CVE-2021-24xxx

There are 960 CVE in this subgroup.
Last updated: 
← Back to 2021
ID Summary Flags Max Score
CVE-2021-24000 A race condition with requestPointerLock() and setTimeout() could have resulted in a user interactin...
CVE-2021-24001 A compromised content process could have performed session history manipulations it should not have ...
CVE-2021-24002 When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines ...
CVE-2021-24005 Usage of hard-coded cryptographic keys to encrypt configuration files and debug logs in FortiAuthent...
CVE-2021-24006 An improper access control vulnerability in FortiManager versions 6.4.0 to 6.4.3 may allow an authen...
CVE-2021-24007 Multiple improper neutralization of special elements of SQL commands vulnerabilities in FortiMail be...
CVE-2021-24008 An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497...
S
CVE-2021-24009 Multiple improper neutralization of special elements used in an OS command vulnerabilities (CWE-78) ...
S
CVE-2021-24010 Improper limitation of a pathname to a restricted directory vulnerabilities in FortiSandbox 3.2.0 th...
CVE-2021-24011 A privilege escalation vulnerability in FortiNAC version below 8.8.2 may allow an admin user to esca...
CVE-2021-24012 An improper following of a certificate's chain of trust vulnerability in FortiGate versions 6.4.0 to...
CVE-2021-24013 Multiple Path traversal vulnerabilities in the Webmail of FortiMail before 6.4.4 may allow a regular...
CVE-2021-24014 Multiple instances of improper neutralization of input during web page generation vulnerabilities in...
CVE-2021-24015 An improper neutralization of special elements used in an OS Command vulnerability in the administra...
CVE-2021-24016 An improper neutralization of formula elements in a csv file in Fortinet FortiManager version 6.4.3 ...
CVE-2021-24017 An improper authentication in Fortinet FortiManager version 6.4.3 and below, 6.2.6 and below allows ...
CVE-2021-24018 A buffer underwrite vulnerability in the firmware verification routine of FortiOS before 7.0.1 may a...
CVE-2021-24019 An insufficient session expiration vulnerability [CWE- 613] in FortiClientEMS versions 6.4.2 and bel...
CVE-2021-24020 A missing cryptographic step in the implementation of the hash digest algorithm in FortiMail 6.4.0 t...
CVE-2021-24021 An improper neutralization of input vulnerability [CWE-79] in FortiAnalyzer versions 6.4.3 and below...
CVE-2021-24022 A buffer overflow vulnerability in FortiAnalyzer CLI 6.4.5 and below, 6.2.7 and below, 6.0.x and For...
CVE-2021-24023 An improper input validation in FortiAI v1.4.0 and earlier may allow an authenticated user to gain s...
CVE-2021-24024 A clear text storage of sensitive information into log file vulnerability in FortiADCManager 5.3.0 a...
CVE-2021-24025 Due to incorrect string size calculations inside the preg_quote function, a large input string passe...
S
CVE-2021-24026 A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android...
CVE-2021-24027 A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Andro...
CVE-2021-24028 An invalid free in Thrift's table-based serialization can cause the application to crash or potentia...
S
CVE-2021-24029 A packet of death scenario is possible in mvfst via a specially crafted message during a QUIC sessio...
S
CVE-2021-24030 The fbgames protocol handler registered as part of Facebook Gameroom does not properly quote argumen...
CVE-2021-24031 In the Zstandard command-line utility prior to v1.4.1, output files were created with default permis...
E
CVE-2021-24032 Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard ...
S
CVE-2021-24033 react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is c...
E S
CVE-2021-24035 A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and W...
CVE-2021-24036 Passing an attacker controlled size when creating an IOBuf could cause integer overflow, leading to ...
S
CVE-2021-24037 A use after free in hermes, while emitting certain error messages, prior to commit d86e185e485b63302...
S
CVE-2021-24038 Due to a bug with management of handles in OVRServiceLauncher.exe, an attacker could expose a privil...
CVE-2021-24040 Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML c...
E S
CVE-2021-24041 A missing bounds check in image blurring code prior to WhatsApp for Android v2.21.22.7 and WhatsApp ...
CVE-2021-24042 The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp Business for Android prior to...
CVE-2021-24043 A missing bound check in RTCP flag parsing code prior to WhatsApp for Android v2.21.23.2, WhatsApp B...
CVE-2021-24044 By passing invalid javascript code where await and yield were called upon non-async and non-generato...
CVE-2021-24045 A type confusion vulnerability could be triggered when resolving the "typeof" unary operator in Face...
S
CVE-2021-24046 A logic flaw in Ray-Ban® Stories device software allowed some parameters like video capture duration...
CVE-2021-24066 Microsoft SharePoint Remote Code Execution Vulnerability
S
CVE-2021-24067 Microsoft Excel Remote Code Execution Vulnerability
S
CVE-2021-24068 Microsoft Excel Remote Code Execution Vulnerability
S
CVE-2021-24069 Microsoft Excel Remote Code Execution Vulnerability
S
CVE-2021-24070 Microsoft Excel Remote Code Execution Vulnerability
S
CVE-2021-24071 Microsoft SharePoint Information Disclosure Vulnerability
S
CVE-2021-24072 Microsoft SharePoint Server Remote Code Execution Vulnerability
S
CVE-2021-24073 Skype for Business and Lync Spoofing Vulnerability
S
CVE-2021-24074 Windows TCP/IP Remote Code Execution Vulnerability
S
CVE-2021-24075 Microsoft Windows VMSwitch Denial of Service Vulnerability
S
CVE-2021-24076 Microsoft Windows VMSwitch Information Disclosure Vulnerability
S
CVE-2021-24077 Windows Fax Service Remote Code Execution Vulnerability
S
CVE-2021-24078 Windows DNS Server Remote Code Execution Vulnerability
S
CVE-2021-24079 Windows Backup Engine Information Disclosure Vulnerability
S
CVE-2021-24080 Windows Trust Verification API Denial of Service Vulnerability
S
CVE-2021-24081 Microsoft Windows Codecs Library Remote Code Execution Vulnerability
S
CVE-2021-24082 Microsoft.PowerShell.Utility Module WDAC Security Feature Bypass Vulnerability
S
CVE-2021-24083 Windows Address Book Remote Code Execution Vulnerability
S
CVE-2021-24084 Windows Mobile Device Management Information Disclosure Vulnerability
S
CVE-2021-24085 Microsoft Exchange Server Spoofing Vulnerability
S
CVE-2021-24086 Windows TCP/IP Denial of Service Vulnerability
S
CVE-2021-24087 Azure IoT CLI extension Elevation of Privilege Vulnerability
S
CVE-2021-24088 Windows Local Spooler Remote Code Execution Vulnerability
S
CVE-2021-24089 HEVC Video Extensions Remote Code Execution Vulnerability
S
CVE-2021-24090 Windows Error Reporting Elevation of Privilege Vulnerability
S
CVE-2021-24091 Windows Camera Codec Pack Remote Code Execution Vulnerability
E S
CVE-2021-24092 Microsoft Defender Elevation of Privilege Vulnerability
S
CVE-2021-24093 Windows Graphics Component Remote Code Execution Vulnerability
S
CVE-2021-24094 Windows TCP/IP Remote Code Execution Vulnerability
S
CVE-2021-24095 DirectX Elevation of Privilege Vulnerability
S
CVE-2021-24096 Windows Kernel Elevation of Privilege Vulnerability
S
CVE-2021-24098 Windows Console Driver Denial of Service Vulnerability
S
CVE-2021-24099 Skype for Business and Lync Denial of Service Vulnerability
S
CVE-2021-24100 Microsoft Edge for Android Information Disclosure Vulnerability
S
CVE-2021-24101 Microsoft Dataverse Information Disclosure Vulnerability
S
CVE-2021-24102 Windows Event Tracing Elevation of Privilege Vulnerability
S
CVE-2021-24103 Windows Event Tracing Elevation of Privilege Vulnerability
S
CVE-2021-24104 Microsoft SharePoint Server Spoofing Vulnerability
S
CVE-2021-24105 Package Managers Configurations Remote Code Execution Vulnerability
S
CVE-2021-24106 Windows DirectX Information Disclosure Vulnerability
S
CVE-2021-24107 Windows Event Tracing Information Disclosure Vulnerability
S
CVE-2021-24108 Microsoft Office Remote Code Execution Vulnerability
S
CVE-2021-24109 Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability
S
CVE-2021-24110 HEVC Video Extensions Remote Code Execution Vulnerability
S
CVE-2021-24111 .NET Framework Denial of Service Vulnerability
S
CVE-2021-24112 .NET Core Remote Code Execution Vulnerability
S
CVE-2021-24113 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
S
CVE-2021-24114 Microsoft Teams iOS Information Disclosure Vulnerability
S
CVE-2021-24115 In Botan before 2.17.3, constant-time computations are not used for certain decoding and encoding op...
S
CVE-2021-24116 In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system-lev...
CVE-2021-24117 In Apache Teaclave Rust SGX SDK 1.1.3, a side-channel vulnerability in base64 PEM file decoding allo...
S
CVE-2021-24119 In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows...
CVE-2021-24122 Apache Tomcat information disclosure
CVE-2021-24123 PowerPress < 8.3.8 - Authenticated Arbitrary File Upload leading to RCE
E
CVE-2021-24124 WP Shieldon 1.6.3 - Unauthenticated Cross-Site Scripting (XSS)
E
CVE-2021-24125 Contact Form Submissions < 1.7.1 - Authenticated SQL Injection
E
CVE-2021-24126 Envira Gallery Lite < 1.8.3.3 - Authenticated Stored Cross-Site Scripting
E
CVE-2021-24127 ThirstyAffiliates < 3.9.3 - Authenticated Stored XSS
E
CVE-2021-24128 Team Members < 5.0.4 - Authenticated Stored Cross-Site Scripting (XSS)
E
CVE-2021-24129 Themify Portfolio Post < 1.1.6 - Authenticated Stored Cross-Site Scripting
E
CVE-2021-24130 WP Google Map Plugin < 4.1.5 - Authenticated SQL Injection
E
CVE-2021-24131 Anti-Spam by CleanTalk < 5.149 - Multiple Authenticated SQL Injections
E
CVE-2021-24132 Slider by 10Web < 1.2.36 - Multiple Authenticated SQL Injection
E
CVE-2021-24133 ActiveCampaign < 8.0.2 - Cross-Site Request Forgery in Settings
E
CVE-2021-24134 Constant Contact Forms < 1.8.8 - Multiple Authenticated Stored XSS
E
CVE-2021-24135 WP Customer Reviews < 3.4.3 - Multiple Unauthenticated and Low Priv Authenticated Stored XSS
E
CVE-2021-24136 Testimonials Widget < 4.0.0 - Multiple Authenticated Stored XSS
E
CVE-2021-24137 Blog2Social: Social Media Auto Post & Scheduler < 6.3.1 - Authenticated SQL Injection
E
CVE-2021-24138 AdRotate < 5.8.4 - Authenticated SQL Injection
E
CVE-2021-24139 Photo Gallery by 10Web < 1.5.55 - Unauthenticated SQL Injection
CVE-2021-24140 Ajax Load More < 5.3.2 - Authenticated SQL Injection
CVE-2021-24141 Advanced Database Cleaner < 3.0.2 - Authenticated SQL injection
CVE-2021-24142 301 Redirects - Easy Redirect Manager < 2.51 - Authenticated SQL Injection
CVE-2021-24143 AccessPress Social Icons < 1.8.1 - Authenticated SQL Injection
CVE-2021-24144 Contact Form 7 Database Addon < 1.2.5.6 - CSV Injection
CVE-2021-24145 Modern Events Calendar Lite < 5.16.5 - Authenticated Arbitrary File Upload leading to RCE
E
CVE-2021-24146 Modern Events Calendar Lite < 5.16.5 - Unauthenticated Events Export
E
CVE-2021-24147 Modern Events Calendar Lite < 5.16.5 - Authenticated Stored Cross-Site Scripting (XSS)
E
CVE-2021-24148 MStore API < 3.2.0 - Authentication Bypass With Sign In With Apple
CVE-2021-24149 Modern Events Calendar Lite < 5.16.6 - Authenticated SQL Injection
E
CVE-2021-24150 Like Button Rating < 2.6.32 - Unauthenticated Full-Read SSRF
CVE-2021-24151 WP Editor < 1.2.7 - Authenticated SQL injection
E
CVE-2021-24152 Popup Builder < 3.74 - Authenticated Reflected Cross-Site Scripting (XSS)
CVE-2021-24153 Yoast SEO < 3.4.1 - Authenticated Stored Cross-Site Scripting (XSS)
