Total
37792 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-25044 | 1 Premium-themes | 1 Cryptocurrency Pricing List And Ticker | 2024-11-21 | N/A | 6.1 MEDIUM |
| The Cryptocurrency Pricing list and Ticker WordPress plugin through 1.5 does not sanitise and escape the ccpw_setpage parameter before outputting it back in pages where its shortcode is embed, leading to a Reflected Cross-Site Scripting issue | |||||
| CVE-2021-25043 | 1 Pluginus | 1 Woocommerce Currency Switcher | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WOOCS WordPress plugin before 1.3.7.3 does not sanitise and escape the custom_prices parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue | |||||
| CVE-2021-25041 | 1 10web | 1 Photo Gallery | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Photo Gallery by 10Web WordPress plugin before 1.5.68 is vulnerable to Reflected Cross-Site Scripting (XSS) issues via the bwg_album_breadcrumb_0 and shortcode_id GET parameters passed to the bwg_frontend_data AJAX action | |||||
| CVE-2021-25040 | 1 Booking Calendar Project | 1 Booking Calendar | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Booking Calendar WordPress plugin before 8.9.2 does not sanitise and escape the booking_type parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2021-25039 | 1 Obtaininfotech | 1 Multisite Content Copier\/updater | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WordPress Multisite Content Copier/Updater WordPress plugin before 2.1.0 does not sanitise and escape the wmcc_content_type, wmcc_source_blog and wmcc_record_per_page parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues | |||||
| CVE-2021-25038 | 1 Obtaininfotech | 1 Multisite User Sync\/unsync | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WordPress Multisite User Sync/Unsync WordPress plugin before 2.1.2 does not sanitise and escape the wmus_source_blog and wmus_record_per_page parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues | |||||
| CVE-2021-25035 | 1 Revmakx | 1 Backup And Staging By Wp Time Capsule | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Backup and Staging by WP Time Capsule WordPress plugin before 1.22.7 does not sanitise and escape the error parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2021-25034 | 1 Wp User Project | 1 Wp User | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WP User WordPress plugin before 7.0 does not sanitise and escape some parameters in pages where the [wp_user] shortcode is used, leading to Reflected Cross-Site Scripting issues | |||||
| CVE-2021-25031 | 1 Oxilab | 1 Image Hover Effects Ultimate | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Image Hover Effects Ultimate (Image Gallery, Effects, Lightbox, Comparison or Magnifier) WordPress plugin before 9.7.1 does not escape the effects parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2021-25029 | 1 Cluevo | 1 Learning Management System | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The CLUEVO LMS, E-Learning Platform WordPress plugin before 1.8.1 does not sanitise and escape Course's module, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2021-25027 | 1 Ideabox | 1 Powerpack Addons For Elementor | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The PowerPack Addons for Elementor WordPress plugin before 2.6.2 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting issue | |||||
| CVE-2021-25026 | 1 Patreon | 1 Patreon Wordpress | 2024-11-21 | 3.5 LOW | 5.5 MEDIUM |
| The Patreon WordPress plugin before 1.8.2 does not sanitise and escape the field "Custom Patreon Page name", which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2021-25024 | 1 Theeventscalendar | 1 Eventcalendar | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The EventCalendar WordPress plugin before 1.1.51 does not escape some user input before outputting it back in attributes, leading to Reflected Cross-SIte Scripting issues | |||||
| CVE-2021-25019 | 1 Squirrly | 1 Seo Plugin By Squirrly Seo | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The SEO Plugin by Squirrly SEO WordPress plugin before 11.1.12 does not escape the type parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2021-25017 | 1 Themeum | 1 Tutor Lms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Tutor LMS WordPress plugin before 1.9.12 does not escape the search parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2021-25016 | 1 Premio | 2 Chaty, Chaty Pro | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Chaty WordPress plugin before 2.8.3 and Chaty Pro WordPress plugin before 2.8.2 do not sanitise and escape the search parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2021-25015 | 1 Mycred | 1 Mycred | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The myCred WordPress plugin before 2.4 does not sanitise and escape the search query before outputting it back in the history dashboard page, leading to a Reflected Cross-Site Scripting issue | |||||
| CVE-2021-25012 | 1 Popozure | 1 Pz-linkcard | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Pz-LinkCard WordPress plugin through 2.4.4.4 does not sanitise and escape multiple parameters before outputting them back in admin dashboard pages, leading to Reflected Cross-Site Scripting issues | |||||
| CVE-2021-25008 | 1 Codesnippets | 1 Code Snippets | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Code Snippets WordPress plugin before 2.14.3 does not escape the snippets-safe-mode parameter before outputting it back in attributes, leading to a Reflected Cross-Site Scripting issue | |||||
| CVE-2021-25006 | 1 Molie Instructure Canvas Linking Tool Project | 1 Molie Instructure Canvas Linking Tool | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The MOLIE WordPress plugin through 0.5 does not escape the course_id parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting issue | |||||