Total
37278 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-25017 | 1 Themeum | 1 Tutor Lms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Tutor LMS WordPress plugin before 1.9.12 does not escape the search parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2021-25016 | 1 Premio | 2 Chaty, Chaty Pro | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Chaty WordPress plugin before 2.8.3 and Chaty Pro WordPress plugin before 2.8.2 do not sanitise and escape the search parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2021-25015 | 1 Mycred | 1 Mycred | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The myCred WordPress plugin before 2.4 does not sanitise and escape the search query before outputting it back in the history dashboard page, leading to a Reflected Cross-Site Scripting issue | |||||
| CVE-2021-25012 | 1 Popozure | 1 Pz-linkcard | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Pz-LinkCard WordPress plugin through 2.4.4.4 does not sanitise and escape multiple parameters before outputting them back in admin dashboard pages, leading to Reflected Cross-Site Scripting issues | |||||
| CVE-2021-25008 | 1 Codesnippets | 1 Code Snippets | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Code Snippets WordPress plugin before 2.14.3 does not escape the snippets-safe-mode parameter before outputting it back in attributes, leading to a Reflected Cross-Site Scripting issue | |||||
| CVE-2021-25006 | 1 Molie Instructure Canvas Linking Tool Project | 1 Molie Instructure Canvas Linking Tool | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The MOLIE WordPress plugin through 0.5 does not escape the course_id parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting issue | |||||
| CVE-2021-25005 | 1 Seur Oficial Project | 1 Seur Oficial | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The SEUR Oficial WordPress plugin before 1.7.0 does not sanitize and escape some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2021-25001 | 1 Booster | 1 Booster For Woocommerce | 2024-11-21 | 2.6 LOW | 6.1 MEDIUM |
| The Booster for WooCommerce WordPress plugin before 5.4.9 does not sanitise and escape the wcj_create_products_xml_result parameter before outputting back in the admin dashboard when the Product XML Feeds module is enabled, leading to a Reflected Cross-Site Scripting issue | |||||
| CVE-2021-25000 | 1 Booster | 1 Booster For Woocommerce | 2024-11-21 | 2.6 LOW | 6.1 MEDIUM |
| The Booster for WooCommerce WordPress plugin before 5.4.9 does not sanitise and escape the wcj_delete_role parameter before outputting back in the admin dashboard when the General module is enabled, leading to a Reflected Cross-Site Scripting issue | |||||
| CVE-2021-24999 | 1 Booster | 1 Booster For Woocommerce | 2024-11-21 | 2.6 LOW | 6.1 MEDIUM |
| The Booster for WooCommerce WordPress plugin before 5.4.9 does not sanitise and escape the wcj_notice parameter before outputting it back in the admin dashboard when the Pdf Invoicing module is enabled, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2021-24996 | 1 Wki | 1 Idpay For Contact Form 7 | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The IDPay for Contact Form 7 WordPress plugin through 2.1.2 does not sanitise and escape the idpay_error parameter before outputting it back in the page leading to a Reflected Cross-Site Scripting | |||||
| CVE-2021-24995 | 1 Html5 Responsive Faq Project | 1 Html5 Responsive Faq | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The HTML5 Responsive FAQ WordPress plugin through 2.8.5 does not properly sanitise and escape some of its settings, which could allow a high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed | |||||
| CVE-2021-24994 | 1 Wpvivid | 1 Migration\, Backup\, Staging | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Migration, Backup, Staging WordPress plugin before 0.9.69 does not have authorisation when adding remote storages, and does not sanitise as well as escape a parameter from such unauthenticated requests before outputting it in admin page, leading to a Stored Cross-Site Scripting issue | |||||
| CVE-2021-24992 | 1 Buttonizer | 1 Buttonizer | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Smart Floating / Sticky Buttons WordPress plugin before 2.5.5 does not sanitise and escape some parameter before outputting them in attributes and page, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2021-24991 | 1 Wpovernight | 1 Woocommerce Pdf Invoices\& Packing Slips | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.10.5 does not escape the tab and section parameters before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in the admin dashboard | |||||
| CVE-2021-24987 | 1 Heateor | 1 Super Socializer | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Social Share, Social Login and Social Comments Plugin WordPress plugin before 7.13.30 does not sanitise and escape the urls parameter in its the_champ_sharing_count AJAX action (available to both unauthenticated and authenticated users) before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue. | |||||
| CVE-2021-24986 | 1 Pickplugins | 1 Post Grid | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Post Grid WordPress plugin before 2.1.16 does not escape the keyword parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in pages containing a Post Grid with a search form | |||||
| CVE-2021-24985 | 1 Yikesinc | 1 Easy Forms For Mailchimp | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Easy Forms for Mailchimp WordPress plugin before 6.8.6 does not sanitise and escape the field_name and field_type parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues | |||||
| CVE-2021-24984 | 1 Wpfront | 1 Wpfront User Role Editor | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WPFront User Role Editor WordPress plugin before 3.2.1.11184 does not sanitise and escape the changes-saved parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2021-24983 | 1 Asset Cleanup\ | 1 Page Speed Booster Project | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Asset CleanUp: Page Speed Booster WordPress plugin before 1.3.8.5 does not sanitise and escape POSted parameters sent to the wpassetcleanup_fetch_active_plugins_icons AJAX action (available to admin users), leading to a Reflected Cross-Site Scripting issue | |||||