E
CVE-2021-24154 Theme Editor < 2.6 - Authenticated Arbitrary File Download
CVE-2021-24155 Backup Guard < 1.6.0 - Authenticated Arbitrary File Upload
E
CVE-2021-24156 Testimonial Rotator <= 3.0.3 - Authenticated Stored Cross-Site Scripting
E
CVE-2021-24157 Orbit Fox by ThemeIsle < 2.10.3 - Authenticated Stored Cross Site Scripting
E
CVE-2021-24158 Orbit Fox by ThemeIsle < 2.10.3 - Authenticated Privilege Escalation
E
CVE-2021-24159 Contact Form 7 Style <= 3.1.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting
CVE-2021-24160 Responsive Menu 4.0.0 - 4.0.3 - Authenticated Arbitrary File Upload
E
CVE-2021-24161 Responsive Menu < 4.0.4 - CSRF to Arbitrary File Upload
E
CVE-2021-24162 Responsive Menu < 4.0.4 - CSRF to Settings Update
E
CVE-2021-24163 Ninja Forms < 3.4.34 - Authenticated SendWP Plugin Installation and Client Secret Key Disclosure
E
CVE-2021-24164 Ninja Forms < 3.4.34.1 - Authenticated OAuth Connection Key Disclosure
E
CVE-2021-24165 Ninja Forms < 3.4.34 - Administrator Open Redirect
E
CVE-2021-24166 Ninja Forms < 3.4.34 - CSRF to OAuth Service Disconnection
E
CVE-2021-24167 Web-Stat < 1.4.1 - API Key Disclosure
CVE-2021-24168 Easy Contact Form Pro < 1.1.1.9 - Authenticated Stored Cross-Site Scripting (XSS)
E
CVE-2021-24169 Advanced Order Export For WooCommerce < 3.1.8 - Reflected Cross-Site Scripting (XSS)
E
CVE-2021-24170 User Profile Picture < 2.5.0 - Sensitive Information Disclosure
E
CVE-2021-24171 WooCommerce Upload Files < 59.4 - Unauthenticated Arbitrary File Upload
CVE-2021-24172 VM Backups <= 1.0 - CSRF to Database Backup Download
CVE-2021-24173 VM Backups <= 1.0 - CSRF to Stored Cross-Site Scripting (XSS)
CVE-2021-24174 Database Backups <= 1.2.2.6 - CSRF to Backup Download
E
CVE-2021-24175 The Plus Addons for Elementor Page Builder < 4.1.7 - Authentication Bypass
E
CVE-2021-24176 JH 404 Logger <= 1.1 - Unauthenticated Stored Cross-Site Scripting (XSS)
E
CVE-2021-24177 WP File Manager < 7.1 - Reflected Cross-Site Scripting (XSS)
E S
CVE-2021-24178 Business Directory Plugin < 5.11.1 - Arbitrary Add/Edit/Delete Form Field to Stored XSS
E
CVE-2021-24179 Business Directory Plugin < 5.11 - Arbitrary File Upload to RCE
E
CVE-2021-24180 Related Posts for WordPress < 2.0.4 - Authenticated Reflected Cross-Site Scripting (XSS)
E
CVE-2021-24181 Tutor LMS < 1.7.7 - SQL Injection via tutor_mark_answer_as_correct
E
CVE-2021-24182 Tutor LMS < 1.8.3 - SQL Injection via tutor_quiz_builder_get_answers_by_question
E
CVE-2021-24183 Tutor LMS < 1.8.3 - SQL Injection via tutor_quiz_builder_get_question_form
E
CVE-2021-24184 Tutor LMS < 1.7.7 - Unprotected AJAX including Privilege Escalation
E
CVE-2021-24185 Tutor LMS < 1.7.7 - SQL Injection via tutor_place_rating
E
CVE-2021-24186 Tutor LMS < 1.8.3 - SQL Injection via tutor_answering_quiz_question/get_answer_by_id
E
CVE-2021-24187 SEO Redirection < 6.4 - Authenticated Reflected Cross-Site Scripting (XSS)
E
CVE-2021-24188 WP Content Copy Protection & No Right Click < 3.1.5 - Arbitrary Plugin Installation/Activation via Low Privilege User
E S
CVE-2021-24189 Captchinoo, Google recaptcha for admin login page < 2.4 - Arbitrary Plugin Installation/Activation via Low Privilege User
E S
CVE-2021-24190 WooCommerce Conditional Marketing Mailer < 1.5.2 - Arbitrary Plugin Installation/Activation via Low Privilege User
E S
CVE-2021-24191 WP Maintenance Mode & Site Under Construction < 1.8.2 - Arbitrary Plugin Installation/Activation via Low Privilege User
E
CVE-2021-24192 Tree Sitemap < 2.9 - Arbitrary Plugin Installation/Activation via Low Privilege User
E S
CVE-2021-24193 Visitor Traffic Real Time Statistics < 2.12 - Arbitrary Plugin Installation/Activation via Low Privilege User
E S
CVE-2021-24194 Login Protection - Limit Failed Login Attempts < 2.9 - Arbitrary Plugin Installation/Activation via Low Privilege User
E S
CVE-2021-24195 Login as User or Customer (User Switching) < 1.9 - Arbitrary Plugin Installation/Activation via Low Privilege User
E S
CVE-2021-24196 Social Slider Widget < 1.8.5 - Authenticated Reflected Cross-Site Scripting (XSS)
E
CVE-2021-24197 wpDataTables < 3.4.2 - Improper Access Control leading to Table Permission Takeover
CVE-2021-24198 wpDataTables < 3.4.2 - Improper Access Control leading to Table Data Deletion
CVE-2021-24199 wpDataTables < 3.4.2 - Blind SQL Injection via start Parameter
CVE-2021-24200 wpDataTables < 3.4.2 - Blind SQL Injection via length Parameter
CVE-2021-24201 Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Column Element
E
CVE-2021-24202 Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Heading Widget
E
CVE-2021-24203 Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Divider Widget
E
CVE-2021-24204 Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Accordion Widget
E
CVE-2021-24205 Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Icon Box Widget
E
CVE-2021-24206 Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Image Box Widget
E
CVE-2021-24207 WP Page Builder < 1.2.4 - Insecure default configuration Allows Subscribers Editing Access to Posts
E
CVE-2021-24208 WP Page Builder < 1.2.4 - Multiple Stored Cross-Site scripting (XSS)
E S
CVE-2021-24209 WP Super Cache < 1.7.2 - Authenticated Remote Code Execution (RCE)
E S
CVE-2021-24210 PhastPress < 1.111 - Open Redirect
E S
CVE-2021-24211 WordPress Related Posts <= 3.6.4 - Authenticated Stored Cross-Site Scripting (XSS)
E
CVE-2021-24212 WooCommerce Help Scout < 2.9.1 - Unauthenticated Arbitrary File Upload leading to RCE
E
CVE-2021-24213 GiveWP < 2.10.0 - Reflected Cross Site Scripting (XSS)
E
CVE-2021-24214 OpenID Connect Generic Client 3.8.0-3.8.1 - Reflected Cross Site Scripting (XSS) via Login Error
E
CVE-2021-24215 Controlled Admin Access < 1.5.2 - Improper Access Control & Privilege Escalation
E
CVE-2021-24216 All-in-One WP Migration < 7.41 - Admin+ Arbitrary File Upload to RCE
E S
CVE-2021-24217 Facebook for WordPress < 3.0.0 - PHP Object Injection with POP Chain
E
CVE-2021-24218 Facebook for WordPress 3.0.0-3.0.3 - CSRF to Stored XSS and Settings Deletion
E
CVE-2021-24219 All Thrive Themes and Plugins - Unauthenticated Option Update
E
CVE-2021-24220 All Thrive Themes Legacy Themes < 2.0.0 - Unauthenticated Arbitrary File Upload and Option Deletion
E
CVE-2021-24221 Quiz And Survey Master < 7.1.12 - Authenticated SQL injection via shortcode
E S
CVE-2021-24222 WP-Curricul Vitea Free <= 6.3 - Unauthenticated Arbitrary File Upload to RCE
E
CVE-2021-24223 N5 Upload Form <= 1.0 - Unauthenticated Arbitrary File Upload to RCE
E
CVE-2021-24224 Easy Form Builder <= 1.0 - Authenticated Arbitrary File Upload
E
CVE-2021-24225 Advanced Booking Calendar < 1.6.7 - Authenticated Reflected Cross-Site Scripting (XSS)
E S
CVE-2021-24226 AccessAlly < 3.5.7 - $_SERVER Superglobal Leakage
E
CVE-2021-24227 Patreon WordPress < 1.7.0 - Unauthenticated Local File Disclosure
E
CVE-2021-24228 Patreon WordPress < 1.7.2 - Reflected XSS on Login Form
E
CVE-2021-24229 Patreon WordPress < 1.7.2 - Reflected XSS on patreon_save_attachment_patreon_level AJAX action
E
CVE-2021-24230 Patreon WordPress < 1.7.0 - CSRF to Overwrite/Create User Meta
E
CVE-2021-24231 Patreon WordPress < 1.7.0 - CSRF to Disconnect Sites From Patreon
E
CVE-2021-24232 Advanced Booking Calendar < 1.6.8 - Authenticated Reflected Cross-Site Scripting (XSS)
E
CVE-2021-24233 Cooked Pro < 1.7.5.6 - Unauthenticated Reflected Cross Site Scripting (XSS)
E
CVE-2021-24234 Ivory Search < 4.6.1 - Reflected Cross Site Scripting (XSS)
E
CVE-2021-24235 Goto - Tour & Travel < 2.0 - Unauthenticated Reflected XSS
E
CVE-2021-24236 Imagements <= 1.2.5 - Unauthenticated Arbitrary File Upload to RCE
E
CVE-2021-24237 Realteo < 1.2.4 - Unauthenticated Reflected Cross-Site Scripting (XSS)
E
CVE-2021-24238 Realteo < 1.2.4 - Arbitrary Property Deletion via IDOR
E
CVE-2021-24239 Pie Register < 3.7.0.1 - Reflected Cross-Site Scripting (XSS)
E S
CVE-2021-24240 Business Hours Pro <= 5.5.0 - Unauthenticated Arbitrary File Upload to RCE
CVE-2021-24241 Advanced Custom Field Pro < 5.9.1 - Reflected Cross-Site Scripting (XSS)
E
CVE-2021-24242 Tutor LMS < 1.8.8 - Authenticated Local File Inclusion
E
CVE-2021-24243 WPBakery Page Builder Clipboard < 4.5.6 - Subscriber+ Stored Cross-Site Scripting (XSS)
E
CVE-2021-24244 WPBakery Page Builder Clipboard < 4.5.8 - Unauthorised Arbitrary License Options Update
E
CVE-2021-24245 Stop Spammers < 2021.9 - Reflected Cross-Site Scripting (XSS)
E
CVE-2021-24246 WorkScout Core < 1.3.4 - Authenticated Stored XSS & XFS
E
CVE-2021-24247 Contact Form Check Tester <= 1.0.2 - Broken Access Control to Cross-Site Scripting (XSS)
E
CVE-2021-24248 Business Directory Plugin < 5.11.1 - Authenticated PHP4 Upload to RCE
E
CVE-2021-24249 Business Directory Plugin < 5.11.2 - Arbitrary Listing Export
E
CVE-2021-24250 Business Directory Plugin < 5.11.2 - Authenticated Stored Cross-Site Scripting
E
CVE-2021-24251 Business Directory Plugin < 5.11.2 - Arbitrary Payment History Update
E
CVE-2021-24252 Event Banner <= 1.3 - Arbitrary File Upload to RCE
E
CVE-2021-24253 Classyfrieds <= 3.8 - Authenticated Arbitrary File Upload to RCE
E
CVE-2021-24254 College Publisher Import <= 0.1 - Arbitrary File Upload to RCE
E
CVE-2021-24255 Essential Addons for Elementor < 4.5.4 - Contributor+ Stored Cross-Site Scripting (XSS)
CVE-2021-24256 Elementor - Header, Footer & Blocks Template < 1.5.8 - Contributor+ Stored XSS
CVE-2021-24257 Premium Addons for Elementor < 4.2.8 - Contributor+ Stored Cross-Site Scripting (XSS)
CVE-2021-24258 ElementsKit and ElementsKit Pro < 2.2.0 - Contributor+ Stored XSS
CVE-2021-24259 Elementor Addon Elements < 1.11.2 - Contributor+ Stored XSS
CVE-2021-24260 Livemesh Addons for Elementor < 6.8 - Contributor+ Stored XSS
E
CVE-2021-24261 HT Mega - Absolute Addons for Elementor Page Builder < 1.5.7 - Contributor+ Stored XSS
E
CVE-2021-24262 WooLentor - WooCommerce Elementor Addons + Builder < 1.8.6 - Contributor+ Stored XSS
CVE-2021-24263 PowerPack Addons for Elementor < 2.3.2 - Contributor+ Stored XSS
E
CVE-2021-24264 Image Hover Effects - Elementor Addon < 1.3.4 - Contributor+ Stored XSS
CVE-2021-24265 Rife Elementor Extensions & Templates < 1.1.6 - Contributor+ Stored XSS
CVE-2021-24266 The Plus Addons for Elementor Page Builder Lite < 2.0.6 - Contributor+ Stored XSS
CVE-2021-24267 All-in-One Addons for Elementor - WidgetKit < 2.3.10 - Contributor+ Stored XSS
E
CVE-2021-24268 JetWidgets For Elementor < 1.0.9 - Contributor+ Stored XSS
CVE-2021-24269 Sina Extension for Elementor < 3.3.12 - Contributor+ Stored XSS
CVE-2021-24270 DethemeKit For Elementor < 1.5.5.5 - Contributor+ Stored XSS
CVE-2021-24271 Ultimate Addons for Elementor < 1.30.0 - Contributor+ Stored XSS
CVE-2021-24272 Fitness Calculators < 1.9.6 - Cross-Site Request Forgery to Cross-Site Scripting (XSS)
E
CVE-2021-24273 Clever Addons for Elementor < 2.1.0 - Contributor+ Stored XSS
CVE-2021-24274 Ultimate Maps by Supsystic < 1.2.5 - Reflected Cross-Site scripting (XSS)
E
CVE-2021-24275 Popup by Supsystic < 1.10.5 - Reflected Cross-Site scripting (XSS)
E
CVE-2021-24276 Contact Form by Supsystic < 1.7.15 - Reflected Cross-Site scripting (XSS)
E
CVE-2021-24277 RSS for Yandex Turbo < 1.30 - Authenticated Stored Cross-Site Scripting (XSS)
E
CVE-2021-24278 Redirection for Contact Form 7 < 2.3.4 - Unauthenticated Arbitrary Nonce Generation
E
CVE-2021-24279 Redirection for Contact Form 7 < 2.3.4 - Authenticated Arbitrary Plugin Installation
E
CVE-2021-24280 Redirection for Contact Form 7 < 2.3.4 - Authenticated PHP Object Injection
