Total
38077 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-24342 | 1 Jnews | 1 Jnews | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The JNews WordPress theme before 8.0.6 did not sanitise the cat_id parameter in the POST request /?ajax-request=jnews (with action=jnews_build_mega_category_*), leading to a Reflected Cross-Site Scripting (XSS) issue. | |||||
| CVE-2021-24339 | 1 Podsfoundation | 1 Pods | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Pods – Custom Content Types and Fields WordPress plugin before 2.7.27 was vulnerable to an Authenticated Stored Cross-Site Scripting (XSS) security vulnerability within the 'Menu Label' field parameter. | |||||
| CVE-2021-24338 | 1 Podsfoundation | 1 Pods | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Pods – Custom Content Types and Fields WordPress plugin before 2.7.27 was vulnerable to an Authenticated Stored Cross-Site Scripting (XSS) security vulnerability within the 'Singular Label' field parameter. | |||||
| CVE-2021-24335 | 1 Smartdatasoft | 1 Car Repair Services \& Auto Mechanic | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Car Repair Services & Auto Mechanic WordPress theme before 4.0 did not properly sanitise its serviceestimatekey search parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting issue | |||||
| CVE-2021-24334 | 1 Connekthq | 1 Instant Images - One Click Unsplash Uploads | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Instant Images – One Click Unsplash Uploads WordPress plugin before 4.4.0.1 did not properly validate and sanitise its unsplash_download_w and unsplash_download_h parameter settings (/wp-admin/upload.php?page=instant-images), only validating them client side before saving them, leading to a Stored Cross-Site Scripting issue. | |||||
| CVE-2021-24333 | 1 Content Copy Protection \& Prevent Image Save Project | 1 Content Copy Protection \& Prevent Image Save | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Content Copy Protection & Prevent Image Save WordPress plugin through 1.3 does not check for CSRF when saving its settings, not perform any validation and sanitisation on them, allowing attackers to make a logged in administrator set arbitrary XSS payloads in them. | |||||
| CVE-2021-24332 | 1 Autoptimize | 1 Autoptimize | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Autoptimize WordPress plugin before 2.8.4 was missing proper escaping and sanitisation in some of its settings, allowing high privilege users to set XSS payloads in them, leading to stored Cross-Site Scripting issues | |||||
| CVE-2021-24331 | 1 Smooth Scroll Page Up\/down Buttons Project | 1 Smooth Scroll Page Up\/down Buttons | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Smooth Scroll Page Up/Down Buttons WordPress plugin before 1.4 did not properly sanitise and validate its settings, such as psb_distance, psb_buttonsize, psb_speed, only validating them client side. This could allow high privilege users (such as admin) to set XSS payloads in them | |||||
| CVE-2021-24330 | 1 Cartflows | 1 Cartflows | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Funnel Builder by CartFlows – Create High Converting Sales Funnels For WordPress plugin before 1.6.13 did not sanitise its facebook_pixel_id and google_analytics_id settings, allowing high privilege users to set XSS payload in them, which will either be executed on pages generated by the plugin, or the whole website depending on the settings used. | |||||
| CVE-2021-24329 | 1 Automattic | 1 Wp Super Cache | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The WP Super Cache WordPress plugin before 1.7.3 did not properly sanitise its wp_cache_location parameter in its settings, which could lead to a Stored Cross-Site Scripting issue. | |||||
| CVE-2021-24328 | 1 Clogica | 1 Wp Login Security And History | 2024-11-21 | 3.5 LOW | 6.2 MEDIUM |
| The WP Login Security and History WordPress plugin through 1.0 did not have CSRF check when saving its settings, not any sanitisation or validation on them. This could allow attackers to make logged in administrators change the plugin's settings to arbitrary values, and set XSS payloads on them as well | |||||
| CVE-2021-24327 | 1 Clogica | 1 Seo Redirection Plugin | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The SEO Redirection Plugin – 301 Redirect Manager WordPress plugin before 6.4 did not sanitise the Redirect From and Redirect To fields when creating a new redirect in the dashboard, allowing high privilege users (even with the unfiltered_html disabled) to set XSS payloads | |||||
| CVE-2021-24326 | 1 Clogica | 1 All 404 Redirect To Homepage | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The tab parameter of the settings page of the All 404 Redirect to Homepage WordPress plugin before 1.21 was vulnerable to an authenticated reflected Cross-Site Scripting (XSS) issue as user input was not properly sanitised before being output in an attribute. | |||||
| CVE-2021-24325 | 1 Clogica | 1 Seo Redirection Plugin | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The tab parameter of the settings page of the 404 SEO Redirection WordPress plugin through 1.3 is vulnerable to a reflected Cross-Site Scripting (XSS) issue as user input is not properly sanitised or escaped before being output in an attribute. | |||||
| CVE-2021-24323 | 1 Woocommerce | 1 Woocommerce | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| When taxes are enabled, the "Additional tax classes" field was not properly sanitised or escaped before being output back in the admin dashboard, allowing high privilege users such as admin to use XSS payloads even when the unfiltered_html is disabled | |||||
| CVE-2021-24322 | 1 Deliciousbrains | 1 Database Backup | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Database Backup for WordPress plugin before 2.4 did not escape the backup_recipient POST parameter in before output it back in the attribute of an HTML tag, leading to a Stored Cross-Site Scripting issue. | |||||
| CVE-2021-24320 | 1 Bold-themes | 1 Bello | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Bello - Directory & Listing WordPress theme before 1.6.0 did not properly sanitise and escape its listing_list_view, bt_bb_listing_field_my_lat, bt_bb_listing_field_my_lng, bt_bb_listing_field_distance_value, bt_bb_listing_field_my_lat_default, bt_bb_listing_field_keyword, bt_bb_listing_field_location_autocomplete, bt_bb_listing_field_price_range_from and bt_bb_listing_field_price_range_to parameter in ints listing page, leading to reflected Cross-Site Scripting issues. | |||||
| CVE-2021-24319 | 1 Bold-themes | 1 Bello | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Bello - Directory & Listing WordPress theme before 1.6.0 did not properly sanitise its post_excerpt parameter before outputting it back in the shop/my-account/bello-listing-endpoint/ page, leading to a Cross-Site Scripting issue | |||||
| CVE-2021-24317 | 1 Purethemes | 1 Listeo | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Listeo WordPress theme before 1.6.11 did not properly sanitise some parameters in its Search, Booking Confirmation and Personal Message pages, leading to Cross-Site Scripting issues | |||||
| CVE-2021-24316 | 1 Wowthemes | 1 Mediumish | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The search feature of the Mediumish WordPress theme through 1.0.47 does not properly sanitise it's 's' GET parameter before output it back the page, leading to the Cross-SIte Scripting issue. | |||||