Export limit exceeded: 44667 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44667 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-24744 | 1 Cimatti | 1 Contact Forms | 2024-11-21 | 4.8 Medium |
| The WordPress Contact Forms by Cimatti WordPress plugin before 1.4.12 does not sanitise and escape the Form Title before outputting it in some admin pages. which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed. | ||||
| CVE-2021-24743 | 1 Secondlinethemes | 1 Podcast Subscribe Buttons | 2024-11-21 | 5.4 Medium |
| The Podcast Subscribe Buttons WordPress plugin before 1.4.2 allows users with any role capable of editing or adding posts to perform stored XSS. | ||||
| CVE-2021-24740 | 1 Themeum | 1 Tutor Lms | 2024-11-21 | 4.8 Medium |
| The Tutor LMS WordPress plugin before 1.9.9 does not escape some of its settings before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | ||||
| CVE-2021-24738 | 1 Shapedplugin | 1 Logo Carousel | 2024-11-21 | 5.4 Medium |
| The Logo Carousel WordPress plugin before 3.4.2 does not validate and escape the "Logo Margin" carousel option, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2021-24737 | 1 Gvectors | 1 Wpdiscuz | 2024-11-21 | 4.8 Medium |
| The Comments – wpDiscuz WordPress plugin through 7.3.0 does not properly sanitise or escape the Follow and Unfollow messages before outputting them in the page, which could allow high privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | ||||
| CVE-2021-24736 | 1 Tammersoft | 1 Shared Files | 2024-11-21 | 4.8 Medium |
| The Easy Download Manager and File Sharing Plugin with frontend file upload – a better Media Library — Shared Files WordPress plugin before 1.6.57 does not sanitise and escape some of its settings before outputting them in attributes, which could lead to Stored Cross-Site Scripting issues. | ||||
| CVE-2021-24734 | 1 Tipsandtricks-hq | 1 Compact Wp Audio Player | 2024-11-21 | 5.4 Medium |
| The Compact WP Audio Player WordPress plugin before 1.9.7 does not escape some of its shortcodes attributes, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2021-24732 | 1 Dearhive | 1 Dearflip | 2024-11-21 | 5.4 Medium |
| The PDF Flipbook, 3D Flipbook WordPress – DearFlip WordPress plugin before 1.7.10 does not escape the class attribute of its shortcode before outputting it back in an attribute, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2021-24729 | 1 Infornweb | 1 Logo Showcase With Slick Slider | 2024-11-21 | 5.4 Medium |
| The Logo Showcase with Slick Slider WordPress plugin before 1.2.4 does not sanitise the Grid Settings, which could allow users with a role as low as Author to perform stored Cross-Site Scripting attacks via post metadata of Grid logo showcase. | ||||
| CVE-2021-24724 | 1 Motopress | 1 Timetable And Event Schedule | 2024-11-21 | 5.4 Medium |
| The Timetable and Event Schedule by MotoPress WordPress plugin before 2.3.19 does not sanitise some of its parameters, which could allow low privilege users such as author to perform XSS attacks against frontend and backend users when viewing the related event/s | ||||
| CVE-2021-24723 | 1 Wpreactions | 1 Wp Reactions Lite | 2024-11-21 | 5.4 Medium |
| The WP Reactions Lite WordPress plugin before 1.3.6 does not properly sanitize inputs within wp-admin pages, allowing users with sufficient access to inject XSS payloads within /wp-admin/ pages. | ||||
| CVE-2021-24722 | 1 Motopress | 1 Restaurant Menu | 2024-11-21 | 4.8 Medium |
| The Restaurant Menu by MotoPress WordPress plugin before 2.4.2 does not properly sanitize or escape inputs when creating new menu items, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | ||||
| CVE-2021-24720 | 1 Ayecode | 1 Geodirectory | 2024-11-21 | 5.4 Medium |
| The GeoDirectory Business Directory WordPress plugin before 2.1.1.3 was vulnerable to Authenticated Stored Cross-Site Scripting (XSS). | ||||
| CVE-2021-24719 | 1 Kriesi | 1 Enfold | 2024-11-21 | 6.1 Medium |
| The Enfold Enfold WordPress theme before 4.8.4 was vulnerable to Reflected Cross-Site Scripting (XSS). The vulnerability is present on Enfold versions previous than 4.8.4 which use Avia Page Builder. | ||||
| CVE-2021-24718 | 1 Reputeinfosystems | 1 Contact Form\, Survey \& Popup Form Plugin For Wordpress - Arforms Form Builder | 2024-11-21 | 4.8 Medium |
| The Contact Form, Survey & Popup Form Plugin for WordPress plugin before 1.5 does not properly sanitize some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | ||||
| CVE-2021-24716 | 1 Webnus | 1 Modern Events Calendar Lite | 2024-11-21 | 5.4 Medium |
| The Modern Events Calendar Lite WordPress plugin before 5.22.3 does not properly sanitize or escape values set by users with access to adjust settings withing wp-admin. | ||||
| CVE-2021-24715 | 1 Wp Sitemap Page Project | 1 Wp Sitemap Page | 2024-11-21 | 4.8 Medium |
| The WP Sitemap Page WordPress plugin before 1.7.0 does not properly sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | ||||
| CVE-2021-24714 | 1 Soflyy | 1 Wp All Import | 2024-11-21 | 4.8 Medium |
| The Import any XML or CSV File to WordPress plugin before 3.6.3 does not escape the Import's Title and Unique Identifier fields before outputting them in admin pages, which could allow high privilege users to perform Cross-Site attacks even when the unfiltered_html capability is disallowed. | ||||
| CVE-2021-24712 | 1 Dwbooster | 1 Appointment Hour Booking | 2024-11-21 | 5.4 Medium |
| The Appointment Hour Booking WordPress plugin before 1.3.17 does not properly sanitize values used when creating new calendars. | ||||
| CVE-2021-24710 | 1 Print-o-matic Project | 1 Print-o-matic | 2024-11-21 | 4.8 Medium |
| The Print-O-Matic WordPress plugin before 2.0.3 does not escape some of its settings before outputting them in attribute, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | ||||