• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-79

CVE-2021-24525

February 23, 2023 by

The Shortcodes Ultimate WordPress plugin before 5.10.2 allows users with Contributor roles to perform stored XSS via shortcode attributes. Note: the plugin is inconsistent in its handling of shortcode attributes; some do escape, most don’t, and there are even some attributes that are insecure by design (like [su_button]’s onclick attribute).

CVE-2021-24526

February 23, 2023 by

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder WordPress plugin before 1.13.60 does not escape its Form Title before outputting it in an attribute when editing a form in the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue

CVE-2021-24528

February 23, 2023 by

The FluentSMTP WordPress plugin before 2.0.1 does not sanitize parameters before storing the settings in the database, nor does the plugin escape the values before outputting them when viewing the SMTP settings set by this plugin, leading to a stored cross site scripting (XSS) vulnerability. Only users with roles capable of managing plugins can modify the plugin’s settings.

CVE-2021-24529

February 23, 2023 by

The Grid Gallery – Photo Image Grid Gallery WordPress plugin before 1.2.5 does not properly sanitize the title field for image galleries when adding them via the admin dashboard, resulting in an authenticated Stored Cross-Site Scripting vulnerability.

CVE-2021-24530

February 23, 2023 by

The Alojapro Widget WordPress plugin through 1.1.15 doesn’t properly sanitise its Custom CSS settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

CVE-2021-24531

February 23, 2023 by

The Charitable – Donation Plugin WordPress plugin before 1.6.51 is affected by an authenticated stored cross-site scripting vulnerability which was found in the add donation feature.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 1596
  • Go to page 1597
  • Go to page 1598
  • Go to page 1599
  • Go to page 1600
  • Interim pages omitted …
  • Go to page 2216
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE