Total
41393 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-25015 | 1 Mycred | 1 Mycred | 2024-11-21 | 6.1 Medium |
| The myCred WordPress plugin before 2.4 does not sanitise and escape the search query before outputting it back in the history dashboard page, leading to a Reflected Cross-Site Scripting issue | ||||
| CVE-2021-25012 | 1 Popozure | 1 Pz-linkcard | 2024-11-21 | 6.1 Medium |
| The Pz-LinkCard WordPress plugin through 2.4.4.4 does not sanitise and escape multiple parameters before outputting them back in admin dashboard pages, leading to Reflected Cross-Site Scripting issues | ||||
| CVE-2021-25008 | 1 Codesnippets | 1 Code Snippets | 2024-11-21 | 6.1 Medium |
| The Code Snippets WordPress plugin before 2.14.3 does not escape the snippets-safe-mode parameter before outputting it back in attributes, leading to a Reflected Cross-Site Scripting issue | ||||
| CVE-2021-25006 | 1 Molie Instructure Canvas Linking Tool Project | 1 Molie Instructure Canvas Linking Tool | 2024-11-21 | 6.1 Medium |
| The MOLIE WordPress plugin through 0.5 does not escape the course_id parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting issue | ||||
| CVE-2021-25005 | 1 Seur Oficial Project | 1 Seur Oficial | 2024-11-21 | 4.8 Medium |
| The SEUR Oficial WordPress plugin before 1.7.0 does not sanitize and escape some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | ||||
| CVE-2021-25001 | 1 Booster | 1 Booster For Woocommerce | 2024-11-21 | 6.1 Medium |
| The Booster for WooCommerce WordPress plugin before 5.4.9 does not sanitise and escape the wcj_create_products_xml_result parameter before outputting back in the admin dashboard when the Product XML Feeds module is enabled, leading to a Reflected Cross-Site Scripting issue | ||||
| CVE-2021-25000 | 1 Booster | 1 Booster For Woocommerce | 2024-11-21 | 6.1 Medium |
| The Booster for WooCommerce WordPress plugin before 5.4.9 does not sanitise and escape the wcj_delete_role parameter before outputting back in the admin dashboard when the General module is enabled, leading to a Reflected Cross-Site Scripting issue | ||||
| CVE-2021-24999 | 1 Booster | 1 Booster For Woocommerce | 2024-11-21 | 6.1 Medium |
| The Booster for WooCommerce WordPress plugin before 5.4.9 does not sanitise and escape the wcj_notice parameter before outputting it back in the admin dashboard when the Pdf Invoicing module is enabled, leading to a Reflected Cross-Site Scripting | ||||
| CVE-2021-24996 | 1 Wki | 1 Idpay For Contact Form 7 | 2024-11-21 | 6.1 Medium |
| The IDPay for Contact Form 7 WordPress plugin through 2.1.2 does not sanitise and escape the idpay_error parameter before outputting it back in the page leading to a Reflected Cross-Site Scripting | ||||
| CVE-2021-24995 | 1 Html5 Responsive Faq Project | 1 Html5 Responsive Faq | 2024-11-21 | 4.8 Medium |
| The HTML5 Responsive FAQ WordPress plugin through 2.8.5 does not properly sanitise and escape some of its settings, which could allow a high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed | ||||
| CVE-2021-24994 | 1 Wpvivid | 1 Migration\, Backup\, Staging | 2024-11-21 | 6.1 Medium |
| The Migration, Backup, Staging WordPress plugin before 0.9.69 does not have authorisation when adding remote storages, and does not sanitise as well as escape a parameter from such unauthenticated requests before outputting it in admin page, leading to a Stored Cross-Site Scripting issue | ||||
| CVE-2021-24992 | 1 Buttonizer | 1 Buttonizer | 2024-11-21 | 4.8 Medium |
| The Smart Floating / Sticky Buttons WordPress plugin before 2.5.5 does not sanitise and escape some parameter before outputting them in attributes and page, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | ||||
| CVE-2021-24991 | 1 Wpovernight | 1 Woocommerce Pdf Invoices\& Packing Slips | 2024-11-21 | 4.8 Medium |
| The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.10.5 does not escape the tab and section parameters before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in the admin dashboard | ||||
| CVE-2021-24988 | 1 Wprssaggregator | 1 Wp Rss Aggregator | 2024-11-21 | 5.4 Medium |
| The WP RSS Aggregator WordPress plugin before 4.19.3 does not sanitise and escape data before outputting it in the System Info admin dashboard, which could lead to a Stored XSS issue due to the wprss_dismiss_addon_notice AJAX action missing authorisation and CSRF checks, allowing any authenticated users, such as subscriber to call it and set a malicious payload in the addon parameter. | ||||
| CVE-2021-24987 | 1 Heateor | 1 Super Socializer | 2024-11-21 | 6.1 Medium |
| The Social Share, Social Login and Social Comments Plugin WordPress plugin before 7.13.30 does not sanitise and escape the urls parameter in its the_champ_sharing_count AJAX action (available to both unauthenticated and authenticated users) before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue. | ||||
| CVE-2021-24986 | 1 Pickplugins | 1 Post Grid | 2024-11-21 | 6.1 Medium |
| The Post Grid WordPress plugin before 2.1.16 does not escape the keyword parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in pages containing a Post Grid with a search form | ||||
| CVE-2021-24985 | 1 Yikesinc | 1 Easy Forms For Mailchimp | 2024-11-21 | 6.1 Medium |
| The Easy Forms for Mailchimp WordPress plugin before 6.8.6 does not sanitise and escape the field_name and field_type parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues | ||||
| CVE-2021-24984 | 1 Wpfront | 1 Wpfront User Role Editor | 2024-11-21 | 6.1 Medium |
| The WPFront User Role Editor WordPress plugin before 3.2.1.11184 does not sanitise and escape the changes-saved parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting | ||||
| CVE-2021-24983 | 1 Asset Cleanup\ | 1 Page Speed Booster Project | 2024-11-21 | 6.1 Medium |
| The Asset CleanUp: Page Speed Booster WordPress plugin before 1.3.8.5 does not sanitise and escape POSted parameters sent to the wpassetcleanup_fetch_active_plugins_icons AJAX action (available to admin users), leading to a Reflected Cross-Site Scripting issue | ||||
| CVE-2021-24982 | 1 Childtheme-generator | 1 Child Theme Generator | 2024-11-21 | 6.4 Medium |
| The Child Theme Generator WordPress plugin through 2.2.7 does not sanitise escape the parade parameter before outputting it back, leading to a Reflected Cross-Site Scripting in the admin dashboard | ||||