Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-36895 | 1 Tripetto | 1 Tripetto | 2024-11-21 | 4.3 MEDIUM | 4.7 MEDIUM |
|
Unauthenticated Cross-Site Scripting (XSS) vulnerability in Tripetto's Tripetto plugin <= 5.1.4 on WordPress via SVG image upload.
|
|||||
| CVE-2021-36893 | 1 Wpdarko | 1 Responsive Tabs | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Responsive Tabs (WordPress plugin) <= 4.0.5
|
|||||
| CVE-2021-36889 | 1 Tarteaucitron.js - Cookies Legislation \& Gdpr Project | 1 Tarteaucitron.js - Cookies Legislation \& Gdpr | 2024-11-21 | 3.5 LOW | 3.4 LOW |
|
Multiple Stored Authenticated Cross-Site Scripting (XSS) vulnerabilities were discovered in tarteaucitron.js – Cookies legislation & GDPR WordPress plugin (versions <= 1.6).
|
|||||
| CVE-2021-36887 | 1 Tarteaucitron.js - Cookies Legislation \& Gdpr Project | 1 Tarteaucitron.js - Cookies Legislation \& Gdpr | 2024-11-21 | 6.8 MEDIUM | 6.1 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) discovered in tarteaucitron.js – Cookies legislation & GDPR WordPress plugin (versions <= 1.5.4), vulnerable parameters "tarteaucitronEmail" and "tarteaucitronPass".
|
|||||
| CVE-2021-36885 | 1 Ciphercoin | 1 Contact Form 7 Database Addon | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in Contact Form 7 Database Addon – CFDB7 WordPress plugin (versions <= 1.2.6.1).
|
|||||
| CVE-2021-36884 | 1 Backupbliss | 1 Backup Migration | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Authenticated Persistent Cross-Site Scripting (XSS) vulnerability discovered in WordPress Backup Migration plugin <= 1.1.5 versions.
|
|||||
| CVE-2021-36873 | 1 Webence | 1 Iq Block Country | 2024-11-21 | 3.5 LOW | 5.5 MEDIUM |
|
Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in WordPress iQ Block Country plugin (versions <= 1.2.11). Vulnerable parameter: &blockcountry_blockmessage.
|
|||||
| CVE-2021-36872 | 1 Wordpress Popular Posts Project | 1 Wordpress Popular Posts | 2024-11-21 | 3.5 LOW | 5.5 MEDIUM |
|
Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in WordPress Popular Posts plugin (versions <= 5.3.3). Vulnerable at &widget-wpp[2][post_type].
|
|||||
| CVE-2021-36871 | 1 Codecabin | 1 Wp Go Maps | 2024-11-21 | 3.5 LOW | 5.5 MEDIUM |
|
Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in WordPress WP Google Maps Pro premium plugin (versions <= 8.1.11). Vulnerable parameters: &wpgmaps_marker_category_name, Value > &attributes[], Name > &attributes[], &icons[], &names[], &description, &link, &title.
|
|||||
| CVE-2021-36870 | 1 Codecabin | 1 Wp Go Maps | 2024-11-21 | 3.5 LOW | 5.5 MEDIUM |
|
Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in WordPress WP Google Maps plugin (versions <= 8.1.12). Vulnerable parameters: &dataset_name, &wpgmza_gdpr_retention_purpose, &wpgmza_gdpr_company_name, &name #2, &name, &polyname #2, &polyname, &address.
|
|||||
| CVE-2021-36869 | 1 Ivorysearch | 1 Ivory Search | 2024-11-21 | 4.3 MEDIUM | 4.8 MEDIUM |
|
Reflected Cross-Site Scripting (XSS) vulnerability in WordPress Ivory Search plugin (versions <= 4.6.6). Vulnerable parameter: &post.
|
|||||
| CVE-2021-36867 | 1 Psychological Tests \& Quizzes Project | 1 Psychological Tests \& Quizzes | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko's Psychological tests & quizzes plugin <= 0.21.19 on WordPress possible for users with contributor or higher user rights.
