Total
37792 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-25079 | 1 Crmperks | 1 Contact Form Entries | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Contact Form Entries WordPress plugin before 1.2.4 does not sanitise and escape various parameters, such as form_id, status, end_date, order, orderby and search before outputting them back in the admin page | |||||
| CVE-2021-25078 | 1 Wpaffiliatemanager | 1 Affiliates Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Affiliates Manager WordPress plugin before 2.9.0 does not validate, sanitise and escape the IP address of requests logged by the click tracking feature, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against admin viewing the tracked requests. | |||||
| CVE-2021-25077 | 1 Visser | 1 Store Toolkit For Woocommerce | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Store Toolkit for WooCommerce WordPress plugin before 2.3.2 does not sanitise and escape the tab parameter before outputting it back in an admin page in an error message, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2021-25071 | 1 Inpsyde | 1 Akismet Privacy Policies | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WordPress plugin through 2.0.1 does not sanitise and escape the translation parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2021-25067 | 1 Pluginops | 1 Landing Page | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Landing Page Builder WordPress plugin before 1.4.9.6 was affected by a reflected XSS in page-builder-add on the ulpb_post admin page. | |||||
| CVE-2021-25066 | 1 Ninjaforms | 1 Ninja Forms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Ninja Forms Contact Form WordPress plugin before 3.6.10 does not sanitize and escape some imported data, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2021-25065 | 1 Smashballoon | 1 Smash Balloon Social Post Feed | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Smash Balloon Social Post Feed WordPress plugin before 4.1.1 was affected by a reflected XSS in custom-facebook-feed in cff-top admin page. | |||||
| CVE-2021-25063 | 1 Cf7skins | 1 Contact Form 7 Skins | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Skins for Contact Form 7 WordPress plugin before 2.5.1 does not sanitise and escape the tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2021-25062 | 1 Villatheme | 1 Orders Tracking For Woocommerce | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Orders Tracking for WooCommerce WordPress plugin before 1.1.10 does not sanitise and escape the file_url before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2021-25061 | 1 Wpbookingsystem | 1 Wp Booking System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The WP Booking System WordPress plugin before 2.0.15 was affected by a reflected xss in wp-booking-system on the wpbs-calendars admin page. | |||||
| CVE-2021-25060 | 1 Fivestarplugins | 1 Five Star Business Profile And Schema | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Five Star Business Profile and Schema WordPress plugin before 2.1.7 does not have any authorisation and CSRF in its bpfwp_welcome_add_contact_page and bpfwp_welcome_set_contact_information AJAX action, allowing any authenticated users, such as subscribers, to call them. Furthermore, due to the lack of sanitisation, it also lead to Stored Cross-Site Scripting issues | |||||
| CVE-2021-25058 | 1 The Buffer Button Project | 1 The Buffer Button | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Buffer Button WordPress plugin through 1.0 was vulnerable to Authenticated Stored Cross Site Scripting (XSS) within the Twitter username to mention text field. | |||||
| CVE-2021-25057 | 1 Translationexchange | 1 Translation Exchange | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Translation Exchange WordPress plugin through 1.0.14 was vulnerable to Authenticated Stored Cross-Site Scripting (XSS) within the Project Key text field found in the plugin's settings. | |||||
| CVE-2021-25056 | 1 Ninjaforms | 1 Ninja Forms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Ninja Forms Contact Form WordPress plugin before 3.6.10 does not sanitise and escape field labels, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2021-25055 | 1 Feedwordpress Project | 1 Feedwordpress | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The FeedWordPress plugin before 2022.0123 is affected by a Reflected Cross-Site Scripting (XSS) within the "visibility" parameter. | |||||
| CVE-2021-25050 | 1 Wpchill | 1 Remove Footer Credit | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Remove Footer Credit WordPress plugin before 1.0.11 does properly sanitise its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed. | |||||
| CVE-2021-25049 | 1 Mobileeventsmanager | 1 Mobile Events Manager | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Mobile Events Manager WordPress plugin before 1.4.4 does not sanitise and escape various of its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2021-25048 | 1 King-theme | 1 Kingcomposer | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The KingComposer WordPress plugin through 2.9.6 does not have authorisation, CSRF and sanitisation/escaping when creating profile, allowing any authenticated users to create arbitrary ones, with Cross-Site Scripting payloads in them | |||||
| CVE-2021-25047 | 1 10web | 1 10websocial | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The 10Web Social Photo Feed WordPress plugin before 1.4.29 was affected by a reflected Cross-Site Scripting (XSS) vulnerability in the wdi_apply_changes admin page, allowing an attacker to perform such attack against any logged in users | |||||
| CVE-2021-25046 | 1 Webnus | 1 Modern Events Calendar Lite | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Modern Events Calendar Lite WordPress plugin before 6.2.0 alloed any logged-in user, even a subscriber user, may add a category whose parameters are incorrectly escaped in the admin panel, leading to stored XSS. | |||||