‼ CVE-2021-24871 ‼
📖 Read
via "National Vulnerability Database".
The Get Custom Field Values WordPress plugin before 4.0.1 does not escape custom fields before outputting them in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24848 ‼
📖 Read
via "National Vulnerability Database".
The mediamaticAjaxRenameCategory AJAX action of the Mediamatic WordPress plugin through 2.7, available to any authenticated user, does not sanitise the categoryID parameter before using it in a SQL statement, leading to an SQL injection📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24771 ‼
📖 Read
via "National Vulnerability Database".
The Inspirational Quote Rotator WordPress plugin through 1.0.0 does not sanitize and escape some of its quote fields when adding/editing a quote as admin, leading to Stored Cross-Site scripting issues when the quote is output in the "Quotes list" even when the unfiltered_html capability is disallowed📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43117 ‼
📖 Read
via "National Vulnerability Database".
fastadmin v1.2.1 is affected by a file upload vulnerability which allows arbitrary code execution through shell access.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42548 ‼
📖 Read
via "National Vulnerability Database".
Insufficient Input Validation in the search functionality of Wordpress plugin Share-one-Drive prior to 1.15.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24855 ‼
📖 Read
via "National Vulnerability Database".
The Display Post Metadata WordPress plugin before 1.5.0 adds a shortcode to print out custom fields, however their content is not sanitised or escaped which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24792 ‼
📖 Read
via "National Vulnerability Database".
The Shiny Buttons WordPress plugin through 1.1.0 does not have any authorisation and CSRF in place when saving a template (wpbtn_save_template function hooked to the init action), nor sanitise and escape them before outputting them in the admin dashboard, which allow unauthenticated users to add a malicious template and lead to Stored Cross-Site Scripting issues.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24747 ‼
📖 Read
via "National Vulnerability Database".
The SEO Booster WordPress plugin through 3.7 allows for authenticated SQL injection via the "fn_my_ajaxified_dataloader_ajax" AJAX request as the $_REQUEST['order'][0]['dir'] parameter is not properly escaped leading to blind and error-based SQL injections.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24845 ‼
📖 Read
via "National Vulnerability Database".
The Improved Include Page WordPress plugin through 1.2 allows passing shortcode attributes with post_type & post_status which can be used to retrieve arbitrary content. This way, users with a role as low as Contributor can gain access to content they are not supposed to.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24922 ‼
📖 Read
via "National Vulnerability Database".
The Pixel Cat WordPress plugin before 2.6.2 does not have CSRF check when saving its settings, and did not sanitise as well as escape some of them, which could allow attacker to make a logged in admin change them and perform Cross-Site Scripting attacks📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24784 ‼
📖 Read
via "National Vulnerability Database".
The WP Admin Logo Changer WordPress plugin through 1.0 does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin update them via a CSRF attack.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24896 ‼
📖 Read
via "National Vulnerability Database".
The Caldera Forms WordPress plugin before 1.9.5 does not sanitise and escape the Form Name before outputting it in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24863 ‼
📖 Read
via "National Vulnerability Database".
The WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection Plugin StopBadBots WordPress plugin before 6.67 does not sanitise and escape the User Agent before using it in a SQL statement to save it, leading to a SQL injection📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24756 ‼
📖 Read
via "National Vulnerability Database".
The WP System Log WordPress plugin before 1.0.21 does not sanitise, validate and escape the IP address retrieved from login requests before outputting them in the admin dashboard, which could allow unauthenticated attacker to perform Cross-Site Scripting attacks against admins viewing the logs.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24795 ‼
📖 Read
via "National Vulnerability Database".
The Filter Portfolio Gallery WordPress plugin through 1.5 is lacking Cross-Site Request Forgery (CSRF) check when deleting a Gallery, which could allow attackers to make a logged in admin delete arbitrary Gallery.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24951 ‼
📖 Read
via "National Vulnerability Database".
The LearnPress WordPress plugin before 4.1.4 does not sanitise, validate and escape the id parameter before using it in SQL statements when duplicating course/lesson/quiz/question, leading to SQL Injections issues📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24859 ‼
📖 Read
via "National Vulnerability Database".
The User Meta Shortcodes WordPress plugin through 0.5 registers a shortcode that allows any user with a role as low as contributor to access other users metadata by specifying the user login as a parameter. This makes the WP instance vulnerable to data extrafiltration, including password hashes📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24972 ‼
📖 Read
via "National Vulnerability Database".
The Pixel Cat WordPress plugin before 2.6.3 does not escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24790 ‼
📖 Read
via "National Vulnerability Database".
The Contact Form Advanced Database WordPress plugin through 1.0.8 does not have any authorisation as well as CSRF checks in its delete_cf7_data and export_cf7_data AJAX actions, available to any authenticated users, which could allow users with a role as low as subscriber to call them. The delete_cf7_data would lead to arbitrary metadata deletion, as well as PHP Object Injection if a suitable gadget chain is present in another plugin, as user data is passed to the maybe_unserialize() function without being first validated.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24780 ‼
📖 Read
via "National Vulnerability Database".
The Single Post Exporter WordPress plugin through 1.1.1 does not have CSRF checks when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and give access to the export feature to any role such as subscriber. Subscriber users would then be able to export an arbitrary post/page (such as private and password protected) via a direct URL📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24818 ‼
📖 Read
via "National Vulnerability Database".
The WP Limits WordPress plugin through 1.0 does not have CSRF check when saving its settings, allowing attacker to make a logged in admin change them, which could make the blog unstable by setting low values📖 Read
via "National Vulnerability Database".