Total
37683 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-24434 | 1 Codeblab | 1 Glass | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Glass WordPress plugin through 1.3.2 does not sanitise or escape its "Glass Pages" setting before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin did not have CSRF check in place when saving its settings, allowing the issue to be exploited via a CSRF attack. | |||||
| CVE-2021-24431 | 1 Language Bar Flags Project | 1 Language Bar Flags | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| The Language Bar Flags WordPress plugin through 1.0.8 does not have any CSRF in place when saving its settings and did not sanitise or escape them when generating the flag bar in the frontend. This could allow attackers to make a logged in admin change the settings, and set Cross-Site Scripting payload in them, which will be executed in the frontend for all users | |||||
| CVE-2021-24429 | 1 Salonbookingsystem | 1 Salon Booking System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Salon booking system WordPress plugin before 6.3.1 does not properly sanitise and escape the First Name field when booking an appointment, allowing low privilege users such as subscriber to set JavaScript in them, leading to a Stored Cross-Site Scripting (XSS) vulnerability. The Payload will then be triggered when an admin visits the "Calendar" page and the malicious script is executed in the admin context. | |||||
| CVE-2021-24428 | 1 Yandex | 1 Yandex Turbo | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The RSS for Yandex Turbo WordPress plugin through 1.30 does not sanitise or escape some of its settings before saving and outputing them in the admin dashboard, leading to an Authenticated Stored Cross-Site Scripting issue even when the unfiltered_html capability is disallowed. | |||||
| CVE-2021-24427 | 1 Boldgrid | 1 W3 Total Cache | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The W3 Total Cache WordPress plugin before 2.1.3 did not sanitise or escape some of its CDN settings, allowing high privilege users to use JavaScript in them, which will be output in the page, leading to an authenticated Stored Cross-Site Scripting issue | |||||
| CVE-2021-24426 | 1 Web-dorado | 1 Backup-wd | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Backup by 10Web – Backup and Restore Plugin WordPress plugin through 1.0.20 does not sanitise or escape the tab parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting issue | |||||
| CVE-2021-24425 | 1 Premio | 1 Mystickymenu | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Floating Notification Bar, Sticky Menu on Scroll, and Sticky Header for Any Theme – myStickymenu WordPress plugin before 2.5.2 does not sanitise or escape its Bar Text settings, allowing hight privilege users to use malicious JavaScript in it, leading to a Stored Cross-Site Scripting issue, which will be triggered in the plugin's setting, as well as all front-page of the blog (when the Welcome bar is active) | |||||
| CVE-2021-24424 | 1 Webfactoryltd | 1 Wp Reset | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The WP Reset – Most Advanced WordPress Reset Tool WordPress plugin before 1.90 did not sanitise or escape its extra_data parameter when creating a snapshot via the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue | |||||
| CVE-2021-24423 | 1 Updraftplus | 1 Updraftplus | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.6.59 does not sanitise its updraft_service settings, allowing high privilege users to set malicious JavaScript payload in it and leading to a Stored Cross-Site Scripting issue | |||||
| CVE-2021-24421 | 1 Eyecix | 1 Jobsearch Wp Job Board | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The WP JobSearch WordPress plugin before 1.7.4 did not sanitise or escape multiple of its parameters from the my-resume page before outputting them in the page, allowing low privilege users to use JavaScript payloads in them and leading to a Stored Cross-Site Scripting issue | |||||
| CVE-2021-24420 | 1 Emarketdesign | 1 Request A Quote | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Request a Quote WordPress plugin before 2.3.4 did not sanitise and escape some of its quote fields when adding/editing a quote as admin, leading to Stored Cross-Site scripting issues when the quote is output in the 'All Quotes" table. | |||||
| CVE-2021-24419 | 1 Wp Youtube Lyte Project | 1 Wp Youtube Lyte | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The WP YouTube Lyte WordPress plugin before 1.7.16 did not sanitise or escape its lyte_yt_api_key and lyte_notification settings before outputting them back in the page, allowing high privilege users to set XSS payload on them and leading to stored Cross-Site Scripting issues. | |||||
| CVE-2021-24418 | 1 Smooth Scroll Page Up\/down Buttons Project | 1 Smooth Scroll Page Up\/down Buttons | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Smooth Scroll Page Up/Down Buttons WordPress plugin through 1.4 does not properly sanitise and validate its psb_positioning settings, allowing high privilege users such as admin to set an XSS payload in it, which will be executed in all pages of the blog | |||||
| CVE-2021-24416 | 1 Bplugins | 1 Streamcast Radio Player | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The StreamCast – Radio Player for WordPress plugin before 2.1.1 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode | |||||
| CVE-2021-24415 | 1 Bplugins | 1 Polo Video Gallery | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Polo Video Gallery – Best wordpress video gallery plugin WordPress plugin through 1.2 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode | |||||
| CVE-2021-24414 | 1 Video Player For Youtube Project | 1 Video Player For Youtube | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Video Player for YouTube WordPress plugin before 1.4 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode | |||||
| CVE-2021-24413 | 1 Bplugins | 1 Easy Twitter Feed | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Easy Twitter Feed WordPress plugin before 1.2 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode | |||||
| CVE-2021-24412 | 1 Bplugins | 1 Html5 Audio Player | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Html5 Audio Player – Audio Player for WordPress plugin before 2.1.3 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode | |||||
| CVE-2021-24411 | 1 Social Tape Project | 1 Social Tape | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Social Tape WordPress plugin through 1.0 does not have CSRF checks in place when saving its settings, and do not sanitise or escape them before outputting them back in the page, leading to a stored Cross-Site Scripting issue via a CSRF attack | |||||
| CVE-2021-24410 | 1 Telugu Bible Verse Daily Project | 1 Telugu Bible Verse Daily | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The తెలుగు బైబిల్ వచనములు WordPress plugin through 1.0 is lacking any CSRF check when saving its settings and verses, and do not sanitise or escape them when outputting them back in the page. This could allow attackers to make a logged in admin change the settings, as well as add malicious verses containing JavaScript code in them, leading to Stored XSS issues | |||||