Total
38068 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-24243 | 1 Wpbakery Page Builder Clipboard Project | 1 Wpbakery Page Builder Clipboard | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An AJAX action registered by the WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin before 4.5.6 did not have capability checks nor sanitization, allowing low privilege users (subscriber+) to call it and set XSS payloads, which will be triggered in all backend pages. | |||||
| CVE-2021-24241 | 1 Advancedcustomfields | 1 Advanced Custom Fields | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Advanced Custom Fields Pro WordPress plugin before 5.9.1 did not properly escape the generated update URL when outputting it in an attribute, leading to a reflected Cross-Site Scripting issue in the update settings page. | |||||
| CVE-2021-24239 | 1 Genetechsolutions | 1 Pie Register | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Pie Register – User Registration Forms. Invitation based registrations, Custom Login, Payments WordPress plugin before 3.7.0.1 does not sanitise the invitaion_code GET parameter when outputting it in the Activation Code page, leading to a reflected Cross-Site Scripting issue. | |||||
| CVE-2021-24237 | 1 Purethemes | 2 Findeo, Realteo | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, did not properly sanitise the keyword_search, search_radius. _bedrooms and _bathrooms GET parameters before outputting them in its properties page, leading to an unauthenticated reflected Cross-Site Scripting issue. | |||||
| CVE-2021-24235 | 1 Boostifythemes | 1 Goto | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Goto WordPress theme before 2.0 does not sanitise the keywords and start_date GET parameter on its Tour List page, leading to an unauthenticated reflected Cross-Site Scripting issue. | |||||
| CVE-2021-24234 | 1 Ivorysearch | 1 Ivory Search | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Search Forms page of the Ivory Search WordPress lugin before 4.6.1 did not properly sanitise the tab parameter before output it in the page, leading to a reflected Cross-Site Scripting issue when opening a malicious crafted link as a high privilege user. Knowledge of a form id is required to conduct the attack. | |||||
| CVE-2021-24233 | 1 Boxystudio | 1 Cooked | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Cooked Pro WordPress plugin before 1.7.5.6 was affected by unauthenticated reflected Cross-Site Scripting issues, due to improper sanitisation of user input while being output back in pages as an arbitrary attribute. | |||||
| CVE-2021-24232 | 1 Elbtide | 1 Advanced Booking Calendar | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Advanced Booking Calendar WordPress plugin before 1.6.8 does not sanitise the license error message when output in the settings page, leading to an authenticated reflected Cross-Site Scripting issue | |||||
| CVE-2021-24229 | 1 Patreon | 1 Patreon Wordpress | 2024-11-21 | 6.8 MEDIUM | 9.6 CRITICAL |
| The Jetpack Scan team identified a Reflected Cross-Site Scripting via the patreon_save_attachment_patreon_level AJAX action of the Patreon WordPress plugin before 1.7.2. This AJAX hook is used to update the pledge level required by Patreon subscribers to access a given attachment. This action is accessible for user accounts with the ‘manage_options’ privilege (i.e.., only administrators). Unfortunately, one of the parameters used in this AJAX endpoint is not sanitized before being printed back to the user, so the risk it represents is the same as the previous XSS vulnerability. | |||||
| CVE-2021-24228 | 1 Patreon | 1 Patreon Wordpress | 2024-11-21 | 6.8 MEDIUM | 9.6 CRITICAL |
| The Jetpack Scan team identified a Reflected Cross-Site Scripting in the Login Form of the Patreon WordPress plugin before 1.7.2. The WordPress login form (wp-login.php) is hooked by the plugin and offers to allow users to authenticate on the site using their Patreon account. Unfortunately, some of the error logging logic behind the scene allowed user-controlled input to be reflected on the login page, unsanitized. | |||||
| CVE-2021-24225 | 1 Elbtide | 1 Advanced Booking Calendar | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Advanced Booking Calendar WordPress plugin before 1.6.7 did not sanitise the calId GET parameter in the "Seasons & Calendars" page before outputing it in an A tag, leading to a reflected XSS issue | |||||
| CVE-2021-24214 | 1 Daggerhartlab | 1 Openid Connect Generic Client | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The OpenID Connect Generic Client WordPress plugin 3.8.0 and 3.8.1 did not sanitise the login error when output back in the login form, leading to a reflected Cross-Site Scripting issue. This issue does not require authentication and can be exploited with the default configuration. | |||||
| CVE-2021-24213 | 1 Givewp | 1 Givewp | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.10.0 was affected by a reflected Cross-Site Scripting vulnerability inside of the administration panel, via the 's' GET parameter on the Donors page. | |||||
| CVE-2021-24208 | 1 Themeum | 1 Wp Page Builder | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The editor of the WP Page Builder WordPress plugin before 1.2.4 allows lower-privileged users to insert unfiltered HTML, including JavaScript, into pages via the “Raw HTML” widget and the “Custom HTML” widgets (though the custom HTML widget requires sending a crafted request - it appears that this widget uses some form of client side validation but not server side validation), all of which are added via the “page_builder_data” parameter when performing the “wppb_page_save” AJAX action. It is also possible to insert malicious JavaScript via the “wppb_page_css” parameter (this can be done by closing out the style tag and opening a script tag) when performing the “wppb_page_save” AJAX action. | |||||
| CVE-2021-24206 | 1 Elementor | 1 Website Builder | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In the Elementor Website Builder WordPress plugin before 3.1.4, the image box widget (includes/widgets/image-box.php) accepts a ‘title_size’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request containing JavaScript in the ‘title_size’ parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed. | |||||
| CVE-2021-24205 | 1 Elementor | 1 Website Builder | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In the Elementor Website Builder WordPress plugin before 3.1.4, the icon box widget (includes/widgets/icon-box.php) accepts a ‘title_size’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request containing JavaScript in the ‘title_size’ parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed. | |||||
| CVE-2021-24204 | 1 Elementor | 1 Website Builder | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In the Elementor Website Builder WordPress plugin before 3.1.4, the accordion widget (includes/widgets/accordion.php) accepts a ‘title_html_tag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request containing JavaScript in the ‘title_html_tag’ parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed. | |||||
| CVE-2021-24203 | 1 Elementor | 1 Website Builder | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In the Elementor Website Builder WordPress plugin before 3.1.4, the divider widget (includes/widgets/divider.php) accepts an ‘html_tag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request with this parameter set to ‘script’ and combined with a ‘text’ parameter containing JavaScript, which will then be executed when the saved page is viewed or previewed. | |||||
| CVE-2021-24202 | 1 Elementor | 1 Website Builder | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In the Elementor Website Builder WordPress plugin before 3.1.4, the heading widget (includes/widgets/heading.php) accepts a ‘header_size’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request with this parameter set to ‘script’ and combined with a ‘title’ parameter containing JavaScript, which will then be executed when the saved page is viewed or previewed. | |||||
| CVE-2021-24201 | 1 Elementor | 1 Website Builder | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In the Elementor Website Builder WordPress plugin before 3.1.4, the column element (includes/elements/column.php) accepts an ‘html_tag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request containing JavaScript in the ‘html_tag’ parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed. | |||||