|
197771
|
6.1 |
MEDIUM
Network
|
community_events_project
|
community_events
|
The Community Events WordPress plugin before 1.4.8 does not sanitise, validate or escape its importrowscount and successimportcount GET parameters before outputting them back in an admin page, leadin…
|
-
|
CVE-2021-24496
|
2024-11-21 14:53 |
2021-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197772
|
8.8 |
HIGH
Network
|
handsome_testimonials_\&_reviews_project
|
handsome_testimonials_\&_reviews
|
The hndtst_action_instance_callback AJAX call of the Handsome Testimonials & Reviews WordPress plugin before 2.1.1, available to any authenticated users, does not sanitise, validate or escape the hnd…
|
CWE-89
SQL Injection
|
CVE-2021-24492
|
2024-11-21 14:53 |
2021-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197773
|
6.1 |
MEDIUM
Network
|
pickplugins
|
post_grid
|
The slider import search feature and tab parameter of the Post Grid WordPress plugin before 2.1.8 settings are not properly sanitised before being output back in the pages, leading to Reflected Cross…
|
-
|
CVE-2021-24488
|
2024-11-21 14:53 |
2021-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197774
|
7.2 |
HIGH
Network
|
ays-pro
|
secure_copy_content_protection_and_content_locking
|
The get_reports() function in the Secure Copy Content Protection and Content Locking WordPress plugin before 2.6.7 did not use whitelist or validate the orderby parameter before using it in SQL state…
|
-
|
CVE-2021-24484
|
2024-11-21 14:53 |
2021-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197775
|
7.2 |
HIGH
Network
|
ays-pro
|
poll_maker
|
The get_poll_categories(), get_polls() and get_reports() functions in the Poll Maker WordPress plugin before 3.2.1 did not use whitelist or validate the orderby parameter before using it in SQL state…
|
-
|
CVE-2021-24483
|
2024-11-21 14:53 |
2021-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197776
|
4.8 |
MEDIUM
Network
|
any_hostname_project
|
any_hostname
|
The Any Hostname WordPress plugin through 1.0.6 does not sanitise or escape its "Allowed hosts" setting, leading to an authenticated stored XSS issue as high privilege users are able to set XSS paylo…
|
-
|
CVE-2021-24481
|
2024-11-21 14:53 |
2021-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197777
|
4.8 |
MEDIUM
Network
|
event_geek_project
|
event_geek
|
The Event Geek WordPress plugin through 2.5.2 does not sanitise or escape its "Use your own " setting before outputting it in the page, leading to an authenticated (admin+) stored Cross-Site Scriptin…
|
-
|
CVE-2021-24480
|
2024-11-21 14:53 |
2021-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197778
|
4.8 |
MEDIUM
Network
|
drawblog_project
|
drawblog
|
The DrawBlog WordPress plugin through 0.90 does not sanitise or validate some of its settings before outputting them back in the page, leading to an authenticated stored Cross-Site Scripting issue
|
-
|
CVE-2021-24479
|
2024-11-21 14:53 |
2021-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197779
|
5.4 |
MEDIUM
Network
|
bookshelf_project
|
bookshelf
|
The Bookshelf WordPress plugin through 2.0.4 does not sanitise or escape its "Paypal email address" setting before outputting it in the page, leading to an authenticated Stored Cross-Site Scripting i…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24478
|
2024-11-21 14:53 |
2021-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197780
|
6.1 |
MEDIUM
Network
|
migrate_users_project
|
migrate_users
|
The Migrate Users WordPress plugin through 1.0.1 does not sanitise or escape its Delimiter option before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin …
|
-
|
CVE-2021-24477
|
2024-11-21 14:53 |
2021-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
