|
196311
|
5.4 |
MEDIUM
Network
|
translationexchange
|
translation_exchange
|
The Translation Exchange WordPress plugin through 1.0.14 was vulnerable to Authenticated Stored Cross-Site Scripting (XSS) within the Project Key text field found in the plugin's settings.
|
-
|
CVE-2021-25057
|
2024-11-21 14:54 |
2022-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196312
|
6.1 |
MEDIUM
Network
|
feedwordpress_project
|
feedwordpress
|
The FeedWordPress plugin before 2022.0123 is affected by a Reflected Cross-Site Scripting (XSS) within the "visibility" parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2021-25055
|
2024-11-21 14:54 |
2022-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196313
|
6.1 |
MEDIUM
Network
|
sigmaplugin
|
advanced_database_cleaner
|
The Advanced Database Cleaner WordPress plugin before 3.0.4 does not sanitise and escape $_GET keys and values before outputting them back in attributes, leading to Reflected Cross-Site Scripting iss…
|
-
|
CVE-2021-24921
|
2024-11-21 14:54 |
2022-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196314
|
6.4 |
MEDIUM
Network
|
wp_photo_album_plus_project
|
wp_photo_album_plus
|
The WP Photo Album Plus WordPress plugin before 8.0.10 was vulnerable to Stored Cross-Site Scripting (XSS). Error log content was handled improperly, therefore any user, even unauthenticated, could c…
|
-
|
CVE-2021-25115
|
2024-11-21 14:54 |
2022-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196315
|
4.3 |
MEDIUM
Network
|
futuriowp
|
futurio_extra
|
The Futurio Extra WordPress plugin before 1.6.3 allows any logged in user, such as subscriber, to extract any other user's email address.
|
-
|
CVE-2021-25110
|
2024-11-21 14:54 |
2022-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196316
|
2.7 |
LOW
Network
|
futuriowp
|
futurio_extra
|
The Futurio Extra WordPress plugin before 1.6.3 is affected by a SQL Injection vulnerability that could be used by high privilege users to extract data from the database as well as used to perform Cr…
|
CWE-89
SQL Injection
|
CVE-2021-25109
|
2024-11-21 14:54 |
2022-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196317
|
6.1 |
MEDIUM
Network
|
accesspressthemes
|
form_store_to_db
|
The Form Store to DB WordPress plugin before 1.1.1 does not sanitise and escape parameter keys before outputting it back in the created entry, allowing unauthenticated attacker to perform Cross-Site …
|
-
|
CVE-2021-25107
|
2024-11-21 14:54 |
2022-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196318
|
4.8 |
MEDIUM
Network
|
wpchill
|
remove_footer_credit
|
The Remove Footer Credit WordPress plugin before 1.0.11 does properly sanitise its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is dis…
|
-
|
CVE-2021-25050
|
2024-11-21 14:54 |
2022-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196319
|
6.1 |
MEDIUM
Network
|
noptin
|
noptin
|
The WordPress Newsletter Plugin WordPress plugin before 1.6.5 does not validate the to parameter before redirecting the user to its given value, leading to an open redirect issue
|
-
|
CVE-2021-25033
|
2024-11-21 14:54 |
2022-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196320
|
5.4 |
MEDIUM
Network
|
najeebmedia
|
ppom_for_woocommerce
|
The PPOM for WooCommerce WordPress plugin before 24.0 does not have authorisation and CSRF checks in the ppom_settings_panel_action AJAX action, allowing any authenticated to call it and set arbitrar…
|
-
|
CVE-2021-25018
|
2024-11-21 14:54 |
2022-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
