Total
37239 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-24296 | 1 Gowebsolutions | 1 Wp Customer Reviews | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The WP Customer Reviews WordPress plugin before 3.5.6 did not sanitise some of its settings, allowing high privilege users such as administrators to set XSS payloads in them which will then be triggered in pages where reviews are enabled | |||||
| CVE-2021-24294 | 1 Mlfactory | 1 Dsgvo All In One For Wp | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The dsgvoaio_write_log AJAX action of the DSGVO All in one for WP WordPress plugin before 4.0 did not sanitise or escape some POST parameter submitted before outputting them in the Log page in the administrator dashboard (wp-admin/admin.php?page=dsgvoaiofree-show-log). This could allow unauthenticated attackers to gain unauthorised access by using an XSS payload to create a rogue administrator account, which will be trigged when an administrator will view the logs. | |||||
| CVE-2021-24293 | 1 Imagely | 1 Nextgen Gallery | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In the eCommerce module of the NextGEN Gallery Pro WordPress plugin before 3.1.11, there is an action to call get_cart_items via photocrati_ajax , after that the settings[shipping_address][name] is able to inject malicious javascript. | |||||
| CVE-2021-24292 | 1 Wedevs | 1 Happy Addons For Elementor | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Happy Addons for Elementor WordPress plugin before 2.24.0, Happy Addons Pro for Elementor WordPress plugin before 1.17.0 have a number of widgets that are vulnerable to stored Cross-Site Scripting(XSS) by lower-privileged users such as contributors, all via a similar method: The “Card” widget accepts a “title_tag” parameter. Although the element control lists a fixed set of possible html tags, it is possible to send a ‘save_builder’ request with the “heading_tag” set to “script”, and the actual “title” parameter set to JavaScript to be executed within the script tags added by the “heading_tag” parameter. | |||||
| CVE-2021-24291 | 1 10web | 1 Photo Gallery | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin before 1.5.69 was vulnerable to Reflected Cross-Site Scripting (XSS) issues via the gallery_id, tag, album_id and _id GET parameters passed to the bwg_frontend_data AJAX action (available to both unauthenticated and authenticated users) | |||||
| CVE-2021-24290 | 1 De-baat | 1 Store Locator Plus | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| There are several endpoints in the Store Locator Plus for WordPress plugin through 5.5.15 that could allow unauthenticated attackers the ability to inject malicious JavaScript into pages. | |||||
| CVE-2021-24287 | 1 Mooveagency | 1 Select All Categories And Taxonomies\, Change Checkbox To Radio Buttons | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The settings page of the Select All Categories and Taxonomies, Change Checkbox to Radio Buttons WordPress plugin before 1.3.2 did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue | |||||
| CVE-2021-24286 | 1 Mooveagency | 1 Redirect 404 To Parent | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The settings page of the Redirect 404 to parent WordPress plugin before 1.3.1 did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue | |||||
| CVE-2021-24283 | 1 Pickplugins | 1 Accordion | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The tab GET parameter of the settings page is not sanitised or escaped when being output back in an HTML attribute, leading to a reflected XSS issue. | |||||
| CVE-2021-24277 | 1 Wpuslugi | 1 Rss For Yandex Turbo | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The RSS for Yandex Turbo WordPress plugin before 1.30 did not properly sanitise the user inputs from its ???????? settings tab before outputting them back in the page, leading to authenticated stored Cross-Site Scripting issues | |||||
| CVE-2021-24276 | 1 Supsystic | 1 Contact Form | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Contact Form by Supsystic WordPress plugin before 1.7.15 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue | |||||
| CVE-2021-24275 | 1 Supsystic | 1 Popup | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Popup by Supsystic WordPress plugin before 1.10.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue | |||||
| CVE-2021-24274 | 1 Supsystic | 1 Ultimate Maps | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Ultimate Maps by Supsystic WordPress plugin before 1.2.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue | |||||
| CVE-2021-24273 | 1 Cleversoft | 1 Clever Addons For Elementor | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The “Clever Addons for Elementor” WordPress Plugin before 2.1.0 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. | |||||
| CVE-2021-24271 | 1 Brainstormforce | 1 Ultimate Addons For Elementor | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The “Ultimate Addons for Elementor” WordPress Plugin before 1.30.0 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. | |||||
| CVE-2021-24270 | 1 Detheme | 1 Dethemekit For Elementor | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The “DeTheme Kit for Elementor” WordPress Plugin before 1.5.5.5 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. | |||||
| CVE-2021-24269 | 1 Sinaextra | 1 Sina Extension For Elementor | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The “Sina Extension for Elementor” WordPress Plugin before 3.3.12 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. | |||||
| CVE-2021-24268 | 1 Crocoblock | 1 Jetwidgets For Elementor | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The “JetWidgets For Elementor” WordPress Plugin before 1.0.9 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. | |||||
| CVE-2021-24267 | 1 Themesgrove | 1 All-in-one Addons For Elementor | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The “All-in-One Addons for Elementor – WidgetKit” WordPress Plugin before 2.3.10 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. | |||||
| CVE-2021-24266 | 1 Posimyth | 1 The Plus Addons For Elementor Page Builder Lite | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The “The Plus Addons for Elementor Page Builder Lite” WordPress Plugin before 2.0.6 has four widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. | |||||