|
196971
|
5.4 |
MEDIUM
Network
|
pdf_viewer_block_for_gutenberg_project
|
pdf_viewer_block_for_gutenberg
|
The Gutenberg PDF Viewer Block WordPress plugin before 1.0.1 does not sanitise and escape its block, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks.
|
CWE-79
Cross-site Scripting
|
CVE-2021-24760
|
2024-11-21 14:53 |
2021-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196972
|
7.2 |
HIGH
Network
|
mainwp
|
mainwp_child_reports
|
The MainWP Child Reports WordPress plugin before 2.0.8 does not validate or sanitise the order parameter before using it in a SQL statement in the admin dashboard, leading to an SQL injection issue
|
CWE-89
SQL Injection
|
CVE-2021-24754
|
2024-11-21 14:53 |
2021-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196973
|
5.4 |
MEDIUM
Network
|
secondlinethemes
|
podcast_subscribe_buttons
|
The Podcast Subscribe Buttons WordPress plugin before 1.4.2 allows users with any role capable of editing or adding posts to perform stored XSS.
|
-
|
CVE-2021-24743
|
2024-11-21 14:53 |
2021-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196974
|
4.8 |
MEDIUM
Network
|
themeum
|
tutor_lms
|
The Tutor LMS WordPress plugin before 1.9.9 does not escape some of its settings before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks e…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24740
|
2024-11-21 14:53 |
2021-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196975
|
4.8 |
MEDIUM
Network
|
tammersoft
|
shared_files
|
The Easy Download Manager and File Sharing Plugin with frontend file upload – a better Media Library — Shared Files WordPress plugin before 1.6.57 does not sanitise and escape some of its settings be…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24736
|
2024-11-21 14:53 |
2021-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196976
|
6.5 |
MEDIUM
Network
|
tipsandtricks-hq
|
compact_wp_audio_player
|
The Compact WP Audio Player WordPress plugin before 1.9.7 does not implement nonce checks, which could allow attackers to make a logged in admin change the "Disable Simultaneous Play" setting via a C…
|
-
|
CVE-2021-24735
|
2024-11-21 14:53 |
2021-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196977
|
5.4 |
MEDIUM
Network
|
tipsandtricks-hq
|
compact_wp_audio_player
|
The Compact WP Audio Player WordPress plugin before 1.9.7 does not escape some of its shortcodes attributes, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scr…
|
-
|
CVE-2021-24734
|
2024-11-21 14:53 |
2021-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196978
|
5.4 |
MEDIUM
Network
|
dearhive
|
dearflip
|
The PDF Flipbook, 3D Flipbook WordPress – DearFlip WordPress plugin before 1.7.10 does not escape the class attribute of its shortcode before outputting it back in an attribute, which could allow use…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24732
|
2024-11-21 14:53 |
2021-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196979
|
4.8 |
MEDIUM
Network
|
thimpress
|
learnpress
|
The LearnPress WordPress plugin before 4.1.3.1 does not properly sanitize or escape various inputs within course settings, which could allow high privilege users to perform Cross-Site Scripting attac…
|
-
|
CVE-2021-24702
|
2024-11-21 14:53 |
2021-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196980
|
8.8 |
HIGH
Network
|
teamlead
|
pdf-light-viewer
|
The WordPress PDF Light Viewer Plugin WordPress plugin before 1.4.12 allows users with Author roles to execute arbitrary OS command on the server via OS Command Injection when invoking Ghostscript.
|
-
|
CVE-2021-24684
|
2024-11-21 14:53 |
2021-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
