|
200751
|
6.5 |
MEDIUM
Network
|
themeisle
|
orbit_fox
|
Orbit Fox by ThemeIsle has a feature to add a registration form to both the Elementor and Beaver Builder page builders functionality. As part of the registration form, administrators can choose which…
|
NVD-CWE-Other
|
CVE-2021-24158
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200752
|
5.4 |
MEDIUM
Network
|
themeisle
|
orbit_fox
|
Orbit Fox by ThemeIsle has a feature to add custom scripts to the header and footer of a page or post. There were no checks to verify that a user had the unfiltered_html capability prior to saving th…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24157
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200753
|
5.4 |
MEDIUM
Network
|
testimonial_rotator_project
|
testimonial_rotator
|
Stored Cross-Site Scripting vulnerabilities in Testimonial Rotator 3.0.3 allow low privileged users (Contributor) to inject arbitrary JavaScript code or HTML without approval. This could lead to priv…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24156
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200754
|
7.2 |
HIGH
Network
|
backup-guard
|
backup_guard
|
The WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users (admin+…
|
-
|
CVE-2021-24155
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200755
|
4.9 |
MEDIUM
Network
|
themeeditor
|
theme_editor
|
The Theme Editor WordPress plugin before 2.6 did not validate the GET file parameter before passing it to the download_file() function, allowing administrators to download arbitrary files on the web …
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2021-24154
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200756
|
5.4 |
MEDIUM
Network
|
yoast
|
yoast_seo
|
A Stored Cross-Site Scripting vulnerability was discovered in the Yoast SEO WordPress plugin before 3.4.1, which had built-in blacklist filters which were blacklisting Parenthesis as well as several …
|
CWE-79
Cross-site Scripting
|
CVE-2021-24153
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200757
|
6.1 |
MEDIUM
Network
|
sygnoos
|
popup_builder
|
The "All Subscribers" setting page of Popup Builder was vulnerable to reflected Cross-Site Scripting.
|
CWE-79
Cross-site Scripting
|
CVE-2021-24152
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200758
|
7.5 |
HIGH
Network
|
likebtn-like-button_project
|
likebtn-like-button
|
The LikeBtn WordPress Like Button Rating ? LikeBtn WordPress plugin before 2.6.32 was vulnerable to Unauthenticated Full-Read Server-Side Request Forgery (SSRF).
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2021-24150
|
2024-11-21 14:52 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200759
|
6.1 |
MEDIUM
Network
|
devolutions
|
devolutions_server
|
An issue was discovered in Devolutions Server before 2020.3. There is a cross-site scripting (XSS) vulnerability in entries of type Document.
|
CWE-79
Cross-site Scripting
|
CVE-2021-23925
|
2024-11-21 14:52 |
2021-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200760
|
7.5 |
HIGH
Network
|
devolutions
|
devolutions_server
|
An issue was discovered in Devolutions Server before 2020.3. There is an exposure of sensitive information in diagnostic files.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2021-23924
|
2024-11-21 14:52 |
2021-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
