• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-79

CVE-2021-24796

February 23, 2023 by

The My Tickets WordPress plugin before 1.8.31 does not properly sanitise and escape the Email field of booked tickets before outputting it in the Payment admin dashboard, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins

CVE-2021-24797

February 23, 2023 by

The Tickera WordPress plugin before 3.4.8.3 does not properly sanitise and escape the Name fields of booked Events before outputting them in the Orders admin dashboard, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins.

CVE-2021-24798

February 23, 2023 by

The WP Header Images WordPress plugin before 2.0.1 does not sanitise and escape the t parameter before outputting it back in the plugin’s settings page, leading to a Reflected Cross-Site Scripting issue

CVE-2021-24801

February 23, 2023 by

The WP Survey Plus WordPress plugin through 1.0 does not have any authorisation and CSRF checks in place in its AJAX actions, allowing any user to call them and add/edit/delete Surveys. Furthermore, due to the lack of sanitization in the Surveys’ Title, this could also lead to Stored Cross-Site Scripting issues

CVE-2021-24807

February 23, 2023 by

The Support Board WordPress plugin before 3.3.5 allows Authenticated (Agent+) users to perform Cross-Site Scripting attacks by placing a payload in the notes field, when an administrator or any authenticated user go to the chat the XSS will be automatically executed.

CVE-2021-24808

February 23, 2023 by

The BP Better Messages WordPress plugin before 1.9.9.41 sanitise (with sanitize_text_field) but does not escape the ‘subject’ parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 1567
  • Go to page 1568
  • Go to page 1569
  • Go to page 1570
  • Go to page 1571
  • Interim pages omitted …
  • Go to page 2216
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE