|
196741
|
6.5 |
MEDIUM
Network
|
tipsandtricks-hq
|
simple_download_monitor
|
The Simple Download Monitor WordPress plugin before 3.9.5 allows users with a role as low as Contributor to download any file on the web server (such as wp-config.php) via a path traversal vector.
|
-
|
CVE-2021-24692
|
2024-11-21 14:53 |
2022-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196742
|
5.4 |
MEDIUM
Network
|
custom_content_shortcode_project
|
custom_content_shortcode
|
The Custom Content Shortcode WordPress plugin before 4.0.2 does not escape custom fields before outputting them, which could allow Contributor+ (v < 4.0.1) or Admin+ (v < 4.0.2) users to perform Cros…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24826
|
2024-11-21 14:53 |
2022-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196743
|
4.3 |
MEDIUM
Network
|
custom_content_shortcode_project
|
custom_content_shortcode
|
The Custom Content Shortcode WordPress plugin before 4.0.2 does not validate the data passed to its load shortcode, which could allow Contributor+ (v < 4.0.1) or Admin+ (v < 4.0.2) users to display a…
|
-
|
CVE-2021-24825
|
2024-11-21 14:53 |
2022-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196744
|
4.3 |
MEDIUM
Network
|
custom_content_shortcode_project
|
custom_content_shortcode
|
The [field] shortcode included with the Custom Content Shortcode WordPress plugin before 4.0.1, allows authenticated users with a role as low as contributor, to access arbitrary post metadata. This c…
|
CWE-863
Incorrect Authorization
|
CVE-2021-24824
|
2024-11-21 14:53 |
2022-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196745
|
5.4 |
MEDIUM
Network
|
nicdark
|
cost_calculator
|
The Cost Calculator WordPress plugin before 1.6 allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the Description fields of a Cost Calculator > Price S…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24821
|
2024-11-21 14:53 |
2022-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196746
|
4.8 |
MEDIUM
Network
|
wp-eventmanager
|
wp_event_manager
|
The WP Event Manager WordPress plugin before 3.1.23 does not escape some of its Field Editor settings when outputting them, allowing high privilege users to perform Cross-Site Scripting attacks even …
|
CWE-79
Cross-site Scripting
|
CVE-2021-24810
|
2024-11-21 14:53 |
2022-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196747
|
7.2 |
HIGH
Network
|
wpaffiliatefeed
|
tradetracker-store
|
The test parameter of the xmlfeed in the Tradetracker-Store WordPress plugin before 4.6.60 is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.
|
CWE-89
SQL Injection
|
CVE-2021-24778
|
2024-11-21 14:53 |
2022-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196748
|
7.2 |
HIGH
Network
|
hotscot
|
contact_form
|
The view submission functionality in the Hotscot Contact Form WordPress plugin before 1.3 makes a get request with the sub_id parameter which not sanitised, escaped or validated before inserting to a…
|
CWE-89
SQL Injection
|
CVE-2021-24777
|
2024-11-21 14:53 |
2022-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196749
|
4.8 |
MEDIUM
Network
|
codeasily
|
grand_flagallery
|
The GRAND FlaGallery WordPress plugin through 6.1.2 does not sanitise and escape some of its gallery settings, which could allow high privilege users to perform Cross-Site scripting attacks even when…
|
-
|
CVE-2021-24903
|
2024-11-21 14:53 |
2022-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196750
|
4.8 |
MEDIUM
Network
|
securemoz
|
security_audit
|
The Security Audit WordPress plugin through 1.0.0 does not sanitise and escape the Data Id setting, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilt…
|
-
|
CVE-2021-24901
|
2024-11-21 14:53 |
2022-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
