Total
38104 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-24724 | 1 Motopress | 1 Timetable And Event Schedule | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Timetable and Event Schedule by MotoPress WordPress plugin before 2.3.19 does not sanitise some of its parameters, which could allow low privilege users such as author to perform XSS attacks against frontend and backend users when viewing the related event/s | |||||
| CVE-2021-24723 | 1 Wpreactions | 1 Wp Reactions Lite | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The WP Reactions Lite WordPress plugin before 1.3.6 does not properly sanitize inputs within wp-admin pages, allowing users with sufficient access to inject XSS payloads within /wp-admin/ pages. | |||||
| CVE-2021-24722 | 1 Motopress | 1 Restaurant Menu | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Restaurant Menu by MotoPress WordPress plugin before 2.4.2 does not properly sanitize or escape inputs when creating new menu items, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2021-24720 | 1 Ayecode | 1 Geodirectory | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The GeoDirectory Business Directory WordPress plugin before 2.1.1.3 was vulnerable to Authenticated Stored Cross-Site Scripting (XSS). | |||||
| CVE-2021-24719 | 1 Kriesi | 1 Enfold | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Enfold Enfold WordPress theme before 4.8.4 was vulnerable to Reflected Cross-Site Scripting (XSS). The vulnerability is present on Enfold versions previous than 4.8.4 which use Avia Page Builder. | |||||
| CVE-2021-24718 | 1 Reputeinfosystems | 1 Contact Form\, Survey \& Popup Form Plugin For Wordpress - Arforms Form Builder | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Contact Form, Survey & Popup Form Plugin for WordPress plugin before 1.5 does not properly sanitize some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2021-24716 | 1 Webnus | 1 Modern Events Calendar Lite | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Modern Events Calendar Lite WordPress plugin before 5.22.3 does not properly sanitize or escape values set by users with access to adjust settings withing wp-admin. | |||||
| CVE-2021-24715 | 1 Wp Sitemap Page Project | 1 Wp Sitemap Page | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The WP Sitemap Page WordPress plugin before 1.7.0 does not properly sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2021-24714 | 1 Soflyy | 1 Wp All Import | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Import any XML or CSV File to WordPress plugin before 3.6.3 does not escape the Import's Title and Unique Identifier fields before outputting them in admin pages, which could allow high privilege users to perform Cross-Site attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2021-24713 | 1 Creativemindssolutions | 2 Video Lessons Manager, Video Lessons Manager Pro | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Video Lessons Manager WordPress plugin before 1.7.2 and Video Lessons Manager Pro WordPress plugin before 3.5.9 do not properly sanitize and escape values when updating their settings, which could allow high privilege users to perform Cross-Site Scripting attacks | |||||
| CVE-2021-24712 | 1 Dwbooster | 1 Appointment Hour Booking | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Appointment Hour Booking WordPress plugin before 1.3.17 does not properly sanitize values used when creating new calendars. | |||||
| CVE-2021-24710 | 1 Print-o-matic Project | 1 Print-o-matic | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Print-O-Matic WordPress plugin before 2.0.3 does not escape some of its settings before outputting them in attribute, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2021-24709 | 1 Awplife | 1 Weather Effect | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Weather Effect WordPress plugin before 1.3.6 does not properly validate and escape some of its settings (like *_size_leaf, *_flakes_leaf, *_speed) which could lead to Stored Cross-Site Scripting issues | |||||
| CVE-2021-24708 | 1 Wp All Export Project | 1 Wp All Export | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Export any WordPress data to XML/CSV WordPress plugin before 1.3.1 does not escape its Export's Name before outputting it in Manage Exports settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2021-24707 | 1 Nd-learning Project | 1 Nd-learning | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Learning Courses WordPress plugin before 5.0 does not sanitise and escape the Email PDT identity token settings, which could allow high privilege users to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2021-24706 | 1 Qwizcards Project | 1 Qwizcards | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Qwizcards – online quizzes and flashcards WordPress plugin before 3.62 does not properly sanitize and escape some of its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2021-24702 | 1 Thimpress | 1 Learnpress | 2024-11-21 | 2.1 LOW | 4.8 MEDIUM |
| The LearnPress WordPress plugin before 4.1.3.1 does not properly sanitize or escape various inputs within course settings, which could allow high privilege users to perform Cross-Site Scripting attacks when the unfiltred_html capability is disallowed | |||||
| CVE-2021-24701 | 1 Quiz Tool Lite Project | 1 Quiz Tool Lite | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Quiz Tool Lite WordPress plugin through 2.3.15 does not sanitize multiple input fields used when creating or managing quizzes and in other setting options, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2021-24700 | 1 Incsub | 1 Forminator | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Forminator WordPress plugin before 1.15.4 does not sanitize and escape the email field label, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed | |||||
| CVE-2021-24699 | 1 Easy Media Download Project | 1 Easy Media Download | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Easy Media Download WordPress plugin before 1.1.7 does not escape the text argument of its shortcode, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks. | |||||