Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2024-11-21
CVE-2021-24195 - Before 1 Plugin
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Login as User or Customer (User Switching) WordPress plugin before 1.8, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.
PLUGIN
Before 1
CVE-2021-24195
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24291 - Before 1 Plugin
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin before 1.5.69 was vulnerable to Reflected Cross-Site Scripting (XSS) issues via the gallery_id, tag, album_id and _id GET parameters passed to the bwg_frontend_data AJAX action (available to both unauthenticated and authenticated users)
PLUGIN
Before 1
CVE-2021-24291
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24287 - Before 1 Plugin
The settings page of the Select All Categories and Taxonomies, Change Checkbox to Radio Buttons WordPress plugin before 1.3.2 did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue
PLUGIN
Before 1
CVE-2021-24287
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24286 - Before 1 Plugin
The settings page of the Redirect 404 to parent WordPress plugin before 1.3.1 did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue
PLUGIN
Before 1
CVE-2021-24286
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24277 - Before 1 Plugin
The RSS for Yandex Turbo WordPress plugin before 1.30 did not properly sanitise the user inputs from its Счетчики settings tab before outputting them back in the page, leading to authenticated stored Cross-Site Scripting issues
PLUGIN
Before 1
CVE-2021-24277
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24191 - Before 1 Plugin
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the WP Maintenance Mode & Site Under Construction WordPress plugin before 1.8.2, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.
PLUGIN
Before 1
CVE-2021-24191
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24190 - Before 1 Plugin
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the WooCommerce Conditional Marketing Mailer WordPress plugin before 1.5.2, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.
PLUGIN
Before 1
CVE-2021-24190
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24246 - Before 1 Plugin
The Workscout Core WordPress plugin before 1.3.4, used by the WorkScout Theme did not sanitise the chat messages sent via the workscout_send_message_chat AJAX action, leading to Stored Cross-Site Scripting and Cross-Frame Scripting issues
PLUGIN
Before 1
CVE-2021-24246
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24276 - Before 1 Plugin
The Contact Form by Supsystic WordPress plugin before 1.7.15 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue
PLUGIN
Before 1
CVE-2021-24276
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24275 - Before 1 Plugin
The Popup by Supsystic WordPress plugin before 1.10.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue
PLUGIN
Before 1
CVE-2021-24275
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24274 - Before 1 Plugin
The Ultimate Maps by Supsystic WordPress plugin before 1.2.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue
PLUGIN
Before 1
CVE-2021-24274
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24271 - Before 1 Plugin
The “Ultimate Addons for Elementor” WordPress Plugin before 1.30.0 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
PLUGIN
Before 1
CVE-2021-24271
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24270 - Before 1 Plugin
The “DeTheme Kit for Elementor” WordPress Plugin before 1.5.5.5 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
PLUGIN
Before 1
CVE-2021-24270
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24268 - Before 1 Plugin
The “JetWidgets For Elementor” WordPress Plugin before 1.0.9 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
PLUGIN
Before 1
CVE-2021-24268
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24265 - Before 1 Plugin
The “Rife Elementor Extensions & Templates” WordPress Plugin before 1.1.6 has a widget that is vulnerable to stored Cross-Site Scripting(XSS) by lower-privileged users such as contributors, all via a similar method.
PLUGIN
Before 1
CVE-2021-24265
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24264 - Before 1 Plugin
The “Image Hover Effects – Elementor Addon” WordPress Plugin before 1.3.4 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
PLUGIN
Before 1
CVE-2021-24264
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24262 - Before 1 Plugin
The “WooLentor – WooCommerce Elementor Addons + Builder” WordPress Plugin before 1.8.6 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
PLUGIN
Before 1
CVE-2021-24262
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24261 - Before 1 Plugin
The “HT Mega – Absolute Addons for Elementor Page Builder” WordPress Plugin before 1.5.7 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
PLUGIN
Before 1
CVE-2021-24261
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24259 - Before 1 Plugin
The “Elementor Addon Elements” WordPress Plugin before 1.11.2 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
PLUGIN
Before 1
CVE-2021-24259
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24272 - Before 1 Plugin
The fitness calculators WordPress plugin before 1.9.6 add calculators for Water intake, BMI calculator, protein Intake, and Body Fat and was lacking CSRF check, allowing attackers to make logged in users perform unwanted actions, such as change the calculator headers. Due to the lack of sanitisation, this could also lead to a Stored Cross-Site Scripting issue
PLUGIN
Before 1
CVE-2021-24272
Risk Score