Export limit exceeded: 366276 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366276 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-24281 | 1 Querysol | 1 Redirection For Contact Form 7 | 2024-11-21 | 4.3 Medium |
| In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, any authenticated user, such as a subscriber, could use the delete_action_post AJAX action to delete any post on a target site. | ||||
| CVE-2021-24280 | 1 Querysol | 1 Redirection For Contact Form 7 | 2024-11-21 | 8.8 High |
| In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, any authenticated user, such as a subscriber, could use the import_from_debug AJAX action to inject PHP objects. | ||||
| CVE-2021-24279 | 1 Querysol | 1 Redirection For Contact Form 7 | 2024-11-21 | 6.5 Medium |
| In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, low level users, such as subscribers, could use the import_from_debug AJAX action to install any plugin from the WordPress repository. | ||||
| CVE-2021-24278 | 1 Querysol | 1 Redirection For Contact Form 7 | 2024-11-21 | 7.5 High |
| In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, unauthenticated users can use the wpcf7r_get_nonce AJAX action to retrieve a valid nonce for any WordPress action/function. | ||||
| CVE-2021-24277 | 1 Wpuslugi | 1 Rss For Yandex Turbo | 2024-11-21 | 5.4 Medium |
| The RSS for Yandex Turbo WordPress plugin before 1.30 did not properly sanitise the user inputs from its Счетчики settings tab before outputting them back in the page, leading to authenticated stored Cross-Site Scripting issues | ||||
| CVE-2021-24276 | 1 Supsystic | 1 Contact Form | 2024-11-21 | 6.1 Medium |
| The Contact Form by Supsystic WordPress plugin before 1.7.15 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue | ||||
| CVE-2021-24275 | 1 Supsystic | 1 Popup | 2024-11-21 | 6.1 Medium |
| The Popup by Supsystic WordPress plugin before 1.10.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue | ||||
| CVE-2021-24274 | 1 Supsystic | 1 Ultimate Maps | 2024-11-21 | 6.1 Medium |
| The Ultimate Maps by Supsystic WordPress plugin before 1.2.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue | ||||
| CVE-2021-24273 | 1 Cleversoft | 1 Clever Addons For Elementor | 2024-11-21 | 5.4 Medium |
| The “Clever Addons for Elementor” WordPress Plugin before 2.1.0 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. | ||||
| CVE-2021-24272 | 1 Codeinitiator | 1 Fitness Calculators | 2024-11-21 | 4.3 Medium |
| The fitness calculators WordPress plugin before 1.9.6 add calculators for Water intake, BMI calculator, protein Intake, and Body Fat and was lacking CSRF check, allowing attackers to make logged in users perform unwanted actions, such as change the calculator headers. Due to the lack of sanitisation, this could also lead to a Stored Cross-Site Scripting issue | ||||
| CVE-2021-24271 | 1 Brainstormforce | 1 Ultimate Addons For Elementor | 2024-11-21 | 5.4 Medium |
| The “Ultimate Addons for Elementor” WordPress Plugin before 1.30.0 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. | ||||
| CVE-2021-24270 | 1 Detheme | 1 Dethemekit For Elementor | 2024-11-21 | 5.4 Medium |
| The “DeTheme Kit for Elementor” WordPress Plugin before 1.5.5.5 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. | ||||
| CVE-2021-24269 | 1 Sinaextra | 1 Sina Extension For Elementor | 2024-11-21 | 5.4 Medium |
| The “Sina Extension for Elementor” WordPress Plugin before 3.3.12 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. | ||||
| CVE-2021-24268 | 1 Crocoblock | 1 Jetwidgets For Elementor | 2024-11-21 | 5.4 Medium |
| The “JetWidgets For Elementor” WordPress Plugin before 1.0.9 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. | ||||
| CVE-2021-24267 | 1 Themesgrove | 1 All-in-one Addons For Elementor | 2024-11-21 | 5.4 Medium |
| The “All-in-One Addons for Elementor – WidgetKit” WordPress Plugin before 2.3.10 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. | ||||
| CVE-2021-24266 | 1 Posimyth | 1 The Plus Addons For Elementor Page Builder Lite | 2024-11-21 | 5.4 Medium |
| The “The Plus Addons for Elementor Page Builder Lite” WordPress Plugin before 2.0.6 has four widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. | ||||
| CVE-2021-24265 | 1 Apollo13themes | 1 Rife Elementor Extensions \& Templates | 2024-11-21 | 5.4 Medium |
| The “Rife Elementor Extensions & Templates” WordPress Plugin before 1.1.6 has a widget that is vulnerable to stored Cross-Site Scripting(XSS) by lower-privileged users such as contributors, all via a similar method. | ||||
| CVE-2021-24264 | 1 Blocksera | 1 Image Hover Effects | 2024-11-21 | 5.4 Medium |
| The “Image Hover Effects – Elementor Addon” WordPress Plugin before 1.3.4 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. | ||||
| CVE-2021-24263 | 1 Ideabox | 1 Powerpack Addons For Elementor | 2024-11-21 | 5.4 Medium |
| The “Elementor Addons – PowerPack Addons for Elementor” WordPress Plugin before 2.3.2 for WordPress has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. | ||||
| CVE-2021-24262 | 1 Hasthemes | 1 Woolentor - Woocommerce Elementor Addons \+ Builder | 2024-11-21 | 5.4 Medium |
| The “WooLentor – WooCommerce Elementor Addons + Builder” WordPress Plugin before 1.8.6 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. | ||||