• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-79

CVE-2021-24487

February 23, 2023 by

The St-Daily-Tip WordPress plugin through 4.7 does not have any CSRF check in place when saving its ‘Default Text to Display if no tips’ setting, and was also lacking sanitisation as well as escaping before outputting it the page. This could allow attacker to make logged in administrators set a malicious payload in it, leading to a Stored Cross-Site Scripting issue

CVE-2021-24488

February 23, 2023 by

The slider import search feature and tab parameter of the Post Grid WordPress plugin before 2.1.8 settings are not properly sanitised before being output back in the pages, leading to Reflected Cross-Site Scripting issues

CVE-2021-24489

February 23, 2023 by

The Request a Quote WordPress plugin before 2.3.5 does not sanitise, validate or escape some of its settings in the admin dashboard, leading to authenticated Stored Cross-Site Scripting issues even when the unfiltered_html capability is disallowed.

CVE-2021-24494

February 23, 2023 by

The WP Offload SES Lite WordPress plugin before 1.4.5 did not escape some of the fields in the Activity page of the admin dashboard, such as the email’s id, subject and recipient, which could lead to Stored Cross-Site Scripting issues when an attacker can control any of these fields, like the subject when filling a contact form for example. The XSS will be executed in the context of a logged in admin viewing the Activity tab of the plugin.

CVE-2021-24495

February 23, 2023 by

The Marmoset Viewer WordPress plugin before 1.9.3 does not property sanitize, validate or escape the ‘id’ parameter before outputting back in the page, leading to a reflected Cross-Site Scripting issue.

CVE-2021-24496

February 23, 2023 by

The Community Events WordPress plugin before 1.4.8 does not sanitise, validate or escape its importrowscount and successimportcount GET parameters before outputting them back in an admin page, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 1601
  • Go to page 1602
  • Go to page 1603
  • Go to page 1604
  • Go to page 1605
  • Interim pages omitted …
  • Go to page 2216
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE