Export limit exceeded: 363282 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363282 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363282 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-25073 | 1 Webmaster-source | 1 Wp125 | 2024-11-21 | 8.8 High |
| The WP125 WordPress plugin before 1.5.5 does not have CSRF checks in various action, for example when deleting an ad, allowing attackers to make a logged in admin delete them via a CSRF attack | ||||
| CVE-2021-25072 | 1 Nextscripts | 1 Social Networks Auto Poster | 2024-11-21 | 6.5 Medium |
| The NextScripts: Social Networks Auto-Poster WordPress plugin before 4.3.25 does not have CSRF check in place when deleting items, allowing attacker to make a logged in admin delete arbitrary posts via a CSRF attack | ||||
| CVE-2021-25071 | 1 Inpsyde | 1 Akismet Privacy Policies | 2024-11-21 | 6.1 Medium |
| The WordPress plugin through 2.0.1 does not sanitise and escape the translation parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting | ||||
| CVE-2021-25070 | 1 Stopbadbots | 1 Block And Stop Bad Bots | 2024-11-21 | 9.8 Critical |
| The Block Bad Bots WordPress plugin before 6.88 does not properly sanitise and escape the User Agent before using it in a SQL statement to record logs, leading to an SQL Injection issue | ||||
| CVE-2021-25068 | 1 Dpl | 1 Sync Woocommerce Product Feed To Google Shopping | 2024-11-21 | 7.2 High |
| The Sync WooCommerce Product feed to Google Shopping WordPress plugin through 1.2.4 uses the 'feed_id' POST parameter which is not properly sanitized for use in a SQL statement, leading to a SQL injection vulnerability in the admin dashboard | ||||
| CVE-2021-25067 | 1 Pluginops | 1 Landing Page | 2024-11-21 | 5.4 Medium |
| The Landing Page Builder WordPress plugin before 1.4.9.6 was affected by a reflected XSS in page-builder-add on the ulpb_post admin page. | ||||
| CVE-2021-25066 | 1 Ninjaforms | 1 Ninja Forms | 2024-11-21 | 4.8 Medium |
| The Ninja Forms Contact Form WordPress plugin before 3.6.10 does not sanitize and escape some imported data, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | ||||
| CVE-2021-25065 | 1 Smashballoon | 1 Smash Balloon Social Post Feed | 2024-11-21 | 5.4 Medium |
| The Smash Balloon Social Post Feed WordPress plugin before 4.1.1 was affected by a reflected XSS in custom-facebook-feed in cff-top admin page. | ||||
| CVE-2021-25064 | 1 Wow-company | 1 Wow Countdowns | 2024-11-21 | 7.2 High |
| The Wow Countdowns WordPress plugin through 3.1.2 does not sanitize user input into the 'did' parameter and uses it in a SQL statement, leading to an authenticated SQL Injection. | ||||
| CVE-2021-25063 | 1 Cf7skins | 1 Contact Form 7 Skins | 2024-11-21 | 6.1 Medium |
| The Skins for Contact Form 7 WordPress plugin before 2.5.1 does not sanitise and escape the tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting | ||||
| CVE-2021-25062 | 1 Villatheme | 1 Orders Tracking For Woocommerce | 2024-11-21 | 6.1 Medium |
| The Orders Tracking for WooCommerce WordPress plugin before 1.1.10 does not sanitise and escape the file_url before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting | ||||
| CVE-2021-25061 | 1 Wpbookingsystem | 1 Wp Booking System | 2024-11-21 | 5.4 Medium |
| The WP Booking System WordPress plugin before 2.0.15 was affected by a reflected xss in wp-booking-system on the wpbs-calendars admin page. | ||||
| CVE-2021-25060 | 1 Fivestarplugins | 1 Five Star Business Profile And Schema | 2024-11-21 | 5.4 Medium |
| The Five Star Business Profile and Schema WordPress plugin before 2.1.7 does not have any authorisation and CSRF in its bpfwp_welcome_add_contact_page and bpfwp_welcome_set_contact_information AJAX action, allowing any authenticated users, such as subscribers, to call them. Furthermore, due to the lack of sanitisation, it also lead to Stored Cross-Site Scripting issues | ||||
| CVE-2021-25058 | 1 The Buffer Button Project | 1 The Buffer Button | 2024-11-21 | 5.4 Medium |
| The Buffer Button WordPress plugin through 1.0 was vulnerable to Authenticated Stored Cross Site Scripting (XSS) within the Twitter username to mention text field. | ||||
| CVE-2021-25057 | 1 Translationexchange | 1 Translation Exchange | 2024-11-21 | 5.4 Medium |
| The Translation Exchange WordPress plugin through 1.0.14 was vulnerable to Authenticated Stored Cross-Site Scripting (XSS) within the Project Key text field found in the plugin's settings. | ||||
| CVE-2021-25056 | 1 Ninjaforms | 1 Ninja Forms | 2024-11-21 | 4.8 Medium |
| The Ninja Forms Contact Form WordPress plugin before 3.6.10 does not sanitise and escape field labels, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | ||||
| CVE-2021-25055 | 1 Feedwordpress Project | 1 Feedwordpress | 2024-11-21 | 6.1 Medium |
| The FeedWordPress plugin before 2022.0123 is affected by a Reflected Cross-Site Scripting (XSS) within the "visibility" parameter. | ||||
| CVE-2021-25054 | 1 Wow-company | 1 Wpcalc | 2024-11-21 | 8.8 High |
| The WPcalc WordPress plugin through 2.1 does not sanitize user input into the 'did' parameter and uses it in a SQL statement, leading to an authenticated SQL Injection vulnerability. | ||||
| CVE-2021-25053 | 1 Wow-company | 1 Wp Coder | 2024-11-21 | 8.8 High |
| The WP Coder WordPress plugin before 2.5.2 within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with data:// or http:// protocols), thus leading to CSRF RCE. | ||||
| CVE-2021-25052 | 1 Wow-company | 1 Button Generator | 2024-11-21 | 8.8 High |
| The Button Generator WordPress plugin before 2.3.3 within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with data:// or http:// protocols), thus leading to CSRF RCE. | ||||