Latest CVE Feed
-
5.4
MEDIUMCVE-2021-24720
The GeoDirectory Business Directory WordPress plugin before 2.1.1.3 was vulnerable to Authenticated Stored Cross-Site Scripting (XSS).... Read more
Affected Products : geodirectory- EPSS Score: %0.40
- Published: Oct. 11, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-24719
The Enfold Enfold WordPress theme before 4.8.4 was vulnerable to Reflected Cross-Site Scripting (XSS). The vulnerability is present on Enfold versions previous than 4.8.4 which use Avia Page Builder.... Read more
Affected Products : enfold- EPSS Score: %0.72
- Published: Oct. 11, 2021
- Modified: Nov. 21, 2024
-
4.8
MEDIUMCVE-2021-24718
The Contact Form, Survey & Popup Form Plugin for WordPress plugin before 1.5 does not properly sanitize some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed... Read more
Affected Products : contact_form\,_survey_\&_popup_form_plugin_for_wordpress_-_arforms_form_builder- EPSS Score: %0.21
- Published: Dec. 06, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-24717
The AutomatorWP WordPress plugin before 1.7.6 does not perform capability checks which allows users with Subscriber roles to enumerate automations, disclose title of private posts or user emails, call functions, or perform privilege escalation via Ajax ac... Read more
Affected Products : automatorwp- EPSS Score: %0.24
- Published: Nov. 01, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-24716
The Modern Events Calendar Lite WordPress plugin before 5.22.3 does not properly sanitize or escape values set by users with access to adjust settings withing wp-admin.... Read more
Affected Products : modern_events_calendar_lite- EPSS Score: %0.18
- Published: Nov. 01, 2021
- Modified: Nov. 21, 2024
-
4.8
MEDIUMCVE-2021-24715
The WP Sitemap Page WordPress plugin before 1.7.0 does not properly sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.... Read more
Affected Products : wp_sitemap_page- EPSS Score: %0.22
- Published: Nov. 01, 2021
- Modified: Nov. 21, 2024
-
4.8
MEDIUMCVE-2021-24714
The Import any XML or CSV File to WordPress plugin before 3.6.3 does not escape the Import's Title and Unique Identifier fields before outputting them in admin pages, which could allow high privilege users to perform Cross-Site attacks even when the unfil... Read more
- EPSS Score: %0.21
- Published: Dec. 06, 2021
- Modified: Nov. 21, 2024
-
4.8
MEDIUMCVE-2021-24713
The Video Lessons Manager WordPress plugin before 1.7.2 and Video Lessons Manager Pro WordPress plugin before 3.5.9 do not properly sanitize and escape values when updating their settings, which could allow high privilege users to perform Cross-Site Scrip... Read more
- EPSS Score: %0.21
- Published: Nov. 23, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-24712
The Appointment Hour Booking WordPress plugin before 1.3.17 does not properly sanitize values used when creating new calendars.... Read more
Affected Products : appointment_hour_booking- EPSS Score: %0.26
- Published: Oct. 11, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-24711
The del_reistered_domains AJAX action of the Software License Manager WordPress plugin before 4.5.1 does not have any CSRF checks, and is vulnerable to a CSRF attack... Read more
Affected Products : software_license_manager- EPSS Score: %0.15
- Published: Oct. 11, 2021
- Modified: Nov. 21, 2024
-
4.8
MEDIUMCVE-2021-24710
The Print-O-Matic WordPress plugin before 2.0.3 does not escape some of its settings before outputting them in attribute, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed... Read more
Affected Products : print-o-matic- EPSS Score: %0.21
- Published: Nov. 08, 2021
- Modified: Nov. 21, 2024
-
4.8
MEDIUMCVE-2021-24709
The Weather Effect WordPress plugin before 1.3.6 does not properly validate and escape some of its settings (like *_size_leaf, *_flakes_leaf, *_speed) which could lead to Stored Cross-Site Scripting issues... Read more
Affected Products : weather_effect- EPSS Score: %0.28
- Published: Oct. 11, 2021
- Modified: Nov. 21, 2024
-
4.8
MEDIUMCVE-2021-24708
The Export any WordPress data to XML/CSV WordPress plugin before 1.3.1 does not escape its Export's Name before outputting it in Manage Exports settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilter... Read more
- EPSS Score: %0.21
- Published: Nov. 08, 2021
- Modified: Nov. 21, 2024
-
4.8
MEDIUMCVE-2021-24707
The Learning Courses WordPress plugin before 5.0 does not sanitise and escape the Email PDT identity token settings, which could allow high privilege users to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed... Read more
Affected Products : nd-learning- EPSS Score: %0.21
- Published: Feb. 01, 2022
- Modified: Nov. 21, 2024
-
4.8
MEDIUMCVE-2021-24706
The Qwizcards – online quizzes and flashcards WordPress plugin before 3.62 does not properly sanitize and escape some of its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disall... Read more
Affected Products : qwizcards- EPSS Score: %0.21
- Published: Nov. 08, 2021
- Modified: Nov. 21, 2024
-
4.8
MEDIUMCVE-2021-24705
The NEX-Forms WordPress plugin before 8.4.3 does not have CSRF checks in place when editing a form, and does not escape some of its settings as well as form fields before outputting them in attributes. This could allow attackers to make a logged in admin ... Read more
Affected Products : nex-forms- EPSS Score: %0.20
- Published: Dec. 13, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-24704
In the Orange Form WordPress plugin through 1.0, the process_bulk_action() function in "admin/orange-form-email.php" performs an unprepared SQL query with an unsanitized parameter ($id). Only admin can access the page that invokes the function, but becaus... Read more
Affected Products : orange-form- EPSS Score: %0.11
- Published: Feb. 28, 2022
- Modified: Nov. 21, 2024
-
5.7
MEDIUMCVE-2021-24703
The Download Plugin WordPress plugin before 1.6.1 does not have capability and CSRF checks in the dpwap_plugin_activate AJAX action, allowing any authenticated users, such as subscribers, to activate plugins that are already installed.... Read more
Affected Products : download_plugin- EPSS Score: %0.10
- Published: Nov. 23, 2021
- Modified: Nov. 21, 2024
-
4.8
MEDIUMCVE-2021-24702
The LearnPress WordPress plugin before 4.1.3.1 does not properly sanitize or escape various inputs within course settings, which could allow high privilege users to perform Cross-Site Scripting attacks when the unfiltred_html capability is disallowed... Read more
Affected Products : learnpress- EPSS Score: %0.21
- Published: Oct. 18, 2021
- Modified: Nov. 21, 2024
-
4.8
MEDIUMCVE-2021-24701
The Quiz Tool Lite WordPress plugin through 2.3.15 does not sanitize multiple input fields used when creating or managing quizzes and in other setting options, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_... Read more
Affected Products : quiz_tool_lite- EPSS Score: %0.21
- Published: Nov. 08, 2021
- Modified: Nov. 21, 2024