Latest CVE Feed
-
4.8
MEDIUMCVE-2021-36899
Authenticated (admin+) Reflected Cross-Site Scripting (XSS) vulnerability in Gabe Livan's Asset CleanUp: Page Speed Booster plugin <= 1.3.8.4 at WordPress.... Read more
Affected Products : _page_speed_booster_project- Published: Oct. 11, 2022
- Modified: Nov. 21, 2024
-
9.1
CRITICALCVE-2021-36898
Auth. SQL Injection (SQLi) vulnerability in Quiz And Survey Master plugin <= 7.3.4 on WordPress.... Read more
Affected Products : quiz_and_survey_master- Published: Oct. 28, 2022
- Modified: Nov. 21, 2024
-
4.8
MEDIUMCVE-2021-36896
Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Pricing Table (WordPress plugin) versions <= 1.5.2... Read more
Affected Products : pricing_table- Published: Apr. 11, 2022
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-36895
Unauthenticated Cross-Site Scripting (XSS) vulnerability in Tripetto's Tripetto plugin <= 5.1.4 on WordPress via SVG image upload.... Read more
Affected Products : tripetto- Published: Apr. 26, 2022
- Modified: Nov. 21, 2024
-
4.8
MEDIUMCVE-2021-36893
Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Responsive Tabs (WordPress plugin) <= 4.0.5... Read more
Affected Products : responsive_tabs- Published: Apr. 11, 2022
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-36891
Cross-Site Request Forgery (CSRF) vulnerability in Photo Gallery by Supsystic plugin <= 1.15.5 at WordPress allows changing the plugin settings.... Read more
Affected Products : photo_gallery- Published: Jun. 15, 2022
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2021-36890
Cross-Site Request Forgery (CSRF) vulnerability in Social Share Buttons by Supsystic plugin <= 2.2.2 at WordPress.... Read more
Affected Products : social_share_buttons- Published: Jun. 02, 2022
- Modified: Nov. 21, 2024
-
4.8
MEDIUMCVE-2021-36889
Multiple Stored Authenticated Cross-Site Scripting (XSS) vulnerabilities were discovered in tarteaucitron.js – Cookies legislation & GDPR WordPress plugin (versions <= 1.6).... Read more
Affected Products : tarteaucitron.js_-_cookies_legislation_\&_gdpr- Published: Dec. 20, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-36888
Unauthenticated Arbitrary Options Update vulnerability leading to full website compromise discovered in Image Hover Effects Ultimate (versions <= 9.6.1) WordPress plugin.... Read more
Affected Products : image_hover_effects- Published: Dec. 15, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-36887
Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) discovered in tarteaucitron.js – Cookies legislation & GDPR WordPress plugin (versions <= 1.5.4), vulnerable parameters "tarteaucitronEmail" and "tarteaucitronPass".... Read more
Affected Products : tarteaucitron.js_-_cookies_legislation_\&_gdpr- Published: Dec. 20, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-36886
Cross-Site Request Forgery (CSRF) vulnerability discovered in Contact Form 7 Database Addon – CFDB7 WordPress plugin (versions <= 1.2.5.9).... Read more
Affected Products : contact_form_7_database_addon- Published: Dec. 22, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-36885
Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in Contact Form 7 Database Addon – CFDB7 WordPress plugin (versions <= 1.2.6.1).... Read more
Affected Products : contact_form_7_database_addon- Published: Dec. 22, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-36884
Authenticated Persistent Cross-Site Scripting (XSS) vulnerability discovered in WordPress Backup Migration plugin <= 1.1.5 versions.... Read more
Affected Products : backup_migration- Published: Nov. 19, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-36880
Unauthenticated SQL Injection (SQLi) vulnerability in WordPress uListing plugin (versions <= 2.0.3), vulnerable parameter: custom.... Read more
Affected Products : ulisting- Published: Sep. 27, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-36879
Unauthenticated Privilege Escalation vulnerability in WordPress uListing plugin (versions <= 2.0.5). Possible if WordPress configuration allows user registration.... Read more
Affected Products : ulisting- Published: Sep. 27, 2021
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2021-36878
Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for attackers to update settings.... Read more
Affected Products : ulisting- Published: Sep. 27, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-36877
Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for attackers to modify user roles.... Read more
Affected Products : ulisting- Published: Sep. 27, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-36876
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in WordPress uListing plugin (versions <= 2.0.5) as it lacks CSRF checks on plugin administration pages.... Read more
Affected Products : ulisting- Published: Sep. 27, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-36874
Authenticated Insecure Direct Object References (IDOR) vulnerability in WordPress uListing plugin (versions <= 2.0.5).... Read more
Affected Products : ulisting- Published: Sep. 27, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-36873
Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in WordPress iQ Block Country plugin (versions <= 1.2.11). Vulnerable parameter: &blockcountry_blockmessage.... Read more
Affected Products : iq_block_country- Published: Sep. 23, 2021
- Modified: Nov. 21, 2024