Export limit exceeded: 367033 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 367033 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (367033 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-25062 | 1 Villatheme | 1 Orders Tracking For Woocommerce | 2024-11-21 | 6.1 Medium |
| The Orders Tracking for WooCommerce WordPress plugin before 1.1.10 does not sanitise and escape the file_url before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting | ||||
| CVE-2021-25061 | 1 Wpbookingsystem | 1 Wp Booking System | 2024-11-21 | 5.4 Medium |
| The WP Booking System WordPress plugin before 2.0.15 was affected by a reflected xss in wp-booking-system on the wpbs-calendars admin page. | ||||
| CVE-2021-25060 | 1 Fivestarplugins | 1 Five Star Business Profile And Schema | 2024-11-21 | 5.4 Medium |
| The Five Star Business Profile and Schema WordPress plugin before 2.1.7 does not have any authorisation and CSRF in its bpfwp_welcome_add_contact_page and bpfwp_welcome_set_contact_information AJAX action, allowing any authenticated users, such as subscribers, to call them. Furthermore, due to the lack of sanitisation, it also lead to Stored Cross-Site Scripting issues | ||||
| CVE-2021-25058 | 1 The Buffer Button Project | 1 The Buffer Button | 2024-11-21 | 5.4 Medium |
| The Buffer Button WordPress plugin through 1.0 was vulnerable to Authenticated Stored Cross Site Scripting (XSS) within the Twitter username to mention text field. | ||||
| CVE-2021-25057 | 1 Translationexchange | 1 Translation Exchange | 2024-11-21 | 5.4 Medium |
| The Translation Exchange WordPress plugin through 1.0.14 was vulnerable to Authenticated Stored Cross-Site Scripting (XSS) within the Project Key text field found in the plugin's settings. | ||||
| CVE-2021-25056 | 1 Ninjaforms | 1 Ninja Forms | 2024-11-21 | 4.8 Medium |
| The Ninja Forms Contact Form WordPress plugin before 3.6.10 does not sanitise and escape field labels, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | ||||
| CVE-2021-25055 | 1 Feedwordpress Project | 1 Feedwordpress | 2024-11-21 | 6.1 Medium |
| The FeedWordPress plugin before 2022.0123 is affected by a Reflected Cross-Site Scripting (XSS) within the "visibility" parameter. | ||||
| CVE-2021-25054 | 1 Wow-company | 1 Wpcalc | 2024-11-21 | 8.8 High |
| The WPcalc WordPress plugin through 2.1 does not sanitize user input into the 'did' parameter and uses it in a SQL statement, leading to an authenticated SQL Injection vulnerability. | ||||
| CVE-2021-25053 | 1 Wow-company | 1 Wp Coder | 2024-11-21 | 8.8 High |
| The WP Coder WordPress plugin before 2.5.2 within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with data:// or http:// protocols), thus leading to CSRF RCE. | ||||
| CVE-2021-25052 | 1 Wow-company | 1 Button Generator | 2024-11-21 | 8.8 High |
| The Button Generator WordPress plugin before 2.3.3 within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with data:// or http:// protocols), thus leading to CSRF RCE. | ||||
| CVE-2021-25051 | 1 Wow-company | 1 Modal Window | 2024-11-21 | 8.8 High |
| The Modal Window WordPress plugin before 5.2.2 within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with data:// or http:// protocols), thus leading to CSRF RCE. | ||||
| CVE-2021-25050 | 1 Wpchill | 1 Remove Footer Credit | 2024-11-21 | 4.8 Medium |
| The Remove Footer Credit WordPress plugin before 1.0.11 does properly sanitise its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed. | ||||
| CVE-2021-25049 | 1 Mobileeventsmanager | 1 Mobile Events Manager | 2024-11-21 | 4.8 Medium |
| The Mobile Events Manager WordPress plugin before 1.4.4 does not sanitise and escape various of its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | ||||
| CVE-2021-25048 | 1 King-theme | 1 Kingcomposer | 2024-11-21 | 5.4 Medium |
| The KingComposer WordPress plugin through 2.9.6 does not have authorisation, CSRF and sanitisation/escaping when creating profile, allowing any authenticated users to create arbitrary ones, with Cross-Site Scripting payloads in them | ||||
| CVE-2021-25047 | 1 10web | 1 10websocial | 2024-11-21 | 6.1 Medium |
| The 10Web Social Photo Feed WordPress plugin before 1.4.29 was affected by a reflected Cross-Site Scripting (XSS) vulnerability in the wdi_apply_changes admin page, allowing an attacker to perform such attack against any logged in users | ||||
| CVE-2021-25046 | 1 Webnus | 1 Modern Events Calendar Lite | 2024-11-21 | 5.4 Medium |
| The Modern Events Calendar Lite WordPress plugin before 6.2.0 alloed any logged-in user, even a subscriber user, may add a category whose parameters are incorrectly escaped in the admin panel, leading to stored XSS. | ||||
| CVE-2021-25045 | 1 Asgaros | 1 Asgaros Forum | 2024-11-21 | 7.2 High |
| The Asgaros Forum WordPress plugin before 1.15.15 does not validate or escape the forum_id parameter before using it in a SQL statement when editing a forum, leading to an SQL injection issue | ||||
| CVE-2021-25044 | 1 Premium-themes | 1 Cryptocurrency Pricing List And Ticker | 2024-11-21 | 6.1 Medium |
| The Cryptocurrency Pricing list and Ticker WordPress plugin through 1.5 does not sanitise and escape the ccpw_setpage parameter before outputting it back in pages where its shortcode is embed, leading to a Reflected Cross-Site Scripting issue | ||||
| CVE-2021-25043 | 1 Pluginus | 1 Woocommerce Currency Switcher | 2024-11-21 | 6.1 Medium |
| The WOOCS WordPress plugin before 1.3.7.3 does not sanitise and escape the custom_prices parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue | ||||
| CVE-2021-25041 | 1 10web | 1 Photo Gallery | 2024-11-21 | 6.1 Medium |
| The Photo Gallery by 10Web WordPress plugin before 1.5.68 is vulnerable to Reflected Cross-Site Scripting (XSS) issues via the bwg_album_breadcrumb_0 and shortcode_id GET parameters passed to the bwg_frontend_data AJAX action | ||||