Export limit exceeded: 44639 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44639 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-24298 | 1 Ibenic | 1 Simple Giveaways | 2024-11-21 | 6.1 Medium |
| The method and share GET parameters of the Giveaway pages were not sanitised, validated or escaped before being output back in the pages, thus leading to reflected XSS | ||||
| CVE-2021-24297 | 1 Boostifythemes | 1 Goto | 2024-11-21 | 6.1 Medium |
| The Goto WordPress theme before 2.1 did not properly sanitize the formvalue JSON POST parameter in its tl_filter AJAX action, leading to an unauthenticated Reflected Cross-site Scripting (XSS) vulnerability. | ||||
| CVE-2021-24296 | 1 Gowebsolutions | 1 Wp Customer Reviews | 2024-11-21 | 4.8 Medium |
| The WP Customer Reviews WordPress plugin before 3.5.6 did not sanitise some of its settings, allowing high privilege users such as administrators to set XSS payloads in them which will then be triggered in pages where reviews are enabled | ||||
| CVE-2021-24294 | 1 Mlfactory | 1 Dsgvo All In One For Wp | 2024-11-21 | 6.1 Medium |
| The dsgvoaio_write_log AJAX action of the DSGVO All in one for WP WordPress plugin before 4.0 did not sanitise or escape some POST parameter submitted before outputting them in the Log page in the administrator dashboard (wp-admin/admin.php?page=dsgvoaiofree-show-log). This could allow unauthenticated attackers to gain unauthorised access by using an XSS payload to create a rogue administrator account, which will be trigged when an administrator will view the logs. | ||||
| CVE-2021-24293 | 1 Imagely | 1 Nextgen Gallery | 2024-11-21 | 6.1 Medium |
| In the eCommerce module of the NextGEN Gallery Pro WordPress plugin before 3.1.11, there is an action to call get_cart_items via photocrati_ajax , after that the settings[shipping_address][name] is able to inject malicious javascript. | ||||
| CVE-2021-24292 | 1 Wedevs | 1 Happy Addons For Elementor | 2024-11-21 | 5.4 Medium |
| The Happy Addons for Elementor WordPress plugin before 2.24.0, Happy Addons Pro for Elementor WordPress plugin before 1.17.0 have a number of widgets that are vulnerable to stored Cross-Site Scripting(XSS) by lower-privileged users such as contributors, all via a similar method: The “Card” widget accepts a “title_tag” parameter. Although the element control lists a fixed set of possible html tags, it is possible to send a ‘save_builder’ request with the “heading_tag” set to “script”, and the actual “title” parameter set to JavaScript to be executed within the script tags added by the “heading_tag” parameter. | ||||
| CVE-2021-24291 | 1 10web | 1 Photo Gallery | 2024-11-21 | 6.1 Medium |
| The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin before 1.5.69 was vulnerable to Reflected Cross-Site Scripting (XSS) issues via the gallery_id, tag, album_id and _id GET parameters passed to the bwg_frontend_data AJAX action (available to both unauthenticated and authenticated users) | ||||
| CVE-2021-24290 | 1 De-baat | 1 Store Locator Plus | 2024-11-21 | 6.1 Medium |
| There are several endpoints in the Store Locator Plus for WordPress plugin through 5.5.15 that could allow unauthenticated attackers the ability to inject malicious JavaScript into pages. | ||||
| CVE-2021-24287 | 1 Mooveagency | 1 Select All Categories And Taxonomies\, Change Checkbox To Radio Buttons | 2024-11-21 | 6.1 Medium |
| The settings page of the Select All Categories and Taxonomies, Change Checkbox to Radio Buttons WordPress plugin before 1.3.2 did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue | ||||
| CVE-2021-24286 | 1 Mooveagency | 1 Redirect 404 To Parent | 2024-11-21 | 6.1 Medium |
| The settings page of the Redirect 404 to parent WordPress plugin before 1.3.1 did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue | ||||
| CVE-2021-24283 | 1 Pickplugins | 1 Accordion | 2024-11-21 | 5.4 Medium |
| The tab GET parameter of the settings page is not sanitised or escaped when being output back in an HTML attribute, leading to a reflected XSS issue. | ||||
| CVE-2021-24277 | 1 Wpuslugi | 1 Rss For Yandex Turbo | 2024-11-21 | 5.4 Medium |
| The RSS for Yandex Turbo WordPress plugin before 1.30 did not properly sanitise the user inputs from its Счетчики settings tab before outputting them back in the page, leading to authenticated stored Cross-Site Scripting issues | ||||
| CVE-2021-24276 | 1 Supsystic | 1 Contact Form | 2024-11-21 | 6.1 Medium |
| The Contact Form by Supsystic WordPress plugin before 1.7.15 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue | ||||
| CVE-2021-24275 | 1 Supsystic | 1 Popup | 2024-11-21 | 6.1 Medium |
| The Popup by Supsystic WordPress plugin before 1.10.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue | ||||
| CVE-2021-24274 | 1 Supsystic | 1 Ultimate Maps | 2024-11-21 | 6.1 Medium |
| The Ultimate Maps by Supsystic WordPress plugin before 1.2.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue | ||||
| CVE-2021-24273 | 1 Cleversoft | 1 Clever Addons For Elementor | 2024-11-21 | 5.4 Medium |
| The “Clever Addons for Elementor” WordPress Plugin before 2.1.0 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. | ||||
| CVE-2021-24271 | 1 Brainstormforce | 1 Ultimate Addons For Elementor | 2024-11-21 | 5.4 Medium |
| The “Ultimate Addons for Elementor” WordPress Plugin before 1.30.0 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. | ||||
| CVE-2021-24270 | 1 Detheme | 1 Dethemekit For Elementor | 2024-11-21 | 5.4 Medium |
| The “DeTheme Kit for Elementor” WordPress Plugin before 1.5.5.5 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. | ||||
| CVE-2021-24269 | 1 Sinaextra | 1 Sina Extension For Elementor | 2024-11-21 | 5.4 Medium |
| The “Sina Extension for Elementor” WordPress Plugin before 3.3.12 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. | ||||
| CVE-2021-24268 | 1 Crocoblock | 1 Jetwidgets For Elementor | 2024-11-21 | 5.4 Medium |
| The “JetWidgets For Elementor” WordPress Plugin before 1.0.9 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. | ||||