CVE-2021-24920
The StatCounter WordPress plugin before 2.0.7 does not sanitise and escape the Project ID and Secure Code settings, which could allow high privilege users to…
Devamını oku
Kategori: NIST-Güvenlik Açıkları
CVE-2021-25010
The Post Snippets WordPress plugin before 3.1.4 does not have CSRF check when importing files, allowing attacker to make a logged In admin import arbitrary…
CVE-2021-24913
The Logo Showcase with Slick Slider WordPress plugin before 2.0.1 does not have CSRF check in the lswss_save_attachment_data AJAX action, allowing attackers to make a…
CVE-2021-24933
The Dynamic Widgets WordPress plugin through 1.5.16 does not escape the prefix parameter before outputting it back in an attribute when using the term_tree AJAX…
CVE-2021-24971
The WP Responsive Menu WordPress plugin before 3.1.7.1 does not have capability and CSRF checks in the wpr_live_update AJAX action, as well as do not…
CVE-2021-25011
The Maps Plugin using Google Maps for WordPress plugin before 1.8.1 does not have proper authorisation and CSRF in most of its AJAX actions, which…
CVE-2021-25112
The WHMCS Bridge WordPress plugin before 6.4b does not sanitise and escape the error parameter before outputting it back in admin dashboard, leading to a…
CVE-2020-36510
The 15Zine WordPress theme before 3.3.0 does not sanitise and escape the cbi parameter before outputing it back in the response via the cb_s_a AJAX…
CVE-2021-24688
The Orange Form WordPress plugin through 1.0.1 does not have any authorisation and CSRF checks in all of its AJAX calls, for example the or_delete_filed…
CVE-2021-24689
The Contact Forms – Drag & Drop Contact Form Builder WordPress plugin through 1.0.5 allows high privilege users to download arbitrary files from the web…