|
|||||
| CVE-2021-36866 | 1 Fatcatapps | 1 Easy Pricing Tables | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Authenticated (author or higher role) Stored Cross-Site Scripting (XSS) vulnerability in Fatcat Apps Easy Pricing Tables plugin <= 3.1.2 at WordPress.
|
|||||
| CVE-2021-36864 | 1 Expresstech | 1 Quiz And Survey Master | 2024-11-21 | N/A | 3.4 LOW |
|
Auth. (editor+) Reflected Cross-Site Scripting (XSS) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 on WordPress.
|
|||||
| CVE-2021-36863 | 1 Expresstech | 1 Quiz And Survey Master | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 on WordPress.
|
|||||
| CVE-2021-36857 | 1 Wpshopmart | 1 Testimonial Builder | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Authenticated (editor+) Stored Cross-Site Scripting (XSS) vulnerability in wpshopmart Testimonial Builder plugin <= 1.6.1 at WordPress.
|
|||||
| CVE-2021-36855 | 1 Bookingultrapro | 1 Booking Ultra Pro Appointments Booking Calendar | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in Booking Ultra Pro plugin <= 1.1.4 at WordPress.
|
|||||
| CVE-2021-36851 | 1 Web-settler | 1 Testimonial Slider | 2024-11-21 | 3.5 LOW | 4.1 MEDIUM |
|
Authenticated (editor or higher user role) Cross-Site Scripting (XSS) vulnerability in Web-Settler Testimonial Slider – Free Testimonials Slider Plugin (WordPress plugin) via parameters mpsp_posts_bg_color, mpsp_posts_description_color, mpsp_slide_nav_button_color.
|
|||||
| CVE-2021-36849 | 1 Social Media Share Buttons Project | 1 Social Media Share Buttons | 2024-11-21 | N/A | 3.4 LOW |
|
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in René Hermenau's Social Media Share Buttons plugin <= 3.8.1 at WordPress.
|
|||||
| CVE-2021-36848 | 1 Sharethis | 1 Social Media Feather | 2024-11-21 | 3.5 LOW | 3.4 LOW |
|
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Social Media Feather (WordPress plugin) versions <= 2.0.4
|
|||||
| CVE-2021-36847 | 1 Webba-booking | 1 Webba Booking | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WebbaPlugins Webba Booking plugin <= 4.2.21 at WordPress.
|
|||||
| CVE-2021-36846 | 1 Premio | 1 Chaty | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Premio Chaty (WordPress plugin) <= 2.8.3
|
|||||
| CVE-2021-36845 | 1 Yithemes | 1 Yith Maintenance Mode | 2024-11-21 | 3.5 LOW | 6.9 MEDIUM |
|
Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in YITH Maintenance Mode (WordPress plugin) versions <= 1.3.8, there are 46 vulnerable parameters that were missed by the vendor while patching the 1.3.7 version to 1.3.8. Vulnerable parameters: 1 - "Newsletter" tab, &yith_maintenance_newsletter_submit_label parameter: payload should start with a single quote (') symbol to break the context, i.e.: NOTIFY ME' autofocus onfocus=alert(/Visse/);// v=' - this payload will be aut ...
Show More |
|||||
| CVE-2021-36844 | 1 Mythemeshop | 1 Wp Subscribe | 2024-11-21 | 3.5 LOW | 3.4 LOW |
|
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MyThemeShop WP Subscribe plugin <= 1.2.12 on WordPress.
|
|||||
| CVE-2021-36843 | 1 Acurax | 1 Floating Social Media Icon | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Floating Social Media Icon plugin (versions <= 4.3.5) Social Media Configuration form. Requires high role user like admin.