E
CVE-2021-24281 Redirection for Contact Form 7 < 2.3.4 - Authenticated Arbitrary Post Deletion
E
CVE-2021-24282 Redirection for Contact Form 7 < 2.3.4 - Unprotected AJAX Actions
E
CVE-2021-24283 Accordion < 2.2.30 - Authenticated Reflected Cross-Site Scripting (XSS)
E
CVE-2021-24284 Kaswara Modern VC Addons <= 3.0.1 - Unauthenticated Arbitrary File Upload
E
CVE-2021-24285 Car Seller - Auto Classifieds Script <= 2.1.0 - Unauthenticated SQL Injection
E
CVE-2021-24286 Redirect 404 to Parent < 1.3.1 - Reflected Cross-Site Scripting (XSS)
E
CVE-2021-24287 Select All Categories and Taxonomies < 1.3.2 - Reflected Cross-Site Scripting (XSS)
E
CVE-2021-24288 AcyMailing < 7.5.0 - Unauthenticated Open Redirect
E
CVE-2021-24289 Store Locator Plus <= 5.5.14 - Authenticated Privilege Escalation
CVE-2021-24290 Store Locator Plus <= 5.5.15 - Unauthenticated Stored Cross-Site Scripting (XSS)
CVE-2021-24291 Photo Gallery < 1.5.69 - Multiple Reflected Cross-Site Scripting (XSS)
E
CVE-2021-24292 Happy Addons for Elementor Free < 2.24.0 and Pro < 1.17.0 - Contributor+ Stored XSS
E
CVE-2021-24293 NextGEN Gallery Pro < 3.1.11 - Reflected Cross-Site Scripting (XSS)
E
CVE-2021-24294 DSGVO All in one for WP < 4.0 - Unauthenticated Stored Cross-Site Scripting (XSS)
E
CVE-2021-24295 Time-based Blind SQL Injection in Spam protection, AntiSpam, FireWall by CleanTalk < 5.153.4
E
CVE-2021-24296 WP Customer Reviews < 3.5.6 - Authenticated Stored Cross-Site Scripting (XSS)
E
CVE-2021-24297 Goto < 2.1 - Reflected Cross-Site Scripting (XSS)
E
CVE-2021-24298 Simple Giveaways < 2.36.2 - Unauthenticated Reflected Cross-Site Scripting (XSS)
E
CVE-2021-24299 ReDi Restaurant Reservations < 21.0426 - Unauthenticated Stored Cross-Site Scripting (XSS)
E
CVE-2021-24300 PickPlugins Product Slider for WooCommerce < 1.13.22 - Reflected Cross-Site Scripting (XSS)
E
CVE-2021-24301 Hotjar Connecticator <= 1.1.1 - Authenticated Stored Cross-Site Scripting (XSS)
E
CVE-2021-24302 Hana Flv Player <= 3.1.3 - Authenticated Stored Cross-Site Scripting (XSS)
E
CVE-2021-24303 JiangQie Official Website Mini Program < 1.1.1 - Authenticated SQL Injection
E
CVE-2021-24304 Newsmag < 5.0 - Unauthenticated Reflected Cross-site Scripting (XSS)
E
CVE-2021-24305 Target First Plugin 2.0 - Unauthenticated Stored XSS via Licence Key
E
CVE-2021-24306 Ultimate Member < 2.1.20 - Authenticated Reflected Cross-Site Scripting (XSS)
E
CVE-2021-24307 All in One SEO Pack < 4.1.0.2 - Admin RCE via unserialize
E
CVE-2021-24308 LifterLMS < 4.21.1 - Authenticated Stored XSS in Edit Profile
E
CVE-2021-24309 Weekly Schedule < 3.4.3 - Authenticated Stored XSS
E
CVE-2021-24310 Photo Gallery < 1.5.67 - Authenticated Stored Cross-Site Scripting via Gallery Title
E
CVE-2021-24311 External Media < 1.0.34 - Authenticated Arbitrary File Upload
E
CVE-2021-24312 WP Super Cache < 1.7.3 - Authenticated Remote Code Execution
E
CVE-2021-24313 WP Prayer < 1.6.2 - Authenticated Stored Cross-Site Scripting (XSS)
E
CVE-2021-24314 Goto < 2.1 - Unauthenticated Blind SQL Injection
E
CVE-2021-24315 Give WP < 2.10.4 - Authenticated Stored Cross-Site Scripting (XSS)
E
CVE-2021-24316 Mediumish <= 1.0.47 - Unauthenticated Reflected Cross-Site Scripting (XSS)
E
CVE-2021-24317 Listeo < 1.6.11 - Multiple XSS & XFS vulnerabilities
E
CVE-2021-24318 Listeo < 1.6.11 - Multiple Authenticated IDOR Vulnerabilities
E
CVE-2021-24319 Bello < 1.6.0 - Authenticated Cross-Site Scripting (XSS) and XFS
E
CVE-2021-24320 Bello < 1.6.0 - Unauthenticated Reflected XSS & XFS
E
CVE-2021-24321 Bello < 1.6.0 - Unauthenticated Blind SQL Injection
E
CVE-2021-24322 Database Backup for WordPress < 2.4 - Authenticated Persistent Cross-Site Scripting (XSS)
E
CVE-2021-24323 Woocommerce < 5.2.0 - Authenticated Stored Cross-Site Scripting (XSS)
E
CVE-2021-24324 404 SEO Redirection <= 1.3 - CSRF to Stored Cross-Site Scripting (XSS)
E
CVE-2021-24325 404 SEO Redirection <= 1.3 - Reflected Cross-Site Scripting (XSS)
E
CVE-2021-24326 All 404 Redirect to Homepage < 1.21 - Authenticated Reflected Cross-Site Scripting (XSS)
E
CVE-2021-24327 SEO Redirection < 6.4 - Authenticated Stored Cross-Site Scripting (XSS)
E
CVE-2021-24328 WP Login Security and History <= 1.0 - CSRF to Stored Cross-Site Scripting (XSS)
E
CVE-2021-24329 WP Super Cache < 1.7.3 - Authenticated Stored Cross-Site Scripting (XSS)
E
CVE-2021-24330 Funnel Builder by CartFlows < 1.6.13 - Authenticated Stored XSS via FB Pixel ID and Google Analytics ID
E
CVE-2021-24331 Smooth Scroll Page Up/Down Buttons < 1.4 - Authenticated Stored XSS
E
CVE-2021-24332 Autoptimize < 2.8.4 - Authenticated Stored Cross-Site Scripting (XSS)
E
CVE-2021-24333 Content Copy Protection & Prevent Image Save <= 1.3 - CSRF to Stored Cross-Site Scripting (XSS)
E
CVE-2021-24334 Instant Images WordPress Plugin < 4.4.0.1 - Authenticated Stored XSS & XFS
E
CVE-2021-24335 Car Repair Services < 4.0 - Unauthenticated Reflected XSS & XFS
E
CVE-2021-24336 FlightLog <= 3.0.2 - Authenticated (editor+) SQL Injection
E
CVE-2021-24337 Video Embed <= 1.0 - Authenticated (subscriber+) SQL Injection
E
CVE-2021-24338 Pods < 2.7.27 - Authenticated Stored Cross-Site Scripting (XSS)
E
CVE-2021-24339 Pods < 2.7.27 - Authenticated Stored Cross-Site Scripting (XSS)
E
CVE-2021-24340 WP Statistics < 13.0.8 - Unauthenticated SQL Injection
E
CVE-2021-24341 Xllentech English Islamic Calendar < 2.6.8 - Authenticated SQL Injection
E S
CVE-2021-24342 JNews < 8.0.6 - Reflected Cross-Site Scripting (XSS)
E
CVE-2021-24343 iFlyChat – WordPress Chat < 4.7.0 - Admin+ Stored Cross-Site Scripting (XSS)
E
CVE-2021-24344 Easy Preloader <= 1.0.0 - Authenticated Stored Cross-Site Scripting (XSS)
CVE-2021-24345 Sendit WP Newsletter <= 2.5.1 - Authenticated (admin+) SQL Injection
E
CVE-2021-24346 Stock in & out <= 1.0.4 - Reflected Cross-Site Scripting (XSS)
E
CVE-2021-24347 SP Project & Document Manager <2 4.22 - Authenticated Shell Upload
E
CVE-2021-24348 Side Menu < 3.1.5 - Authenticated (admin+) SQL Injection
E S
CVE-2021-24349 Gallery From Files <= 1.6.0 - Reflected Cross-Site Scripting (XSS)
E
CVE-2021-24350 Visitors <= 0.3 - Unauthenticated Stored Cross-Site Scripting (XSS)
E
CVE-2021-24351 The Plus Addons for Elementor < 4.1.12 - Reflected Cross-Site Scripting (XSS)
E
CVE-2021-24352 Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Unauthenticated Redirect Export
E
CVE-2021-24353 Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Unauthenticated Redirect Import
E
CVE-2021-24354 Simple 301 Redirects by BetterLinks - 2.0.0-2.0.3 - Arbitrary Plugin Installation
E
CVE-2021-24355 Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Update and Retrieve Wildcard Value
E
CVE-2021-24356 Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Arbitrary Plugin Activation
E
CVE-2021-24357 FooGallery < 2.0.35 - Authenticated Stored Cross-Site Scripting
E
CVE-2021-24358 The Plus Addons for Elementor Page Builder < 4.1.10 - Open Redirect
E
CVE-2021-24359 The Plus Addons for Elementor Page Builder < 4.1.11 - Arbitrary Reset Pwd Email Sending
E
CVE-2021-24360 Yes/No Chart < 1.0.12 - Authenticated (contributor+) Blind SQL Injection
E
CVE-2021-24361 GeoDirectory Location Manager < 2.1.0.10 - Multiple Unauthenticated SQL Injections
E
CVE-2021-24362 Photo Gallery < 1.5.75 - Stored Cross-Site Scripting via Uploaded SVG
E
CVE-2021-24363 Photo Gallery < 1.5.75 - File Upload Path Traversal
E
CVE-2021-24364 Jannah < 5.4.4 - Reflected Cross-Site Scripting (XSS)
E
CVE-2021-24365 Admin Columns Free (< 4.3.2) & Pro (< 5.5.2) - Authenticated Stored Cross-Site Scripting (XSS) in Custom Field
E
CVE-2021-24366 Admin Columns Free < 4.3 & Pro < 5.5.1 - Admin+ Stored XSS in Label
E S
CVE-2021-24367 WP Config File Editor <= 1.7.1 - Authenticated Stored Cross-Site Scripting (XSS)
E
CVE-2021-24368 Quiz And Survey Master < 7.1.18 - Reflected Cross-Site Scripting (XSS)
E
CVE-2021-24369 GetPaid < 2.3.4 - Authenticated Stored XSS
E
CVE-2021-24370 Fancy Product Designer < 4.6.9 - Unauthenticated Arbitrary File Upload and RCE
E
CVE-2021-24371 RSVPMaker < 8.7.3 - Authenticated (admin+) SSRF
E S
CVE-2021-24372 WP Hardening < 1.2.2 - Reflected XSS via URI
E
CVE-2021-24373 WP Hardening < 1.2.2 - Reflected XSS via historyvalue
E
CVE-2021-24374 Jetpack < 9.8 - Carousel Module Non-Published Page/Post Attachment Comment Leak
E
CVE-2021-24375 Motor theme < 3.1.0 - Local File Inclusion
E
CVE-2021-24376 Autoptimize < 2.7.8 - Arbitrary File Upload via "Import Settings"
E
CVE-2021-24377 Autoptimize < 2.7.8 - Race Condition leading to RCE
E
CVE-2021-24378 Autoptimize < 2.7.8 - Authenticated Stored XSS via File Upload
E
CVE-2021-24379 Comments Like Dislike < 1.1.4 - Add Like/Dislike Bypass
E
CVE-2021-24380 Shantz WordPress QOTD <= 1.2.2 - Arbitrary Setting Update via CSRF
E
CVE-2021-24381 NinjaForms < 3.5.8.2 - Admin+ Stored Cross-Site Scripting
E
CVE-2021-24382 Smart Slider 3 < 3.5.0.9 - Authenticated Stored Cross-Site Scripting (XSS)
E S
CVE-2021-24383 WP Google Maps < 8.1.12 - Authenticated Stored Cross-Site Scripting (XSS)
E
CVE-2021-24384 JoomSport < 5.1.8 - Unauthenticated PHP Object Injection
E
CVE-2021-24385 Filebird 4.7.3 - Unauthenticated SQL Injection
E
CVE-2021-24386 WP SVG Images < 3.4 - Authenticated (author+) Stored XSS via SVG
E
CVE-2021-24387 Real Estate 7 < 3.1.1 - Reflected Cross-Site Scripting (XSS)
E
CVE-2021-24388 Vik Rent Car < 1.1.7 - CSRF to Stored XSS
E
CVE-2021-24389 FoodBakery < 2.2 - Reflected Cross-Site Scripting (XSS)
E
CVE-2021-24390 Alipay <= 3.7.2 - Authenticated SQL Injection
E
CVE-2021-24391 Cashtomer <= 1.0.0 - Authenticated SQL Injection
E
CVE-2021-24392 WordPress Membership SwiftCloud.io <= 1.0 - Authenticated SQL Injection
E
CVE-2021-24393 Comment Highlighter <= 0.13 - Authenticated SQL Injection
E
CVE-2021-24394 Easy Testimonial Manager <= 1.2.0 - Authenticated SQL Injection
E
CVE-2021-24395 Embed Youtube Video <= 1.0 - Authenticated SQL Injection
E
CVE-2021-24396 GSEOR <= 1.3 - Authenticated SQL Injection
E
CVE-2021-24397 MicroCopy <= 1.1.0 - Authenticated SQL Injection
E
CVE-2021-24398 Responsive 3D Slider <= 1.2 - Authenticated SQL Injection
E
CVE-2021-24399 The Sorter <= 1.0 - Authenticated SQL Injection
E
CVE-2021-24400 Display users <= 2.0.0 - Authenticated SQL Injection
E
CVE-2021-24401 WP Domain Redirect <= 1.0 - Authenticated SQL Injection
E
CVE-2021-24402 WP iCommerce <= 1.1.1 - Authenticated (contributor+) SQL Injection
E
CVE-2021-24403 WordPress Page Contact <= 1.0 - Authenticated (editor+) SQL Injection
E
CVE-2021-24404 WP-Board <= 1.1 (beta) - Unauthenticated SQL Injection
E
CVE-2021-24405 Easy Cookie Policy <= 1.6.2 - Broken Access Control to Stored Cross-Site Scripting
E
CVE-2021-24406 wpForo Forum < 1.9.7 - Open Redirect
E
CVE-2021-24407 Jannah < 5.4.5 - Reflected Cross-Site Scripting (XSS)
E
CVE-2021-24408 Prismatic < 2.8 - Contributor+ Stored XSS
E
CVE-2021-24409 Prismatic < 2.8 - Reflected Cross-Site Scripting (XSS)
E
CVE-2021-24410 Telugu Bible Verse Daily <= 1.0 - CSRF to Stored XSS
E
CVE-2021-24411 Social Tape <= 1.0 - CSRF to Stored XSS
E
CVE-2021-24412 Html5 Audio Player < 2.1.3 - Contributor+ Stored Cross-Site Scripting
E
CVE-2021-24413 Easy Twitter Feed < 1.2 - Contributor+ Stored Cross-Site Scripting
E
CVE-2021-24414 YT Player < 1.4 - Contributor+ Stored Cross-Site Scripting
E
CVE-2021-24415 Polo Video Gallery <= 1.2 - Contributor+ Stored Cross-Site Scripting
CVE-2021-24416 StreamCast < 2.1.1 - Contributor+ Stored Cross-Site Scripting
CVE-2021-24417 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse...
R
CVE-2021-24418 Smooth Scroll Page Up/Down Buttons <= 1.4 - Authenticated Stored XSS via psb_positioning
E
CVE-2021-24419 WP YouTube Lyte < 1.7.16 - Authenticated Stored XSS
E
CVE-2021-24420 Request a Quote < 2.3.4 - Authenticated Stored XSS
E
CVE-2021-24421 WP JobSearch < 1.7.4 - Authenticated Stored XSS
E
CVE-2021-24423 UpdraftPlus < 1.16.59 - Admin+ Stored Cross-Site Scripting
E
CVE-2021-24424 WP Reset < 1.90 - Authenticated Stored XSS
E
CVE-2021-24425 myStickymenu < 2.5.2 - Authenticated Stored XSS
E
CVE-2021-24426 Backup by 10Web <= 1.0.20 - Reflected Cross-Site Scripting (XSS)
E
CVE-2021-24427 W3 Total Cache < 2.1.3 - Authenticated Stored XSS
E
CVE-2021-24428 RSS for Yandex Turbo <= 1.30 - Authenticated Stored XSS
CVE-2021-24429 Salon Booking System < 6.3.1 - Unauthenticated Stored Cross-Site Scripting (XSS)
E
CVE-2021-24430 Speed Booster Pack 4.2.0-beta - Authenticated (admin+) RCE
E
CVE-2021-24431 Language Bar Flags <= 1.0.8 - CSRF to Stored XSS
E
CVE-2021-24432 Advanced AJAX Product Filters < 1.5.4.7 - Unauthenticated Reflected Cross-Site Scripting (XSS)
E
CVE-2021-24433 Simple Sort&Search <= 0.0.3 - Ccontributor+ Stored XSS
E
CVE-2021-24434 Glass <= 1.3.2 - CSRF to Stored Cross-Site Scripting (XSS)
E
CVE-2021-24435 Titan Framework <= 1.12.1 - Reflected Cross-Site Scripting (XSS)
E
CVE-2021-24436 W3 Total Cache < 2.1.4 - Reflected XSS in Extensions Page (Attribute Context)
E
CVE-2021-24437 Favicon by RealFaviconGenerator <= 1.3.20 - Reflected Cross-Site Scripting (XSS)
E
CVE-2021-24438 ShareThis Dashboard for Google Analytics < 2.5.2 - Reflected Cross-Site Scripting (XSS)
E
CVE-2021-24439 Browser Screenshots < 1.7.6 - Contributor+ Stored XSS
E
CVE-2021-24440 Sign-up Sheets < 1.0.14 - Authenticated Stored Cross-Site Scripting (XSS)
E
CVE-2021-24441 Sign-up Sheets < 1.0.14 - Authenticated CSV Injection
E
CVE-2021-24442 Poll, Survey, Questionnaire and Voting system < 1.5.3 - Unauthenticated Blind SQL Injection
E
CVE-2021-24443 Youzify < 1.0.7 - Stored Cross-Site Scripting via Biography
E
CVE-2021-24444 TaxoPress < 3.0.7.2 - Authenticated Stored Cross-Site Scripting (XSS)
E
CVE-2021-24445 My Site Audit <= 1.2.4 - Authenticated Stored Cross-Site Scripting (XSS)
E
CVE-2021-24446 Remove Footer Credit < 1.0.6 - CSRF to Stored Cross-Site Scripting
E
CVE-2021-24447 WP Image Zoom < 1.47 - Local File Inclusion
E
CVE-2021-24448 Profile Builder < 3.4.8 - Authenticated Stored XSS
E
CVE-2021-24450 ProfilePress < 3.1.8 - Authenticated Stored XSS
E
CVE-2021-24451 Export Users With Meta < 0.6.5 - Authenticated SQL Injection
E
CVE-2021-24452 W3 Total Cache < 2.1.5 - Reflected XSS in Extensions Page (JS Context)
E
CVE-2021-24453 Include Me <= 1.2.1 - Authenticated Remote Code Execution (RCE) via LFI log poisoning
E
CVE-2021-24454 YOP Poll < 6.2.8 - Stored Cross-Site Scripting
E
CVE-2021-24455 Tutor LMS < 1.9.2 - Authenticated Stored Cross-Site Scripting (XSS)
E
CVE-2021-24456 Quiz Maker < 6.2.0.9 - Multiple Authenticated Blind SQL Injections
CVE-2021-24457 Portfolio Responsive Gallery < 1.1.8 - Authenticated Blind SQL Injections
E
CVE-2021-24458 Popup box < 2.3.4 - Authenticated Blind SQL Injections
E
CVE-2021-24459 Survey Maker < 1.5.6 - Authenticated Blind SQL Injections
E
CVE-2021-24460 Popup Like box - Page Plugin < 3.5.3 - Authenticated Blind SQL Injections
E
CVE-2021-24461 FAQ Builder < 1.3.6 - Authenticated Blind SQL Injections
E
CVE-2021-24462 Photo Gallery by Ays - Responsive Image Gallery < 4.4.4 - Authenticated Blind SQL Injections
E
CVE-2021-24463 Image Slider by Ays - Responsive Slider and Carousel < 2.5.0 - Authenticated Blind SQL Injection
E
CVE-2021-24464 YouTube Embed, Playlist and Popup < 2.3.9 - Contributor+ Stored XSS
E
CVE-2021-24465 Meow Gallery < 4.1.9 - Contributor+ SQL Injection
E
CVE-2021-24466 Verse-O-Matic <= 4.1.1 - CSRF to Stored XSS
E
CVE-2021-24467 Leaflet Map < 3.0.0 - Arbitrary Settings Update via CSRF Leading to Stored XSS
E
CVE-2021-24468 Leaflet Map < 3.0.0 - Contributor+ Stored XSS
E
CVE-2021-24470 Yada Wiki < 3.4.1 - Contributor+ Stored XSS
CVE-2021-24471 YouTube Embed < 5.2.2 - Contributor+ Stored XSS
E
CVE-2021-24472 Onair2 < 3.9.9.2 & KenthaRadio < 2.0.2 - Unauthenticated RFI and SSRF
E
CVE-2021-24473 User Profile Picture < 2.6.0 - Arbitrary User Picture Change/Deletion via IDOR
E
CVE-2021-24474 Awesome Weather Widget <= 3.0.2 - Reflected Cross-site Scripting (XSS)
CVE-2021-24476 Steam Group Viewer <= 2.1 - Authenticated Stored Cross-Site Scripting (XSS)
E
CVE-2021-24477 Migrate Users <= 1.0.1 - CSRF to Stored Cross-Site Scripting (XSS)
E
CVE-2021-24478 Bookshelf <= 2.0.4 - Authenticated Stored Cross-Site Scripting (XSS)
E
CVE-2021-24479 DrawBlog <= 0.90 - Authenticated Stored Cross-Site Scripting (XSS)
E
CVE-2021-24480 Event Geek <= 2.5.2 - Stored Cross-site Scripting (XSS)
E
CVE-2021-24481 Any Hostname <= 1.0.6 - Authenticated Stored Cross-Site Scripting (XSS)
E
CVE-2021-24482 Related Posts for WordPress <= 2.0.4 - Authenticated Stored XSS & XFS
E
CVE-2021-24483 Poll Maker < 3.2.1 - Authenticated Blind SQL Injections
E
CVE-2021-24484 Secure Copy Content Protection and Content Locking < 2.6.7 - Authenticated Blind SQL Injections
E
CVE-2021-24485 Special Text Boxes < 5.9.110 - Admin+ Stored Cross-Site Scripting
E
CVE-2021-24486 Simple Social Media Share Buttons < 3.2.3 - Contributor+ Stored XSS
E
CVE-2021-24487 St Daily Tip <= 4.7 - CSRF to Stored Cross-Site Scripting
E
CVE-2021-24488 Post Grid < 2.1.8 - Reflected Cross-Site Scripting (XSS)
E
CVE-2021-24489 Request a Quote < 2.3.9 - Admin+ Stored Cross-Site Scripting
E
CVE-2021-24490 Email Artillery <= 4.1 - Arbitrary File Upload
E
CVE-2021-24491 Fileviewer <= 2.2 - Arbitrary File Upload/Deletion via CSRF
E
CVE-2021-24492 Handsome Testimonials & Reviews < 2.1.1 - Authenticated (Subscriber+) SQL Injection
E S
CVE-2021-24493 Shopp eCommerce <= 1.4 - Unauthenticated Arbitrary File Upload
E
CVE-2021-24494 WP Offload SES Lite < 1.4.5 - Stored Cross-Site Scripting (XSS)
E
CVE-2021-24495 Marmoset Viewer < 1.9.3 - Reflected Cross Site Scripting
E
CVE-2021-24496 Community Event < 1.4.8 - Reflected Cross-Site Scripting (XSS)
E
CVE-2021-24497 Giveaway <= 1.2.2 - Authenticated SQL Injection
E
CVE-2021-24498 Calendar Event Multi View < 1.4.01 - Unauthenticated Reflected Cross-Site Scripting (XSS)
E
CVE-2021-24499 Workreap theme < 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution
E
CVE-2021-24500 Workreap theme < 2.2.2 - Multiple CSRF + IDOR Vulnerabilities
E
CVE-2021-24501 Workreap theme < 2.2.2 - Missing Authorization Checks in Ajax Actions
E
CVE-2021-24502 WP Google Map < 1.7.7 - Authenticated Stored Cross-Site Scripting (XSS)
E
CVE-2021-24503 Popular Brand SVG Icons - Simple Icons < 2.7.8 - Contributor+ Stored XSS
E
CVE-2021-24504 WP LMS <= 1.1.2 - Stored Cross-Site Scripting (XSS)
E
CVE-2021-24505 Forms < 1.12.3 - Authenticated Stored Cross-Site Scripting (XSS)
E
CVE-2021-24506 Slider Hero < 8.2.7 - Contributor+ SQL Injection
E
CVE-2021-24507 Astra Pro Addon < 3.5.2 - Unauthenticated SQL Injection
E
CVE-2021-24508 Smash Balloon Social Post Feed < 2.19.2 - Unauthenticated Stored XSS
E
CVE-2021-24509 Page View Counts < 2.4.9 - Contributor+ Stored XSS
E
CVE-2021-24510 MF Gig Calendar < 1.2 - Reflected Cross-Site Scripting (XSS)
E
CVE-2021-24511 Create WooCommerce Product Feeds For 40+ Merchants < 3.3.1.0 - Authenticated SQL Injection
E S
CVE-2021-24512 Video Posts Webcam Recorder < 3.2.4 - Authenticated Reflected XSS
E
CVE-2021-24513 Form Builder < 1.9.8.4 - Authenticated Stored Cross-Site Scripting
E
CVE-2021-24514 Visual Form Builder < 3.0.4 - Admin+ Stored Cross-Site Scripting
E
CVE-2021-24515 Video Gallery - Vimeo and YouTube Gallery < 1.1.5 - Admin+ Stored Cross-Site Scripting
E
CVE-2021-24516 PlanSo Forms <= 2.6.3 - Authenticated Stored Cross-Site Scripting
E
CVE-2021-24517 Stop Spammers Security < 2021.18 - Authenticated Stored XSS
E
CVE-2021-24518 WPFront Notification Bar < 2.0.0.07176 - Authenticated Stored XSS
E
CVE-2021-24519 Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)
E
CVE-2021-24520 Stock in & out <= 1.0.4 - Authenticated SQL Injection
E
CVE-2021-24521 Side Menu Lite < 2.2.1 - Authenticated SQL Injection
E
CVE-2021-24522 ProfilePress < 3.1.11 - Unauthenticated Cross-Site Scripting (XSS) in tabbed login/register widget
E
CVE-2021-24523 Daily Prayer Time < 2021.08.10 - Authenticated Stored XSS
E
CVE-2021-24524 GiveWP < 2.12.0 - Authenticated Stored XSS
E
CVE-2021-24525 Shortcodes Ultimate < 5.10.2 - Contributor+ Stored XSS
E
CVE-2021-24526 Form Maker < 1.13.60 - Authenticated Stored XSS
E
CVE-2021-24527 Profile Builder < 3.4.9 - Admin Access via Password Reset
E
CVE-2021-24528 FluentSMTP < 2.0.1 - Authenticated Stored XSS
E
CVE-2021-24529 Grid Gallery < 1.2.5 - Authenticated Stored Cross Site Scripting (XSS)
E
CVE-2021-24530 Alojapro Widget <= 1.1.15 - Authenticated Stored Cross-Site Scripting (XSS)
E
CVE-2021-24531 Charitable – Donation Plugin < 1.6.51 - Authenticated Stored Cross-Site Scripting (XSS)
CVE-2021-24533 Maintenance < 4.03 - Authenticated Stored XSS
E
CVE-2021-24534 PhoneTrack Meu Site Manager <= 0.1 - Authenticated Stored XSS
E
CVE-2021-24535 Light Messages <= 1.0 - CSRF to Stored XSS
E
CVE-2021-24536 Custom Login Redirect <= 1.0.0 - CSRF to Stored XSS
E
CVE-2021-24537 Similar Posts <= 3.1.5 - Admin+ Arbitrary PHP Code Execution
E
CVE-2021-24538 Current Book <= 1.0.1 - Authenticated Stored Cross-Site Scripting (XSS)
E
CVE-2021-24539 Coming Soon, Under Construction & Maintenance Mode By Dazzler < 1.6.7 - Admin+ Stored Cross-Site Scripting
E
CVE-2021-24540 Wonder Video Embed < 1.8 - Contributor+ Stored XSS
E
CVE-2021-24541 Wonder PDF Embed < 1.7 - Contributor+ Stored XSS
E
CVE-2021-24543 jQuery Reply to Comment <= 1.31 - CSRF to Stored Cross-Site Scripting
E
CVE-2021-24544 Responsive WordPress Slider <= 2.2.0 - Subscriber+ Stored Cross-Site Scripting
E
CVE-2021-24545 WP HTML Author Bio <= 1.2.0 - Author+ Stored Cross-Site Scripting
E
CVE-2021-24546 EditorsKit < 1.31.6 - Contributor+ Arbitrary PHP Code Execution
E
CVE-2021-24547 KN Fix Your Title <= 1.0.1 - Authenticated Stored XSS
E
CVE-2021-24548 Mimetic Books <= 0.2.13 - Authenticated Stored Cross-Site Scripting (XSS)
E
CVE-2021-24549 AceIDE <= 2.6.2 - Authenticated (admin+) Arbitrary File Access
E
CVE-2021-24550 Broken Link Manager <= 0.6.5 - Authenticated (admin+) SQL Injection
E
CVE-2021-24551 Edit Comments <= 0.3 - Unauthenticated SQL Injection
E
CVE-2021-24552 Simple Events Calendar <= 1.4.0 - Authenticated (admin+) SQL Injection
E
CVE-2021-24553 Timeline Calendar <= 1.2 - Authenticated (admin+) SQL Injection
E
CVE-2021-24554 Paytm - Donation Plugin <= 1.3.2 - Authenticated (admin+) SQL Injection
E
CVE-2021-24555 Diary & Availability Calendar <= 1.0.3 - Authenticated (subscriber+) SQL Injection
E
CVE-2021-24556 Email Subscriber <= 1.1 - Unauthenticated Stored Cross-Site Scripting (XSS)
E
CVE-2021-24557 M-vSlider <= 2.1.3 - Authenticated (admin+) SQL Injection
E
CVE-2021-24558 Project Status <= 1.6 - Reflected Cross-Site Scripting (XSS)
E
CVE-2021-24559 Qyrr < 0.7 - Authenticated (contributor+) Stored XSS
E
CVE-2021-24560 Software License Manager < 4.4.8 - Reflected Cross-Site Scripting
CVE-2021-24561 WP SMS < 5.4.13 - Authenticated Stored Cross-Site Scripting
E
CVE-2021-24562 LifterLMS < 4.21.2 - Access Other Student Grades/Answers via IDOR
E
CVE-2021-24563 Frontend Uploader <= 1.3.2 - Unauthenticated Stored Cross-Site Scripting
E
CVE-2021-24564 WPFront Scroll Top < 2.0.6.07225 - Authenticated Stored XSS
E
CVE-2021-24565 Contact Form 7 Captcha < 0.0.9 - CSRF to Stored XSS
E S
CVE-2021-24566 WooCommerce Currency Switcher < 1.3.7 - Authenticated (Low Privilege) Local File Inclusion
E
CVE-2021-24567 Simple Post <= 1.1 - Authenticated Stored Cross-Site Scripting (XSS)
E
CVE-2021-24568 AddToAny < 1.7.46 - Authenticated Stored XSS
E
CVE-2021-24569 Cookie Notice & Compliance for GDPR / CCPA < 2.1.2 - Admin+ Stored Cross-Site Scripting
E
CVE-2021-24570 Paypal Donation < 1.3.1 - CSRF to Stored Cross-Site Scripting
E S
CVE-2021-24571 HD Quiz < 1.8.4 - Authenticated Stored XSS
E
CVE-2021-24572 Paypal Donation < 1.3.1 - CSRF to Arbitrary Post Deletion
E
CVE-2021-24574 Simple Banner < 2.10.4 - Authenticated Stored XSS
E S
CVE-2021-24575 WPSchoolPress < 2.1.10 - Multiple Authenticated SQL Injections
E
CVE-2021-24576 Easy Accordion < 2.0.22 - Authenticated Stored XSS
E
CVE-2021-24577 Coming Soon and Maintenance Mode < 3.5.3 - Authenticated Stored XSS
E
CVE-2021-24578 SportsPress < 2.7.9 - Reflected Cross-Site Scripting
E
CVE-2021-24579 Bold Page Builder < 3.1.6 - PHP Object Injection
E
CVE-2021-24580 Side Menu Lite < 2.2.6 - Authenticated SQL Injection
E
CVE-2021-24581 Blue Admin <= 21.06.01 - CSRF to Stored Cross-Site Scripting (XSS)
E
CVE-2021-24582 ThinkTwit < 1.7.1 - Authenticated Stored Cross-Site Scripting (XSS)
E
CVE-2021-24583 Timetable and Event Schedule by MotoPress < 2.4.2 - Unauthorised Event TimeSlot Deletion
E
CVE-2021-24584 Timetable and Event Schedule by MotoPress < 2.4.2 - Unauthorised Event TimeSlot Update
E
CVE-2021-24585 Timetable and Event Schedule by MotoPress < 2.4.0 - Arbitrary User's Hashed Password/Email/Username Disclosure
E
CVE-2021-24586 Per Page Add to Head < 1.4.4 - CSRF to Stored XSS
E
CVE-2021-24587 Splash Header < 1.20.8 - Authenticated Stored Cross-Site Scripting (XSS)
E
CVE-2021-24588 SMS Alert Order Notifications – WooCommerce < 3.4.7 Authenticated Cross Site Scripting
E
CVE-2021-24590 Cookie Notice & Consent Banner for GDPR & CCPA Compliance < 1.7.2 - Authenticated Stored XSS
E
CVE-2021-24591 Highlight < 0.9.3 - Authenticated Stored Cross-Site Scripting
E
CVE-2021-24592 Sitewide Notice WP < 2.3 - Authenticated Stored XSS
E
CVE-2021-24593 Business Hours Indicator < 2.3.5 - Authenticated Stored XSS
E
CVE-2021-24594 Translate WordPress - Google Language Translator < 6.0.12 - Admin+ Stored Cross-Site Scripting
E S
CVE-2021-24595 WP Cookie Choice <= 1.1.0 - CSRF to Stored Cross-Site Scripting
CVE-2021-24596 youForms for WordPress <= 1.0.5 - Authenticated Stored Cross-Site Scripting
E
CVE-2021-24597 You Shang <= 1.0.1 - Authenticated Stored Cross-Site Scripting
E
CVE-2021-24598 Testimonial Builder < 1.6.0 - Admin+ Stored Cross-Site Scripting
E S
CVE-2021-24599 Email Encoder < 2.1.2 - Reflected Cross Site Scripting
E
CVE-2021-24600 WP Dialog <= 1.2.5.5 - Authenticated Stored Cross-Site Scripting
E
CVE-2021-24601 WPFront Notification Bar < 2.1.0.08087 - Authenticated Stored XSS
E
CVE-2021-24602 HM Multiple Roles < 1.3 - Arbitrary Role Change
E
CVE-2021-24603 Site Reviews < 5.13.1 - Authenticated Stored XSS
E
CVE-2021-24604 Availability Calendar < 1.2.2 - Authenticated Stored Cross-Site Scripting
E
CVE-2021-24605 Custom Post View Generator <= 0.4.6 - Reflected Cross-Site Scripting
E
CVE-2021-24606 Availability Calendar < 1.2.1 - Authenticated SQL Injection
E
CVE-2021-24607 Storefront Footer Text <= 1.0.1 - Admin+ Stored Cross-Site Scripting
E
CVE-2021-24608 Formidable Form Builder < 5.0.07 - Admin+ Stored Cross-Site Scripting
E S
CVE-2021-24609 WP Mapa Politico Espana < 3.7.0- Authenticated Stored XSS
E
CVE-2021-24610 TranslatePress < 2.0.9 - Authenticated Stored Cross-Site Scripting
E
CVE-2021-24611 Keywords & Meta <= 3.0 - CSRF to Stored Cross-Site Scripting (XSS)
E
CVE-2021-24612 Sociable <= 4.3.4.1 - Admin+ Stored Cross-Site Scripting
E
CVE-2021-24613 Post Views Counter < 1.3.5 - Authenticated Stored XSS
E
CVE-2021-24614 Book appointment Online < 1.39 - Authenticated Stored Cross-Site Scripting (XSS)
E
CVE-2021-24615 Wechat Reward <= 1.7 - CSRF to Stored Cross-Site Scripting
CVE-2021-24616 AddToAny Share Buttons < 1.7.48 - Admin+ Stored Cross-Site Scripting
E S
CVE-2021-24617 GamePress <= 1.1.0 - Reflected Cross-Site Scripting
CVE-2021-24618 Donate With QRCode < 1.4.5 - Stored Cross-Site Scripting
E
CVE-2021-24619 Per Page Add to Head <= 1.4.4 - Authenticated Stored XSS
E
CVE-2021-24620 Simple eCommerce <= 2.2.5 - Arbitrary File Upload
E
CVE-2021-24621 WP Courses LMS < 2.0.44 - Authenticated Stored XSS via Video Embed Code
E
CVE-2021-24622 WP Ticket < 5.10.4 - Admin+ Stored Cross-Site Scripting
E
CVE-2021-24623 WordPress Advanced Ticket System < 1.0.64 - Authenticated Stored Cross-Site Scripting (XSS)
E
CVE-2021-24624 MP3 Audio Player for Music, Radio & Podcast by Sonaar < 2.4.2 - Multiple Admin+ Cross Site Scripting
E
CVE-2021-24625 SpiderCatalog <= 1.7.3 - Admin+ SQL Injection
E
CVE-2021-24626 Chameleon CSS <= 1.2 - Subscriber+ SQL Injection
E
CVE-2021-24627 G Auto-Hyperlink <= 1.0.1 - Admin+ SQL Injection
E
CVE-2021-24628 Wow Forms <= 3.1.3 - Admin+ SQL Injection
E
CVE-2021-24629 Post Content XMLRPC <= 1.0 - Admin+ SQL Injections
E
CVE-2021-24630 Schreikasten <= 0.14.18 - Author+ SQL Injections
E
CVE-2021-24631 Unlimited PopUps <= 4.5.3 - Author+ SQL Injection
E
CVE-2021-24632 Recipe Card Blocks < 2.8.1 - Reflected Cross-Site Scripting
E
CVE-2021-24633 Countdown Block < 1.1.2 - Missing Authorisation in AJAX action
E
CVE-2021-24634 Recipe Card Blocks < 2.8.3 - Contributor+ Stored Cross-Site Scripting
E
CVE-2021-24635 Visual Link Preview < 2.2.3 - Unauthorised AJAX Calls
E
CVE-2021-24636 Print My Blog < 3.4.2 - Plugin Deactivation via CSRF
E
CVE-2021-24637 Fonts Plugin < 3.0.3 - Contributor+ Stored Cross-Site Scripting
E
CVE-2021-24638 OMGF < 4.5.4 - Unauthenticated Path Traversal in REST API
E
CVE-2021-24639 OMGF < 4.5.4 - Subscriber+ Arbitrary File/Folder Deletion
E
CVE-2021-24640 Gutenslider < 5.2.0 - Contributor+ Stored XSS
E
CVE-2021-24641 Images to WebP < 1.9 - Multiple Cross Site Request Forgery (CSRF)
E
CVE-2021-24642 Scroll Baner <= 1.0 - CSRF to RCE
E
CVE-2021-24643 WP Map Block < 1.2.3 - Contributor+ Stored Cross-Site Scripting
E
CVE-2021-24644 Images to WebP < 1.9 - Authenticated Local File Inclusion
E
CVE-2021-24645 Booking.com Product Helper < 1.0.2 - Admin+ Stored Cross-Site Scripting
E
CVE-2021-24646 Booking.com Banner Creator < 1.4.3 - Admin+ Stored Cross-Site Scripting
E
CVE-2021-24647 Pie Register < 3.7.1.6 - Unauthenticated Arbitrary Login
E
CVE-2021-24648 Registration Magic < 5.0.1.9 - Reflected Cross-Site Scripting
E S
CVE-2021-24649 WP User Frontend < 3.5.29 - Obscure Registration as Admin
E
CVE-2021-24651 Poll Maker < 3.4.2 - Unauthenticated Time Based SQL Injection
E
CVE-2021-24652 PostX Gutenberg Blocks for Post Grid < 2.4.10 - Missing Access Controls
CVE-2021-24653 Cookie Bar < 1.8.9 - Admin+ Stored Cross-Site Scripting
E
CVE-2021-24654 User Registration < 2.0.2 - Low Privilege Stored Cross-Site Scripting
E
CVE-2021-24655 WP User Manager < 2.6.3 - Arbitrary User Password Reset to Account Compromise
E
CVE-2021-24656 Simple Social Media Share Buttons < 3.2.4 - Authenticated Stored Cross-Site Scripting
E
CVE-2021-24657 Limit Login Attempts < 4.0.50 - Unauthenticated Stored Cross-Site Scripting
E
CVE-2021-24658 Erident Custom Login and Dashboard < 3.5.9 - Authenticated Stored Cross-Site Scripting (XSS)
E S
CVE-2021-24659 PostX Gutenberg Blocks for Post Grid < 2.4.10 - Contributor+ Stored Cross-Site Scripting
CVE-2021-24660 PostX Gutenberg Blocks Saved Templates Addon < 2.4.10 - Contributor+ Stored Cross-Site Scripting
CVE-2021-24661 PostX Gutenberg Blocks Saved Templates Addon < 2.4.10 - Private Content Disclosure
CVE-2021-24662 Game Server Status <= 1.0 - Admin+ SQL Injection
E
CVE-2021-24663 Simple School Staff Directory <= 1.1 - Admin+ Arbitrary File Upload
E
CVE-2021-24664 WPSchoolPress < 2.1.17 - Multiple Admin+ Stored Cross-Site Scripting
E
CVE-2021-24665 WP Video Lightbox < 1.9.3 - Contributor+ Stored Cross-Site Scripting
CVE-2021-24666 Podlove Podcast Publisher < 3.5.6 - Unauthenticated SQL Injection
E S
CVE-2021-24667 Gallery Blocks with Lightbox < 2.2.1- Authenticated Stored Cross-Site Scripting
CVE-2021-24668 MAZ Loader < 1.4.1 - Arbitrary Loader Deletion via CSRF
E
CVE-2021-24669 MAZ Loader < 1.3.3 - Contributor+ SQL Injection
E
CVE-2021-24670 CoolClock < 4.3.5 - Contributor+ Stored Cross-Site Scripting
E
CVE-2021-24671 MX Time Zone Clocks < 3.4.1 - Contributor+ Cross-Site Scripting
E
CVE-2021-24672 One User Avatar < 2.3.7 - Contributor+ Stored Cross-Site Scripting
E
CVE-2021-24673 Appointment Hour Booking < 1.3.16 - Authenticated Stored Cross-Site Scripting
E
CVE-2021-24674 Genie WP Favicon <= 0.5.2 - Arbitrary Favicon Change via CSRF
E
CVE-2021-24675 One User Avatar < 2.3.7 - Avatar Update via CSRF
E
CVE-2021-24676 Better Find and Replace < 1.2.9 - Reflected Cross-Site Scripting
E
CVE-2021-24677 Find My Blocks < 3.4.0 - Private Post Titles Disclosure
E
CVE-2021-24678 CM Tooltip Glossary < 3.9.21 - Contributor+ Stored Cross-Site Scripting
E
CVE-2021-24679 Bitcoin / AltCoin Payment Gateway for WooCommerce < 1.6.1 - Reflected Cross-Site Scripting
E
CVE-2021-24680 WP Travel Engine < 5.3.1 - Editor+ Stored Cross-Site Scripting
E
CVE-2021-24681 Duplicate Page <= 4.4.2 - Admin+ Stored Cross-Site Scripting
E
CVE-2021-24682 Cool Tag Cloud < 2.26 - Contributor+ Stored Cross-Site Scripting
E
CVE-2021-24683 Weather Effect < 1.3.4 - CSRF to Stored Cross-Site Scripting
E
CVE-2021-24684 PDF Light Viewer < 1.4.12 - Authenticated Command Injection
E
CVE-2021-24685 Flat Preloader < 1.5.4 - CSRF to Stored Cross-Site Scripting
E
CVE-2021-24686 SVG Support < 2.3.20 - Admin+ Stored Cross-Site Scripting
E S
CVE-2021-24687 Modern Events Calendar Lite < 5.22.2 - Admin+ Stored Cross-Site Scripting
E
CVE-2021-24688 Orange Form <= 1.0.1 - Unauthenticated Arbitrary Post Deletion
E
CVE-2021-24689 Contact Forms - Drag & Drop Contact Form Builder <= 1.0.5 - Admin+ Arbitrary System File Read
E
CVE-2021-24690 Chained Quiz < 1.2.7.2 - Authenticated Stored Cross Site Scripting
E
CVE-2021-24691 Quiz And Survey Master < 7.3.2 - Admin+ Stored Cross-Site Scripting
E
CVE-2021-24692 Simple Download Monitor < 3.9.5 - Contributor+ Arbitrary File Download via Path Traversal
E
CVE-2021-24693 Simple Download Monitor < 3.9.5 - Contributor+ Stored Cross-Site Scripting via File Thumbnail
E
CVE-2021-24694 Simple Download Monitor < 3.9.11 - Contributor+ Stored Cross-Site Scripting via Shortcodes
E
CVE-2021-24695 Simple Download Monitor < 3.9.6 - Unauthenticated Log Access
E
CVE-2021-24696 Simple Download Monitor < 3.9.9 - Multiple CSRF
E
CVE-2021-24697 Simple Download Monitor < 3.9.5 - Reflected Cross-Site Scripting
E
CVE-2021-24698 Simple Download Monitor < 3.9.6 - Arbitrary Thumbnails Removal
E
CVE-2021-24699 Easy Media Download < 1.1.7 - Contributor+ Stored Cross-Site Scripting
E
CVE-2021-24700 Forminator < 1.15.4 - Admin+ Stored Cross-Site Scripting
E
CVE-2021-24701 Quiz Tool Lite <= 2.3.15 - Multiple Admin+ Stored Cross-Site Scripting
E
CVE-2021-24702 LearnPress < 4.1.3.1 - Multiple Admin+ Stored Cross-Site Scripting
E
CVE-2021-24703 Download Plugin < 1.6.1 - Subscriber+ Arbitrary Plugin Activation
E
CVE-2021-24704 Orange Form <= 1.0 - SQL Injection via CSRF
E
CVE-2021-24705 NEX-Forms < 8.4.3 - Stored Cross-Site Scripting via CSRF
E
CVE-2021-24706 Qwizcards < 3.62 - Admin+ Stored Cross Site Scripting
E
CVE-2021-24707 Learning Courses < 5.0 - Admin+ Stored Cross-Site Scripting
E
CVE-2021-24708 WP All Export < 1.3.1 - Admin+ Stored Cross-Site Scripting
E
CVE-2021-24709 Weather Effect < 1.3.6 - Admin+ Stored Cross-Site Scripting
E
CVE-2021-24710 Print-O-Matic < 2.0.3 - Admin+ Stored Cross-Site Scripting
E S
CVE-2021-24711 Software License Manager < 4.5.1 - Arbitrary Domain Deletion via CSRF
E
CVE-2021-24712 Appointment Hour Booking – WordPress Booking Plugin < 1.3.17 - Authenticated Stored XSS
E
CVE-2021-24713 Video Lessons Manager - Admin+ Stored Cross-Site Scripting
E
CVE-2021-24714 WP All Import < 3.6.3 - Admin+ Stored Cross-Site Scripting
E
CVE-2021-24715 WP Sitemap Page < 1.7.0 - Admin+ Stored Cross Site Scripting
E
CVE-2021-24716 Modern Events Calendar Lite < 5.22.3 - Authenticated Stored Cross Site Scripting
E
CVE-2021-24717 AutomatorWP < 1.7.6 - Missing Authorization and Privilege Escalation
E
CVE-2021-24718 ARForms Form Builder < 1.5 - Admin+ Stored Cross Site Scripting
E
CVE-2021-24719 Enfold Theme < 4.8.4 - Reflected Cross-Site Scripting (XSS)
E
CVE-2021-24720 GeoDirectory < 2.1.1.3 - Authenticated Stored Cross-Site Scripting (XSS)
E S
CVE-2021-24721 Loco Translate < 2.5.4 - Authenticated PHP Code Injection
E
CVE-2021-24722 Restaurant Menu by MotoPress < 2.4.2 - Admin+ Stored Cross Site Scripting
E
CVE-2021-24723 WP Reactions Lite < 1.3.6 - Authenticated Stored Cross Site Scripting
E
CVE-2021-24724 Timetable and Event Schedule by MotoPress < 2.3.19 - Author+ Stored Cross-Site Scripting
E
CVE-2021-24725 Comment Link Remove and Other Comment Tools < 2.1.6 - Arbitrary Comment Deletion via CSRF
E
CVE-2021-24726 WP Simple Booking Calendar <= 2.0.6 (before 07/12/2021) - Authenticated SQL Injection
E
CVE-2021-24727 Block and Stop Bad Bots < 6.60 - Authenticated SQL Injections
E
CVE-2021-24728 Paid Member Subscriptions < 2.4.2 - Authenticated SQL Injection
E
CVE-2021-24729 Logo Showcase with Slick Slider < 1.2.4 - Author+ Stored Cross Site Scripting
E
CVE-2021-24730 Logo Showcase with Slick Slider < 1.2.5 - Subscriber+ Arbitrary Media Title/Description/Alt Text/URL Update
E
CVE-2021-24731 Pie Register < 3.7.1.6 - Unauthenticated SQL Injection
E
CVE-2021-24732 Dflip Lite < 1.7.10 - Contributor+ Stored Cross-Site Scripting
E
CVE-2021-24733 WP Post Page Clone < 1.2 - Unauthorised Post Access
E
CVE-2021-24734 Compact WP Audio Player < 1.9.7 - Contributor+ Stored Cross-Site Scripting
E
CVE-2021-24735 Compact WP Audio Player < 1.9.7 - Setting Change via CSRF
E
CVE-2021-24736 Shared Files < 1.6.57 - Admin+ Stored Cross-Site Scripting
E
CVE-2021-24737 Comments - wpDiscuz <= 7.3.0 - Admin+ Stored Cross-Site Scripting
E
CVE-2021-24738 Logo Carousel < 3.4.2 - Contributor+ Stored Cross-Site Scripting
E
CVE-2021-24739 Logo Carousel < 3.4.2 - Unauthorised Private Post Access
E
CVE-2021-24740 Tutor LMS < 1.9.9 - Multiple Admin+ Stored Cross-Site Scripting
E
CVE-2021-24741 Support Board < 3.3.4 - Multiple Unauthenticated SQL Injections
E
CVE-2021-24742 Logo Slider and Showcase < 1.3.37 - Editor Plugin's Settings Update
E
CVE-2021-24743 Podcast Subscribe Buttons < 1.4.2 - Contributor+ Stored XSS
E
CVE-2021-24744 WordPress Contact Forms by Cimatti < 1.4.12 - Admin+ Stored Cross-Site Scripting
E
CVE-2021-24745 About Author Box < 1.0.2 - Contributor+ Stored Cross-Site Scripting
E
CVE-2021-24746 Sassy Social Share < 3.3.40 - Reflected Cross-Site Scripting
E
CVE-2021-24747 SEO Booster < 3.8 - Admin+ SQL Injection
E S
CVE-2021-24748 Email Before Download < 6.8 - Admin+ SQL Injection
E
CVE-2021-24749 URL Shortify < 1.5.1 - Arbitrary Link/Group Deletion via CSRF
E
CVE-2021-24750 WP Visitor Statistics (Real Time Traffic) < 4.8 - Subscriber+ SQL Injection
E S
CVE-2021-24751 GenerateBlocks < 1.4.0 - Contributor+ Stored Cross-Site Scripting
E
CVE-2021-24752 Multiple Plugins from CatchThemes - Unauthorised Plugin's Setting Change
E
CVE-2021-24753 Rich Reviews by Starfish < 1.9.6 - Admin+ SQL Injection
E S
CVE-2021-24754 MainWP Child Reports < 2.0.8 - Admin+ SQL Injection
E
CVE-2021-24755 myCred < 2.3 - Subscriber+ SQL Injection
E
CVE-2021-24756 WP System Log < 1.0.21 - Unauthenticated Stored Cross-Site Scripting
E
CVE-2021-24757 Stylish Price List < 6.9.0 - Unauthenticated Arbitrary Image Upload
E
CVE-2021-24758 Email Log < 2.4.7 - Admin+ SQL Injection
E
CVE-2021-24759 PDF.js Viewer < 2.0.2 - Contributor+ Stored Cross-Site Scripting
E
CVE-2021-24760 Gutenberg PDF Viewer Block < 1.0.1 - Contributor+ Stored Cross-Site Scripting
E
CVE-2021-24761 Error Log Viewer < 1.1.2 - Arbitrary Text File Deletion via CSRF
E
CVE-2021-24762 Perfect Survey < 1.5.2 - Unauthenticated SQL Injection
E
CVE-2021-24763 Perfect Survey < 1.5.2 - Unauthorised AJAX Call to Stored XSS / Survey Settings Update
E
CVE-2021-24764 Perfect Survey < 1.5.2 - Reflected Cross-Site Scripting
E
CVE-2021-24765 Perfect Survey < 1.5.2 - Unauthenticated Stored Cross-Site Scripting
E
CVE-2021-24766 404 to 301 < 3.0.9 - Logs Deletion via CSRF
E
CVE-2021-24767 Redirect 404 Error Page to Homepage or Custom Page with Logs < 1.7.9 - Log Deletion via CSRF
E
CVE-2021-24768 WP RSS Aggregator < 4.19.2 - Admin+ Stored Cross-Site Scripting
E
CVE-2021-24769 Permalink Manager Lite < 2.2.13.1 - Admin+ SQL Injection
E
CVE-2021-24770 Stylish Price List < 6.9.1 - Subscriber+ Arbitrary Image Upload
E
CVE-2021-24771 Inspirational Quote Rotator <= 1.0.0 - Admin+ Stored Cross-Site Scripting
E
CVE-2021-24772 Stream < 3.8.2 - Admin+ SQL Injection
E S
CVE-2021-24773 WordPress Download Manager < 3.2.16 - Admin+ Stored Cross-Site Scripting
E
CVE-2021-24774 Check & Log Email < 1.0.3 - Admin+ SQL Injections
E
CVE-2021-24775 Document Embedder < 1.7.5 - Unauthenticated Arbitrary Private/Draft Post Title Disclosure
E
CVE-2021-24776 WP Performance Score Booster < 2.1 - Settings Change via CSRF
E
CVE-2021-24777 Hotscot Contact Form < 1.3 - Admin+ SQL Injection
E
CVE-2021-24778 Tradetracker-Store < 4.6.60 - Admin+ SQL Injection
E
CVE-2021-24779 WP Debugging < 2.11.0 - Unauthenticated Plugin's Settings Update
E
CVE-2021-24780 Single Post Exporter <= 1.1.1 - Plugin's Settings Update via CSRF
E
CVE-2021-24781 Image Source Control < 2.3.1 - Contributor+ Arbitrary Post Meta Value Change
E S
CVE-2021-24782 Flex Local Fonts <= 1.0.0 - Admin+ Stored Cross-Site-Scripting
E
CVE-2021-24783 Post Expirator < 2.6.0 - Contributor+ Arbitrary Post Schedule Deletion
E
CVE-2021-24784 WP Admin Logo Changer <= 1.0 - Plugin's Settings Update via CSRF
E
CVE-2021-24785 Great Quotes <= 1.0.0 - Admin+ Stored Cross-Site Scripting
E
CVE-2021-24786 Download Monitor < 4.4.5 - Admin+ SQL Injection
E
CVE-2021-24787 Client Invoicing by Sprout Invoices < 19.9.7 - Admin+ Stored Cross-Site Scripting
E
CVE-2021-24788 Batch Cat <= 0.3 - Subscriber+ Arbitrary Categories Add/Set/Delete to Posts
E
CVE-2021-24789 Flat Preloader < 1.5.5 - Admin+ Stored Cross-Site Scripting
E
CVE-2021-24790 Contact Form Advanced Database <= 1.0.8 - Unauthorised AJAX Calls
E
CVE-2021-24791 Header Footer Code Manager < 1.1.14 - Admin+ SQL Injections
E
CVE-2021-24792 Shiny Buttons <= 1.1.0 - Unauthenticated Stored Cross-Site Scripting
E
CVE-2021-24793 WPeMatico RSS Feed Fetcher < 2.6.12 - Admin+ Stored Cross-Site Scripting
E
CVE-2021-24794 Connections Business Directory < 10.4.3 - Admin+ Stored Cross-Site Scripting
E
CVE-2021-24795 Filter Portfolio Gallery <= 1.5 - Arbitrary Gallery Deletion via CSRF
E
CVE-2021-24796 My Tickets < 1.8.31 - Unauthenticated Stored Cross-Site Scripting
E
CVE-2021-24797 Tickera < 3.4.8.3 - Unauthenticated Stored Cross-Site Scripting
E
CVE-2021-24798 WP Header Images < 2.0.1 - Reflected Cross-Site Scripting
E
CVE-2021-24799 Far Future Expiry Header < 1.5 - Plugin's Settings Update via CSRF
E
CVE-2021-24800 DW Question & Answer Pro <= 1.3.4 - Arbitrary Comment Edition via IDOR
E
CVE-2021-24801 WP Survey Plus <= 1.0 - Subscriber+ AJAX Calls
E
CVE-2021-24802 Colorful Categories < 2.0.15 - Arbitrary Colors Update via CSRF
E
CVE-2021-24803 Core Tweaks WP Setup <= 4.1 - Arbitrary Admin Account Creation / Admin Email Update via CSRF
E
CVE-2021-24804 Simple JWT Login < 3.2.1 - Arbitrary Settings Update to Site Takeover via CSRF
E
CVE-2021-24805 DW Question & Answer Pro <= 1.3.4 - Multiple CSRF
E
CVE-2021-24806 wpDiscuz < 7.3.4 - Arbitrary Comment Addition/Edition/Deletion via CSRF
E
CVE-2021-24807 Support Board < 3.3.5 - Agent+ Stored Cross-Site Scripting
E
CVE-2021-24808 BP Better Messages < 1.9.9.41 - Reflected Cross-Site Scripting
E S
CVE-2021-24809 BP Better Messages < 1.9.9.41 - Multiple CSRF
E S
CVE-2021-24810 WP Event Manager < 3.1.23 - Admin+ Stored Cross-Site Scripting
E
CVE-2021-24811 Shop Page WP < 1.2.8 - Admin+ Stored Cross-Site Scripting
E
CVE-2021-24812 BetterLinks < 1.2.6 - Admin+ Stored Cross-Site Scripting
E
CVE-2021-24813 Events Made Easy < 2.2.24 - Admin+ Stored Cross-Site Scripting
E S
CVE-2021-24814 WordPress GDPR & CCPA < 1.9.26 - Authenticated Reflected Cross-Site Scripting
E
CVE-2021-24815 Paypal Donation < 1.3.2 - Admin+ Stored Cross-Site Scripting
E
CVE-2021-24816 Phoenix Media Rename < 3.4.4 - Author Arbitrary Media File Renaming
E
CVE-2021-24817 Ultimate NoFollow <= 1.4.8 - Contributor+ Stored Cross-Site Scripting
E
CVE-2021-24818 WP Limits <= 1.0 - Plugin's Settings Update via CSRF
E
CVE-2021-24819 Page/Post Content Shortcode <= 1.0 - Contributor+ Arbitrary Posts/Pages Access
E
CVE-2021-24820 Cost Calculator <= 1.6 - Authenticated Local File Inclusion
CVE-2021-24821 Cost Calculator < 1.6 - Contributor+ Stored Cross-Site Scripting
E
CVE-2021-24822 Stylish Cost Calculator < 7.04 - Subscriber+ Unauthorised AJAX Calls to Stored XSS
E
CVE-2021-24823 Support Board < 3.3.6 - Arbitrary File Deletion via CSRF
E
CVE-2021-24824 Custom Content Shortcode < 4.0.1 - Unauthorised Arbitrary Post Metadata Access
E
CVE-2021-24825 Custom Content Shortcode < 4.0.2 - Authenticated Arbitrary File Access / LFI
E
CVE-2021-24826 Custom Content Shortcode < 4.0.2 - Authenticated Stored Cross-Site Scripting
E
CVE-2021-24827 Asgaros Forum < 1.15.13 - Unauthenticated SQL Injection
E S
CVE-2021-24828 Mortgage Calculator / Loan Calculator < 1.5.17 - Contributor+ Stored Cross-Site Scripting
E
CVE-2021-24829 Visitor Traffic Real Time Statistics < 3.9 - Subscriber+ SQL Injection
E
CVE-2021-24830 Advanced Access Manager < 6.8.0 - Admin+ Stored Cross-Site Scripting
E S
CVE-2021-24831 Tab - Accordion, FAQ < 1.3.2 - Unauthenticated AJAX Calls
E
CVE-2021-24832 WP SEO Redirect 301 < 2.3.2 - Redirect Deletion via CSRF
E
CVE-2021-24833 YOP Poll < 6.3.1 - Author+ Stored Cross-Site Scripting via Preview Module
S
CVE-2021-24834 YOP Poll < 6.3.1 - Author+ Stored Cross-Site Scripting via Options Module
S
CVE-2021-24835 WCFM - Frontend Manager for WooCommerce < 6.5.12 - Customer/Subscriber+ SQL Injection
E
CVE-2021-24836 Temporary Login Without Password < 1.7.1 - Subscriber+ Plugin's Settings Update
E
CVE-2021-24837 Passster < 3.5.5.8 - Contributor+ Stored Cross-Site Scripting
E
CVE-2021-24838 AnyComment < 0.3.5 - Open Redirect
E
CVE-2021-24839 SupportCandy < 2.2.5 - Unauthenticated Arbitrary Ticket Deletion
E
CVE-2021-24840 Squaretype Modern Blog < 3.0.4 - Unauthenticated Private/Schedule Posts Disclosure
E
CVE-2021-24841 Helpful < 4.4.59 - Admin+ Stored Cross-Site Scripting
E
CVE-2021-24842 Bulk Datetime Change < 1.12 - Missing Authorisation
E
CVE-2021-24843 SupportCandy < 2.2.7 - Arbitrary Ticket Deletion via CSRF
E
CVE-2021-24844 Affiliate Manager < 2.8.7 - Admin+ SQL injection
E S
CVE-2021-24845 Improved Include Page <= 1.2 - Contributor+ Arbitrary Posts/Pages Access
E
CVE-2021-24846 Ni WooCommerce Custom Order Status < 1.9.7 - Subscriber+ SQL Injection
E
CVE-2021-24847 SEO Redirection < 8.2 - Subscriber+ SQL Injection
E
CVE-2021-24848 Mediamatic < 2.8.1 - Subscriber+ SQL Injection
E
CVE-2021-24849 WCFM - WooCommerce Multivendor Marketplace < 3.4.12 - Unauthenticated SQL Injection
E
CVE-2021-24850 Insert Pages < 3.7.0 - Contributor+ Stored Cross-Site Scripting
E
CVE-2021-24851 Insert Pages < 3.7.0 - Contributor+ Arbitrary Posts/Pages Access
E S
CVE-2021-24852 MouseWheel Smooth Scroll < 5.7 - Plugin's Setting Update via CSRF
E
CVE-2021-24853 QR Redirector < 1.6 - Subscriber+ Arbitrary QR Redirect Response Status Update
E
CVE-2021-24854 QR Redirector < 1.6.1 - Contributor+ Stored Cross-Site Scripting
E
CVE-2021-24855 Display Post Metadata < 1.5.0 - Contributor+ Stored Cross-Site Scripting
E
CVE-2021-24856 Shared Files < 1.6.61 - Admin+ Stored Cross-Site Scripting
E
CVE-2021-24857 ToTop Link <= 1.7.1 - Unauthenticated PHP Object Injection
E
CVE-2021-24858 WP Cookie User Info < 1.0.9 - Admin+ SQL Injection
E
CVE-2021-24859 User Meta Shortcodes <= 0.5 - Contributor+ Unauthorized Arbitrary User Metadata Access
E
CVE-2021-24860 BSK PDF Manager < 3.1.2 - Admin+ SQL Injection
E
CVE-2021-24861 Quotes Collection <= 2.5.2 - Admin+ SQL Injection
E
CVE-2021-24862 RegistrationMagic < 5.0.1.6 - Admin+ SQL Injection
E
CVE-2021-24863 StopBadBots < 6.67 - Unauthenticated SQL Injection
E
CVE-2021-24864 WP Cloudy < 4.4.9 - Admin+ SQL Injection
CVE-2021-24865 Advanced Custom Fields: Extended < 0.8.8.7 - Admin+ SQL Injection
E S
CVE-2021-24866 WP Data Access < 5.0.0 - Admin+ SQL Injection
E
CVE-2021-24867 Backdoored Plugins & Themes from AccessPress Themes
E
CVE-2021-24868 Document Embedder < 1.7.9 - Subscriber+ Arbitrary Private/Draft Post Title Disclosure
E
CVE-2021-24869 WP Fastest Cache < 0.9.5 - Subscriber+ SQL Injection
E
CVE-2021-24870 WP Fastest Cache < 0.9.5 - CSRF to Stored Cross-Site Scripting
E
CVE-2021-24871 Get Custom Field Values < 4.0.1 - Contributor+ Stored Cross-Site Scripting
E
CVE-2021-24872 Get Custom Field Values < 4.0 - Contributors+ Arbitrary Post Metadata Access
E
CVE-2021-24873 Tutor LMS < 1.9.11 - Reflected Cross-Site Scripting
S
CVE-2021-24874 Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue < 3.1.31 - Reflected Cross-Site Scripting
E
CVE-2021-24875 eCommerce Product Catalog for WordPress < 3.0.39 - Reflected Cross-Site Scripting
CVE-2021-24876 Registrations for The Events Calendar < 2.7.5 - Reflected Cross-Site Scripting
E
CVE-2021-24877 MainWP Child < 4.1.8 - Admin+ SQL Injection
E
CVE-2021-24878 SupportCandy < 2.2.7 - Reflected Cross-Site Scripting
E
CVE-2021-24879 SupportCandy < 2.2.7 - CSRF to Cross-Site Scripting
E
CVE-2021-24880 SupportCandy < 2.2.7 - Contributor+ Stored Cross-Site Scripting
E
CVE-2021-24881 Passster < 3.5.5.9 - Protection Bypass & Arbitrary Post Access
E
CVE-2021-24882 Slideshow Gallery < 1.7.4 - Admin+ Stored Cross-Site Scripting
E
CVE-2021-24883 Popup Anything < 2.0.4 - Contributor+ Stored Cross-Site Scripting
CVE-2021-24884 Formidable Form Builder < 4.09.05 - Unauthenticated Stored Cross-Site Scripting
E S
CVE-2021-24885 YOP Poll < 6.1.2 - Reflected Cross-Site Scripting
E S
CVE-2021-24888 ImageBoss < 3.0.6 - Admin+ Stored Cross-Site Scripting
E
CVE-2021-24889 Ninja Forms < 3.6.4 - Admin+ SQL Injection
E
CVE-2021-24890 Scripts Organizer < 3.0 - Unauthenticated Arbitrary File Upload
E S
CVE-2021-24891 Elementor < 3.4.8 - DOM Cross-Site-Scripting
E
CVE-2021-24892 Advanced Forms < 1.6.9 - Subscriber+ Arbitrary User Email Address Update via IDOR
E S
CVE-2021-24893 Stars Rating < 3.5.1 - Comments Denial of Service
E
CVE-2021-24894 Reviews Plus < 1.2.14 - Subscriber+ Reviews DoS
E S
CVE-2021-24895 Cybersoldier < 1.7.0 - Admin+ Stored Cross-Site Scripting
E
CVE-2021-24896 Caldera forms < 1.9.5 - Admin+ Stored Cross-Site Scripting
E
CVE-2021-24897 Add Subtitle <= 1.1.0 - Contributor+ Stored Cross-Site Scripting
E
CVE-2021-24898 EditableTable <= 0.1.4 - Admin+ Stored Cross-Site Scripting
E
CVE-2021-24899 Media-Tags <= 3.2.0.2 - Admin+ Stored Cross-Site Scripting
E
CVE-2021-24900 Ninja Tables < 4.1.8 - Admin+ Stored Cross-Site Cross-Site Scripting
E
CVE-2021-24901 Security Audit <= 1.0.0 - Admin+ Stored Cross Site Scripting
E
CVE-2021-24902 Typebot < 1.4.3 - Admin+ Stored Cross Site Scripting
E
CVE-2021-24903 GRAND FlaGallery <= 6.1.2 - Admin+ Stored Cross-Site Scripting
E
CVE-2021-24904 Mortgage Calculators WP < 1.56 - Admin+ Stored Cross-Site Scripting
E
CVE-2021-24905 Advanced Contact form 7 DB < 1.8.7 - Subscriber+ Arbitrary File Deletion
E
CVE-2021-24906 Protect WP Admin < 3.6.2 - Unauthenticated Plugin Deactivation
E
CVE-2021-24907 Everest Forms < 1.8.0 - Reflected Cross-Site Scripting
E
CVE-2021-24908 Check & Log Email < 1.0.4 - Reflected Cross-Site Scripting
E
CVE-2021-24909 ACF Photo Gallery Field < 1.7.5 - Reflected Cross-Site Scripting
E
CVE-2021-24910 Transposh WordPress Translation < 1.0.8 - Reflected Cross-Site Scripting
E
CVE-2021-24911 Transposh WordPress Translation < 1.0.8 - Stored Cross-Site Scripting
E
CVE-2021-24912 Transposh WordPress Translation < 1.0.8 - CSRF to Stored XSS
E
CVE-2021-24913 Logo Showcase with Slick Slider < 2.0.1 - Arbitrary Media Title/Description/Alt Text/URL Update via CSRF
E
CVE-2021-24914 Tawk.to Live Chat < 0.6.0 - Subscriber+ Visitor Monitoring & Chat Removal
E
CVE-2021-24915 Contest Gallery < 13.1.0.6 - Missing Access Controls to Unauthenticated SQL injection / Email Address Disclosure
E
CVE-2021-24916 Qubely < 1.8.6 - Unauthenticated Arbitrary E-mail Sending
E
CVE-2021-24917 WPS Hide Login < 1.9.1 - Protection Bypass with Referer-Header
E
CVE-2021-24918 Smash Balloon Social Post Feed < 4.0.1 - Subscriber+ Arbitrary Plugin Settings Update to Stored XSS
E
CVE-2021-24919 Wicked Folders < 2.18.10 - Subscriber+ SQL Injection
E S
CVE-2021-24920 StatCounter < 2.0.7 - Admin+ Stored Cross-Site Scripting
E
CVE-2021-24921 Advanced Database Cleaner < 3.0.4 - Reflected Cross-Site Scripting
E
CVE-2021-24922 Pixel Cat Lite < 2.6.2 - CSRF to Stored Cross-Site Scripting
E
CVE-2021-24923 Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue < 3.1.25 - Reflected XSS
E
CVE-2021-24924 Email Log < 2.4.8 - Reflected Cross-Site Scripting
E
CVE-2021-24925 Modern Events Calendar Lite < 6.1.5 - Reflected Cross-Site Scripting
E
CVE-2021-24926 Domain Check < 1.0.17 - Reflected Cross-Site Scripting
E
CVE-2021-24927 My Calendar < 3.2.18 - Subscriber+ Reflected Cross-Site Scripting
E
CVE-2021-24928 Rearrange Woocommerce Products < 3.0.8 - Subscriber+ SQL Injection
E
CVE-2021-24930 Bookly < 20.3.1 - Staff Member Stored Cross-Site Scripting
E
CVE-2021-24931 Secure Copy Content Protection and Content Locking < 2.8.2 - Unauthenticated SQL Injection
E
CVE-2021-24932 Auto Featured Image < 3.9.3 - Reflected Cross-Site Scripting
E
CVE-2021-24933 Dynamic Widgets <= 1.5.16 - Reflected Cross-Site Scripting
E
CVE-2021-24934 Visual CSS Style Editor < 7.5.4 - Reflected Cross-Site Scripting
E S
CVE-2021-24935 WP Google Fonts < 3.1.5 - Reflected Cross-Site Scripting
E S
CVE-2021-24936 WP Extra File Types < 0.5.1 - CSRF to Stored Cross-Site Scripting
E
CVE-2021-24937 Asset CleanUp < 1.3.8.5 - Reflected Cross-Site Scripting
E
CVE-2021-24938 WooCommerce Currency Switcher < 1.3.7.1 - Reflected Cross-Site Scripting
E
CVE-2021-24939 LoginWP < 3.0.0.5 - Reflected Cross-Site Scripting
E
CVE-2021-24940 Persian Woocommerce <= 5.8.0 - Reflected Cross-Site Scripting
E
CVE-2021-24941 Icegram < 2.0.5 - Reflected Cross-Site Scripting
E
CVE-2021-24942 Menu Item Visibility Control <= 0.5 - Admin+ Arbitrary PHP Code Execution
E
CVE-2021-24943 Registrations for the Events Calendar < 2.7.6 - Unauthenticated SQL Injection
E
CVE-2021-24944 Custom Dashboard & Login Page < 7.0 - Admin+ Stored Cross-Site Scripting
E
CVE-2021-24945 Like Button Rating < 2.6.38 - Unauthorised Vote Export to Email & IP Addresses Disclosure
E
CVE-2021-24946 Modern Events Calendar < 6.1.5 - Unauthenticated Blind SQL Injection
E
CVE-2021-24947 RVM - Responsive Vector Maps < 6.4.2 - Subscriber+ Arbitrary File Read
E
CVE-2021-24948 The Plus Addons for Elementor Pro < 5.0.7 - Sensitive Data Disclosure
E
CVE-2021-24949 The Plus Addons for Elementor Pro < 5.0.7 - Unauthenticated SQL Injection
E
CVE-2021-24950 Insight Core <= 1.0 - Subscriber+ PHP Object Injection & Stored XSS
E
CVE-2021-24951 LearnPress < 4.1.4 - Admin+ SQL Injection
E
CVE-2021-24952 Conversios.io < 4.6.2 - Subscriber+ SQL Injection
E
CVE-2021-24953 Advanced iFrame < 2022 - Reflected Cross-Site Scripting
E
CVE-2021-24954 ProfilePress < 3.2.3 - Reflected Cross-Site Scripting
E S
CVE-2021-24955 ProfilePress < 3.2.3 - Reflected Cross-Site Scripting
E S
CVE-2021-24956 Blog2Social < 6.8.7 - Reflected Cross-Site Scripting
E
CVE-2021-24957 Advanced Page Visit Counter < 6.1.6 - Subscriber+ Blind SQL injection
E
CVE-2021-24958 Meks Easy Photo Feed Widget < 1.2.4 - Subscriber+ Settings Update to Stored XSS
E
CVE-2021-24959 WP Email Users <= 1.7.6 - Subscriber+ SQL Injection
E
CVE-2021-24960 WordPress File Upload < 4.16.3 - Contributor+ Stored Cross-Site Scripting via Malicious SVG
E S
CVE-2021-24961 WordPress File Upload < 4.16.3 - Contributor+ Stored Cross-Site Scripting via Shortcode
E S
CVE-2021-24962 WordPress File Upload < 4.16.3 - Contributor+ Path Traversal to RCE
E S
CVE-2021-24963 LiteSpeed Cache < 4.4.4 - Admin+ Reflected Cross-Site Scripting
E S
CVE-2021-24964 LiteSpeed Cache < 4.4.4 - IP Check Bypass to Unauthenticated Stored XSS
E
CVE-2021-24965 Five Star Restaurant Reservations < 2.4.8 - Subscriber+ Stored Cross-Site Scripting
E
CVE-2021-24966 Error Log Viewer Plugin <= 1.1.1 - Admin+ Arbitrary File Clearing
E
CVE-2021-24967 Contact Form & Lead Form Elementor Builder < 1.6.4 - Unauthenticated Stored Cross-Site Scripting
E
CVE-2021-24968 Ultimate FAQ < 2.1.2 - Subscriber+ Arbitrary FAQ Creation
E S
CVE-2021-24969 Download Manager < 3.2.22 - Subscriber+ Stored Cross-Site Scripting
E
CVE-2021-24970 All-In-One-Gallery < 2.5.0 - Admin+ Local File Inclusion
E
CVE-2021-24971 WP Responsive Menu < 3.1.7.1 - Subscriber+ Settings Update to Stored XSS
E
CVE-2021-24972 Pixel Cat Lite < 2.6.3 - Admin+ Stored Cross-Site Scripting
E
CVE-2021-24973 Site Reviews < 5.17.3 - Unauthenticated Stored Cross-Site Scripting
E S
CVE-2021-24974 Product Feed PRO for WooCommerce < 11.0.7 - Subscriber+ Settings Update to Stored XSS
E
CVE-2021-24975 NextScripts: Social Networks Auto-Poster < 4.3.24 - Unauthenticated Stored XSS
E S
CVE-2021-24976 Smart SEO Tool < 3.0.6 - Reflected Cross-Site Scripting
E S
CVE-2021-24977 Use Any Font < 6.2.1 - Unauthenticated Arbitrary CSS Appending
E
CVE-2021-24978 OSMapper <= 2.1.5 - Unauthenticated Arbitrary Post Deletion
E
CVE-2021-24979 Paid Memberships Pro < 2.6.6 - Reflected Cross-Site Scripting
E S
CVE-2021-24980 Gwolle Guestbook < 4.2.0 - Reflected Cross-Site Scripting
E
CVE-2021-24981 Directorist – Business Directory Plugin < 7.0.6.2 - CSRF to Remote File Upload
E
CVE-2021-24982 Child Theme Generator <= 2.2.7 - Reflected Cross-Site Scripting
E
CVE-2021-24983 Asset CleanUp < 1.3.8.5 - Reflected Cross-Site Scripting via AJAX Action
E
CVE-2021-24984 WPFront User Role Editor < 3.2.1.11184 - Reflected Cross-Site Scripting
E
CVE-2021-24985 Easy Forms for Mailchimp < 6.8.6 - Reflected Cross-Site Scripting
E S
CVE-2021-24986 Post Grid < 2.1.16 - Reflected Cross-Site Scripting via keyword
E
CVE-2021-24987 Super Socializer < 7.13.30 - Reflected Cross-Site Scripting
E
CVE-2021-24988 WP RSS Aggregator < 4.19.3 - Subscriber+ Stored Cross-Site Scripting
E
CVE-2021-24989 Accept Donations with PayPal < 1.3.4 - Arbitrary Post Deletion via CSRF
E
CVE-2021-24991 WooCommerce PDF Invoices & Packing Slips < 2.10.5 - Reflected Cross-Site Scripting
E
CVE-2021-24992 Buttonizer - Smart Floating Action Button < 2.5.5 - Admin+ Stored Cross-Site Scripting
E
CVE-2021-24993 Ultimate Product Catalog < 5.0.26 - Subscriber+ Arbitrary Product Creation & Settings Update
E S
CVE-2021-24994 WPvivid Backup and Migration Plugin < 0.9.69 - Unauthenticated Stored Cross-Site Scripting
E
CVE-2021-24995 HTML5 Responsive FAQ <= 2.8.5 - Admin+ Stored Cross-Site Scripting
E
CVE-2021-24996 IDPay for Contact Form 7 <= 2.1.2 - Reflected Cross-Site Scripting
E
CVE-2021-24997 WP Guppy < 1.3 - Sensitive Information Disclosure
E
CVE-2021-24998 Simple JWT Login < 3.3.0 - Insecure Password Creation
E S
CVE-2021-24999 Booster for Woocommerce < 5.4.9 - Reflected Cross-Site Scripting in PDF Invoicing Module
E
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.