Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2024-11-21
CVE-2021-24982 - Through 2 Plugin
The Child Theme Generator WordPress plugin through 2.2.7 does not sanitise escape the parade parameter before outputting it back, leading to a Reflected Cross-Site Scripting in the admin dashboard
PLUGIN
Through 2
CVE-2021-24982
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24996 - Through 2 Plugin
The IDPay for Contact Form 7 WordPress plugin through 2.1.2 does not sanitise and escape the idpay_error parameter before outputting it back in the page leading to a Reflected Cross-Site Scripting
PLUGIN
Through 2
CVE-2021-24996
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24995 - Through 2 Plugin
The HTML5 Responsive FAQ WordPress plugin through 2.8.5 does not properly sanitise and escape some of its settings, which could allow a high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed
PLUGIN
Through 2
CVE-2021-24995
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-25009 - Through 2 Plugin
The CorreosExpress WordPress plugin through 2.6.0 generates log files which are publicly accessible, and contain sensitive information such as sender/receiver names, phone numbers, physical and email addresses
PLUGIN
Through 2
CVE-2021-25009
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-4208 - Through 2 Plugin
The ExportFeed WordPress plugin through 2.0.1.0 does not sanitise and escape the product_id POST parameter before using it in a SQL statement, leading to a SQL injection vulnerability exploitable by high privilege users
PLUGIN
Through 2
CVE-2021-4208
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-25054 - Through 2 Plugin
The WPcalc WordPress plugin through 2.1 does not sanitize user input into the 'did' parameter and uses it in a SQL statement, leading to an authenticated SQL Injection vulnerability.
PLUGIN
Through 2
CVE-2021-25054
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24861 - Through 2 Plugin
The Quotes Collection WordPress plugin through 2.5.2 does not validate and escape the bulkcheck parameter before using it in a SQL statement, leading to a SQL injection
PLUGIN
Through 2
CVE-2021-24861
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24701 - Through 2 Plugin
The Quiz Tool Lite WordPress plugin through 2.3.15 does not sanitize multiple input fields used when creating or managing quizzes and in other setting options, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
PLUGIN
Through 2
CVE-2021-24701
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24544 - Through 2 Plugin
The Responsive WordPress Slider WordPress plugin through 2.2.0 does not sanitise and escape some of the Slider options, allowing Cross-Site Scripting payloads to be set in them. Furthermore, as by default any authenticated user is allowed to create Sliders (https://wordpress.org/support/topic/slider-can-be-changed-from-any-user-even-subscriber/, such settings can be changed in the plugin's settings), this would allow user with a role as low as subscriber to perform Cross-Site Scripting attacks against logged in admins viewing the slider list and could lead to privilege escalation by creating a rogue admin account for example.
PLUGIN
Through 2
CVE-2021-24544
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24516 - Through 2 Plugin
The PlanSo Forms WordPress plugin through 2.6.3 does not escape the title of its Form before outputting it in attributes, allowing high privilege users such as admin to set XSS payload in it, even when the unfiltered_html is disallowed, leading to an Authenticated Stored Cross-Site Scripting issue.
PLUGIN
Through 2
CVE-2021-24516
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24400 - Through 2 Plugin
The Edit Role functionality in the Display Users WordPress plugin through 2.0.0 had an `id` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.
PLUGIN
Through 2
CVE-2021-24400
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24491 - Through 2 Plugin
The Fileviewer WordPress plugin through 2.2 does not have CSRF checks in place when performing actions such as upload and delete files. As a result, attackers could make a logged in administrator delete and upload arbitrary files via a CSRF attack
PLUGIN
Through 2
CVE-2021-24491
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24549 - Through 2 Plugin
The AceIDE WordPress plugin through 2.6.2 does not sanitise or validate the user input which is appended to system paths before using it in various actions, such as to read arbitrary files from the server. This allows high privilege users such as administrator to access any file on the web server outside of the blog directory via a path traversal attack.
PLUGIN
Through 2
CVE-2021-24549
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24478 - Through 2 Plugin
The Bookshelf WordPress plugin through 2.0.4 does not sanitise or escape its "Paypal email address" setting before outputting it in the page, leading to an authenticated Stored Cross-Site Scripting issue
PLUGIN
Through 2
CVE-2021-24478
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24476 - Through 2 Plugin
The Steam Group Viewer WordPress plugin through 2.1 does not sanitise or escape its "Steam Group Address" settings before outputting it in the page, leading to an authenticated Stored Cross-Site Scripting issue
PLUGIN
Through 2
CVE-2021-24476
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24480 - Through 2 Plugin
The Event Geek WordPress plugin through 2.5.2 does not sanitise or escape its "Use your own " setting before outputting it in the page, leading to an authenticated (admin+) stored Cross-Site Scripting issue
PLUGIN
Through 2
CVE-2021-24480
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24482 - Through 2 Plugin
The Related Posts for WordPress plugin through 2.0.4 does not sanitise its heading_text and CSS settings, allowing high privilege users (admin) to set XSS payloads in them, leading to Stored Cross-Site Scripting issues.
PLUGIN
Through 2
CVE-2021-24482
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24345 - Through 2 Plugin
The page lists-management feature of the Sendit WP Newsletter WordPress plugin through 2.5.1, available to Administrator users does not sanitise, validate or escape the id_lista POST parameter before using it in SQL statement, therefore leading to Blind SQL Injection.
PLUGIN
Through 2
CVE-2021-24345
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24285 - Through 2 Plugin
The request_list_request AJAX call of the Car Seller - Auto Classifieds Script WordPress plugin through 2.1.0, available to both authenticated and unauthenticated users, does not sanitise, validate or escape the order_id POST parameter before using it in a SQL statement, leading to a SQL Injection issue.
PLUGIN
Through 2
CVE-2021-24285
Risk Score