|
|||||
| CVE-2021-36841 | 1 Yithemes | 1 Yith Maintenance Mode | 2024-11-21 | 3.5 LOW | 6.9 MEDIUM |
|
Authenticated Stored Cross-Site Scripting (XSS) vulnerability in YITH Maintenance Mode (WordPress plugin) versions <= 1.3.7, vulnerable parameter &yith_maintenance_newsletter_submit_label. Possible even when unfiltered HTML is disallowed by WordPress configuration.
|
|||||
| CVE-2021-36839 | 1 Spacexchimp | 1 Social Media Follow Buttons Bar | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Social Media Follow Buttons Bar plugin <= 4.73 at WordPress.
|
|||||
| CVE-2021-36832 | 1 Icegram | 1 Icegram Engage | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
WordPress Popups, Welcome Bar, Optins and Lead Generation Plugin – Icegram (versions <= 2.0.2) vulnerable at "Headline" (&message_data[16][headline]) input.
|
|||||
| CVE-2021-36830 | 1 Comment Guestbook Project | 1 Comment Guestbook | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Comment Guestbook plugin <= 0.8.0 at WordPress.
|
|||||
| CVE-2021-36829 | 1 Mythemeshop | 1 Launcher | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MyThemeShop Launcher: Coming Soon & Maintenance Mode plugin <= 1.0.11 at WordPress.
|
|||||
| CVE-2021-36828 | 1 Wp Maintenance Project | 1 Wp Maintenance | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Authenticated (admin+) Stored Cross-Site Scripting (XSS) in WP Maintenance plugin <= 6.0.7 versions.
|
|||||
| CVE-2021-36827 | 1 Ninjaforms | 1 Ninja Forms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Saturday Drive's Ninja Forms Contact Form plugin <= 3.6.9 at WordPress via "label".
|
|||||
| CVE-2021-36826 | 1 Wedevs | 1 Wp Project Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Authenticated (subscriber or higher user role if allowed to access projects) Stored Cross-Site Scripting (XSS) vulnerability in weDevs WP Project Manager plugin <= 2.4.13 versions.
|
|||||
| CVE-2021-36823 | 1 Cusmin | 1 Absolutely Glamorous Custom Admin | 2024-11-21 | 3.5 LOW | 6.6 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cusmin AGCA - Absolutely Glamorous Custom Admin (WordPress plugin) allows Stored XSS.This issue affects AGCA - Absolutely Glamorous Custom Admin (WordPress plugin): from n/a through 6.8.
|
|||||
| CVE-2021-36821 | 1 Incsub | 1 Forminator | 2024-11-21 | N/A | 7.1 HIGH |
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPMU DEV Forminator allows Stored XSS.This issue affects Forminator: from n/a through 1.14.11.
|
|||||
| CVE-2021-36806 | 1 Sophos | 1 Email Appliance | 2024-11-21 | N/A | 4.7 MEDIUM |
|
A reflected XSS vulnerability allows an open redirect when the victim clicks a malicious link to an error page on
Sophos Email Appliance
older than version 4.5.3.4.
|
|||||
| CVE-2021-36805 | 1 Akaunting | 1 Akaunting | 2024-11-21 | 3.5 LOW | 5.2 MEDIUM |
|
Akaunting version 2.1.12 and earlier suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in the sales invoice processing component of the application. This issue was fixed in version 2.1.13 of the product.
|
|||||
| CVE-2021-36803 | 1 Akaunting | 1 Akaunting | 2024-11-21 | 3.5 LOW | 6.3 MEDIUM |
|
Akaunting version 2.1.12 and earlier suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in processing user-supplied avatar images. This issue was fixed in version 2.1.13 of the product.
|
|||||
| CVE-2021-36790 | 1 Dated News Project | 1 Dated News | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allows XSS.
|
|||||
| CVE-2021-36788 | 1 Yoast | 1 Yoast Seo | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
The yoast_seo (aka Yoast SEO) extension before 7.2.3 for TYPO3 allows XSS.
|
|||||