Latest CVE Feed
-
9.8
CRITICALCVE-2021-36879
Unauthenticated Privilege Escalation vulnerability in WordPress uListing plugin (versions <= 2.0.5). Possible if WordPress configuration allows user registration.... Read more
Affected Products : ulisting- Published: Sep. 27, 2021
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2021-36878
Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for attackers to update settings.... Read more
Affected Products : ulisting- Published: Sep. 27, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-36877
Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for attackers to modify user roles.... Read more
Affected Products : ulisting- Published: Sep. 27, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-36876
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in WordPress uListing plugin (versions <= 2.0.5) as it lacks CSRF checks on plugin administration pages.... Read more
Affected Products : ulisting- Published: Sep. 27, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-36874
Authenticated Insecure Direct Object References (IDOR) vulnerability in WordPress uListing plugin (versions <= 2.0.5).... Read more
Affected Products : ulisting- Published: Sep. 27, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-36873
Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in WordPress iQ Block Country plugin (versions <= 1.2.11). Vulnerable parameter: &blockcountry_blockmessage.... Read more
Affected Products : iq_block_country- Published: Sep. 23, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-36872
Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in WordPress Popular Posts plugin (versions <= 5.3.3). Vulnerable at &widget-wpp[2][post_type].... Read more
Affected Products : wordpress_popular_posts- Published: Sep. 23, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-36871
Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in WordPress WP Google Maps Pro premium plugin (versions <= 8.1.11). Vulnerable parameters: &wpgmaps_marker_category_name, Value > &attributes[], Name > &attributes[], &icons[], ... Read more
Affected Products : wp_go_maps- Published: Sep. 09, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-36870
Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in WordPress WP Google Maps plugin (versions <= 8.1.12). Vulnerable parameters: &dataset_name, &wpgmza_gdpr_retention_purpose, &wpgmza_gdpr_company_name, &name #2, &name, &polyna... Read more
Affected Products : wp_go_maps- Published: Sep. 09, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-36869
Reflected Cross-Site Scripting (XSS) vulnerability in WordPress Ivory Search plugin (versions <= 4.6.6). Vulnerable parameter: &post.... Read more
Affected Products : ivory_search- Published: Oct. 21, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-36867
Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko's Psychological tests & quizzes plugin <= 0.21.19 on WordPress possible for users with contributor or higher user rights.... Read more
Affected Products : psychological_tests_\&_quizzes- Published: Apr. 26, 2022
- Modified: Nov. 21, 2024
-
4.8
MEDIUMCVE-2021-36866
Authenticated (author or higher role) Stored Cross-Site Scripting (XSS) vulnerability in Fatcat Apps Easy Pricing Tables plugin <= 3.1.2 at WordPress.... Read more
Affected Products : easy_pricing_tables- Published: Jun. 02, 2022
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-36864
Auth. (editor+) Reflected Cross-Site Scripting (XSS) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 on WordPress.... Read more
Affected Products : quiz_and_survey_master- Published: Oct. 28, 2022
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-36863
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 on WordPress.... Read more
Affected Products : quiz_and_survey_master- Published: Oct. 28, 2022
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-36861
Cross-Site Request Forgery (CSRF) vulnerability in Rich Reviews by Starfish plugin <= 1.9.14 at WordPress allows an attacker to delete reviews.... Read more
Affected Products : rich_review- Published: Aug. 05, 2022
- Modified: Nov. 21, 2024
-
4.8
MEDIUMCVE-2021-36858
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Themepoints Testimonials plugin <= 2.6 on WordPress.... Read more
Affected Products : testimonials- Published: Oct. 28, 2022
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-36857
Authenticated (editor+) Stored Cross-Site Scripting (XSS) vulnerability in wpshopmart Testimonial Builder plugin <= 1.6.1 at WordPress.... Read more
Affected Products : testimonial_builder- Published: Aug. 22, 2022
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-36855
Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in Booking Ultra Pro plugin <= 1.1.4 at WordPress.... Read more
Affected Products : booking_ultra_pro_appointments_booking_calendar- Published: Sep. 30, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-36854
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Booking Ultra Pro plugin <= 1.1.4 at WordPress.... Read more
Affected Products : booking_ultra_pro_appointments_booking_calendar- Published: Sep. 30, 2022
- Modified: Nov. 21, 2024
-
8.0
HIGHCVE-2021-36852
Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Hotel Booking plugin <= 1.10.5 at WordPress.... Read more
Affected Products : wp_hotel_booking- Published: Aug. 22, 2022
- Modified: Nov. 21, 2024