CVE-2021-24811 (shop_page_wp)
The Shop Page WP WordPress plugin before 1.2.8 does not sanitise and escape some of the Product fields, allowing high privilege users to perform Cross-Site…
Devamını oku
Kategori: NIST-Güvenlik Açıkları
CVE-2021-24822 (stylish_cost_calculator)
The Stylish Cost Calculator WordPress plugin before 7.0.4 does not have any authorisation and CSRF checks on some of its AJAX actions (available to authenticated…
CVE-2021-24842 (bulk_datetime_change)
The Bulk Datetime Change WordPress plugin before 1.12 does not enforce capability checks which allows users with Contributor roles to 1) list private post titles…
CVE-2021-24860 (bsk_pdf_manager)
The BSK PDF Manager WordPress plugin before 3.1.2 does not validate and escape the orderby and order parameters before using them in a SQL statement,…
CVE-2021-24876 (registrations_for_the_events_calendar)
The Registrations for the Events Calendar WordPress plugin before 2.7.5 does not escape the v parameter before outputting it back in an attribute, leading to…
CVE-2021-24889 (ninja_forms)
The Ninja Forms Contact Form WordPress plugin before 3.6.4 does not escape keys of the fields POST parameter, which could allow high privilege users to…
CVE-2021-24899 (media-tags)
The Media-Tags WordPress plugin through 3.2.0.2 does not sanitise and escape any of its Labels settings, which could allow high privilege users to perform Cross-Site…
CVE-2021-24908 (check_&_log_email)
The Check & Log Email WordPress plugin before 1.0.4 does not escape the d parameter before outputting it back in an attribute, leading to a…
CVE-2021-24915 (contest_gallery)
The Contest Gallery WordPress plugin before 13.1.0.6 does not have capability checks and does not sanitise or escape the cg-search-user-name-original parameter before using it in…
CVE-2021-24883 (popup_anything)
The Popup Anything WordPress plugin before 2.0.4 does not escape the Link Text and Button Text fields of Popup, which could allow users with a…