|
198281
|
9.8 |
CRITICAL
Network
|
cozmoslabs
|
profile_builder
|
The User Registration & User Profile – Profile Builder WordPress plugin before 3.4.9 has a bug allowing any user to reset the password of the admin of the blog, and gain unauthorised access, due to a…
|
-
|
CVE-2021-24527
|
2024-11-21 14:53 |
2021-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198282
|
5.4 |
MEDIUM
Network
|
10web
|
form_maker
|
The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder WordPress plugin before 1.13.60 does not escape its Form Title before outputting it in an attribute when editing a form in t…
|
-
|
CVE-2021-24526
|
2024-11-21 14:53 |
2021-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198283
|
4.8 |
MEDIUM
Network
|
vikwp
|
car_rental_management_system
|
The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the 'Text Next to Icon' field when adding or editing a Characteristic, allowing high privilege users such …
|
-
|
CVE-2021-24519
|
2024-11-21 14:53 |
2021-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198284
|
4.8 |
MEDIUM
Network
|
wpfront
|
notification_bar
|
The WPFront Notification Bar WordPress plugin before 2.0.0.07176 does not sanitise or escape its Custom CSS setting, allowing high privilege users such as admin to set XSS payload in it even when the…
|
-
|
CVE-2021-24518
|
2024-11-21 14:53 |
2021-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198285
|
5.4 |
MEDIUM
Network
|
videowhisper
|
video_posts_webcam_recorder
|
The Video Posts Webcam Recorder WordPress plugin before 3.2.4 has an authenticated reflected cross site scripting (XSS) vulnerability in one of the administrative functions for handling deletion of v…
|
-
|
CVE-2021-24512
|
2024-11-21 14:53 |
2021-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198286
|
5.4 |
MEDIUM
Network
|
youtube_embed_project
|
youtube_embed
|
The YouTube Embed WordPress plugin before 5.2.2 does not validate, escape or sanitise some of its shortcode attributes, leading to Stored XSS issues by 1. using w, h, controls, cc_lang, color, langua…
|
-
|
CVE-2021-24471
|
2024-11-21 14:53 |
2021-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198287
|
6.1 |
MEDIUM
Network
|
verse-o-matic_project
|
verse-o-matic
|
The Verse-O-Matic WordPress plugin through 4.1.1 does not have any CSRF checks in place, allowing attackers to make logged in administrators do unwanted actions, such as add/edit/delete arbitrary ver…
|
-
|
CVE-2021-24466
|
2024-11-21 14:53 |
2021-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198288
|
5.5 |
MEDIUM
Network
|
draftpress
|
my_site_audit
|
The My Site Audit WordPress plugin through 1.2.4 does not sanitise or escape the Audit Name field when creating an audit, allowing high privilege users to set JavaScript payloads in them, even when h…
|
-
|
CVE-2021-24445
|
2024-11-21 14:53 |
2021-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198289
|
6.1 |
MEDIUM
Network
|
social_tape_project
|
social_tape
|
The Social Tape WordPress plugin through 1.0 does not have CSRF checks in place when saving its settings, and do not sanitise or escape them before outputting them back in the page, leading to a stor…
|
-
|
CVE-2021-24411
|
2024-11-21 14:53 |
2021-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198290
|
6.1 |
MEDIUM
Network
|
telugu_bible_verse_daily_project
|
telugu_bible_verse_daily
|
The ?????? ?????? ??????? WordPress plugin through 1.0 is lacking any CSRF check when saving its settings and verses, and do not sanitise or escape them when outputting them back in the page. This co…
|
CWE-352
Origin Validation Error
|
CVE-2021-24410
|
2024-11-21 14:53 |
2021-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
