CVE-2021-24926 (domain_check)
The Domain Check WordPress plugin before 1.0.17 does not sanitise and escape the domain parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting issue Devamını Oku
Devamını oku
CVE-2021-24926
The Domain Check WordPress plugin before 1.0.17 does not sanitise and escape the domain parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting issue Devamını Oku
CVE-2021-24925
The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the current_month_divider parameter of its mec_list_load_more AJAX call (available to both unauthenticated and authenticated users) before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue Devamını Oku
CVE-2021-24924 (email_log)
The Email Log WordPress plugin before 2.4.8 does not escape the d parameter before outputting it back in an attribute in the Log page, leading to a Reflected Cross-Site Scripting issue Devamını Oku
CVE-2021-24924
The Email Log WordPress plugin before 2.4.8 does not escape the d parameter before outputting it back in an attribute in the Log page, leading to a Reflected Cross-Site Scripting issue Devamını Oku
CVE-2021-24922
The Pixel Cat WordPress plugin before 2.6.2 does not have CSRF check when saving its settings, and did not sanitise as well as escape some of them, which could allow attacker to make a logged in admin change them and perform Cross-Site Scripting attacks Devamını Oku
CVE-2021-24921
The Advanced Database Cleaner WordPress plugin before 3.0.4 does not sanitise and escape $_GET keys and values before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues Devamını Oku
CVE-2021-24920
The StatCounter WordPress plugin before 2.0.7 does not sanitise and escape the Project ID and Secure Code settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed Devamını Oku Kaynak: NIST
CVE-2021-24920
The StatCounter WordPress plugin before 2.0.7 does not sanitise and escape the Project ID and Secure Code settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
CVE-2021-24919 (wicked_folders)
The Wicked Folders WordPress plugin before 2.8.10 does not sanitise and escape the folder_id parameter before using it in a SQL statement in the wicked_folders_save_sort_order AJAX action, available to any authenticated user. leading to an SQL injection Devamını Oku
CVE-2021-24919
The Wicked Folders WordPress plugin before 2.8.10 does not sanitise and escape the folder_id parameter before using it in a SQL statement in the wicked_folders_save_sort_order AJAX action, available to any authenticated user. leading to an SQL injection Devamını Oku
CVE-2021-24918 (smash_balloon_social_post_feed)
The Smash Balloon Social Post Feed WordPress plugin before 4.0.1 did not have any privilege or nonce validation before saving the plugin's setting. As a result, any logged-in user on a vulnerable site could update the settings and store rogue JavaScript on each of its posts and pages. Devamını Oku