• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-79

CVE-2021-24470

February 23, 2023 by

The Yada Wiki WordPress plugin before 3.4.1 did not sanitise, validate or escape the anchor attribute of its shortcode, leading to a Stored Cross-Site Scripting issue

CVE-2021-24471

February 23, 2023 by

The YouTube Embed WordPress plugin before 5.2.2 does not validate, escape or sanitise some of its shortcode attributes, leading to Stored XSS issues by 1. using w, h, controls, cc_lang, color, language, start, stop, or style parameter of youtube shortcode, 2. by using style, class, rel, target, width, height, or alt parameter of youtube_thumb shortcode, or 3. by embedding a video whose title or description contains XSS payload (if API key is configured).

CVE-2021-24474

February 23, 2023 by

The Awesome Weather Widget WordPress plugin through 3.0.2 does not sanitize the id parameter of its awesome_weather_refresh AJAX action, leading to an unauthenticated Reflected Cross-Site Scripting (XSS) Vulnerability.

CVE-2021-24476

February 23, 2023 by

The Steam Group Viewer WordPress plugin through 2.1 does not sanitise or escape its “Steam Group Address” settings before outputting it in the page, leading to an authenticated Stored Cross-Site Scripting issue

CVE-2021-24477

February 23, 2023 by

The Migrate Users WordPress plugin through 1.0.1 does not sanitise or escape its Delimiter option before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin does not have CSRF check in place when saving its options, allowing the issue to be exploited via a CSRF attack.

CVE-2021-24478

February 23, 2023 by

The Bookshelf WordPress plugin through 2.0.4 does not sanitise or escape its “Paypal email address” setting before outputting it in the page, leading to an authenticated Stored Cross-Site Scripting issue

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 1599
  • Go to page 1600
  • Go to page 1601
  • Go to page 1602
  • Go to page 1603
  • Interim pages omitted …
  • Go to page 2216
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE