|
The Popup Builder WordPress plugin before 4.0.7 does not validate and sanitise the sgpb_type parameter before using it in a require statement, leading to a Local File Inclusion issue. Furthermore, si…
|
-
|
CVE-2021-25082
|
2024-11-21 14:54 |
2022-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196918
|
3.5 |
LOW
Network
|
wpdevart
|
duplicate_page_or_post
|
The Duplicate Page or Post WordPress plugin before 1.5.1 does not have any authorisation and has a flawed CSRF check in the wpdevart_duplicate_post_parametrs_save_in_db AJAX action, allowing any auth…
|
-
|
CVE-2021-25075
|
2024-11-21 14:54 |
2022-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196919
|
8.8 |
HIGH
Network
|
wpdownloadmanager
|
download_manager
|
The Download Manager WordPress plugin before 3.2.34 does not sanitise and escape the package_ids parameter before using it in a SQL statement, leading to a SQL injection, which can also be exploited …
|
-
|
CVE-2021-25069
|
2024-11-21 14:54 |
2022-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196920
|
5.4 |
MEDIUM
Network
|
fivestarplugins
|
five_star_business_profile_and_schema
|
The Five Star Business Profile and Schema WordPress plugin before 2.1.7 does not have any authorisation and CSRF in its bpfwp_welcome_add_contact_page and bpfwp_welcome_set_contact_information AJAX a…
|
-
|
CVE-2021-25060
|
2024-11-21 14:54 |
2022-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
