Total
37254 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-24756 | 1 Wp System Log Project | 1 Wp System Log | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WP System Log WordPress plugin before 1.0.21 does not sanitise, validate and escape the IP address retrieved from login requests before outputting them in the admin dashboard, which could allow unauthenticated attacker to perform Cross-Site Scripting attacks against admins viewing the logs. | |||||
| CVE-2021-24751 | 1 Generateblocks | 1 Generateblocks | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The GenerateBlocks WordPress plugin before 1.4.0 does not validate the generateblocks/container block's tagName attribute, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks. | |||||
| CVE-2021-24746 | 1 Heateor | 1 Sassy Social Share | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Social Sharing Plugin WordPress plugin before 3.3.40 does not escape the viewed post URL before outputting it back in onclick attributes when the "Enable 'More' icon" option is enabled (which is the default setting), leading to a Reflected Cross-Site Scripting issue. | |||||
| CVE-2021-24745 | 1 Wpkube | 1 About Author Box | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The About Author Box WordPress plugin before 1.0.2 does not sanitise and escape the Social Profiles field values before outputting them in attributes, which could allow user with a role as low as contributor to perform Cross-Site Scripting attacks. | |||||
| CVE-2021-24744 | 1 Cimatti | 1 Contact Forms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The WordPress Contact Forms by Cimatti WordPress plugin before 1.4.12 does not sanitise and escape the Form Title before outputting it in some admin pages. which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed. | |||||
| CVE-2021-24743 | 1 Secondlinethemes | 1 Podcast Subscribe Buttons | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Podcast Subscribe Buttons WordPress plugin before 1.4.2 allows users with any role capable of editing or adding posts to perform stored XSS. | |||||
| CVE-2021-24740 | 1 Themeum | 1 Tutor Lms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Tutor LMS WordPress plugin before 1.9.9 does not escape some of its settings before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2021-24738 | 1 Shapedplugin | 1 Logo Carousel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Logo Carousel WordPress plugin before 3.4.2 does not validate and escape the "Logo Margin" carousel option, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2021-24737 | 1 Gvectors | 1 Wpdiscuz | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Comments – wpDiscuz WordPress plugin through 7.3.0 does not properly sanitise or escape the Follow and Unfollow messages before outputting them in the page, which could allow high privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2021-24736 | 1 Tammersoft | 1 Shared Files | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Easy Download Manager and File Sharing Plugin with frontend file upload – a better Media Library — Shared Files WordPress plugin before 1.6.57 does not sanitise and escape some of its settings before outputting them in attributes, which could lead to Stored Cross-Site Scripting issues. | |||||
| CVE-2021-24734 | 1 Tipsandtricks-hq | 1 Compact Wp Audio Player | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Compact WP Audio Player WordPress plugin before 1.9.7 does not escape some of its shortcodes attributes, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2021-24732 | 1 Dearhive | 1 Dearflip | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The PDF Flipbook, 3D Flipbook WordPress – DearFlip WordPress plugin before 1.7.10 does not escape the class attribute of its shortcode before outputting it back in an attribute, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2021-24729 | 1 Infornweb | 1 Logo Showcase With Slick Slider | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Logo Showcase with Slick Slider WordPress plugin before 1.2.4 does not sanitise the Grid Settings, which could allow users with a role as low as Author to perform stored Cross-Site Scripting attacks via post metadata of Grid logo showcase. | |||||
| CVE-2021-24724 | 1 Motopress | 1 Timetable And Event Schedule | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Timetable and Event Schedule by MotoPress WordPress plugin before 2.3.19 does not sanitise some of its parameters, which could allow low privilege users such as author to perform XSS attacks against frontend and backend users when viewing the related event/s | |||||
| CVE-2021-24723 | 1 Wpreactions | 1 Wp Reactions Lite | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The WP Reactions Lite WordPress plugin before 1.3.6 does not properly sanitize inputs within wp-admin pages, allowing users with sufficient access to inject XSS payloads within /wp-admin/ pages. | |||||
| CVE-2021-24722 | 1 Motopress | 1 Restaurant Menu | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Restaurant Menu by MotoPress WordPress plugin before 2.4.2 does not properly sanitize or escape inputs when creating new menu items, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2021-24720 | 1 Ayecode | 1 Geodirectory | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The GeoDirectory Business Directory WordPress plugin before 2.1.1.3 was vulnerable to Authenticated Stored Cross-Site Scripting (XSS). | |||||
| CVE-2021-24719 | 1 Kriesi | 1 Enfold | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Enfold Enfold WordPress theme before 4.8.4 was vulnerable to Reflected Cross-Site Scripting (XSS). The vulnerability is present on Enfold versions previous than 4.8.4 which use Avia Page Builder. | |||||
| CVE-2021-24718 | 1 Reputeinfosystems | 1 Contact Form\, Survey \& Popup Form Plugin For Wordpress - Arforms Form Builder | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Contact Form, Survey & Popup Form Plugin for WordPress plugin before 1.5 does not properly sanitize some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2021-24716 | 1 Webnus | 1 Modern Events Calendar Lite | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Modern Events Calendar Lite WordPress plugin before 5.22.3 does not properly sanitize or escape values set by users with access to adjust settings withing wp-admin. | |||||