CVE-2021-23445
This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped. Devamını Oku
Devamını oku
CVE-2021-24660
The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the plugin's shortcode. Devamını Oku
CVE-2021-24661
The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with Contributor roles or higher to read password-protected or private post contents the user is otherwise unable to read, given the post ID. Devamını Oku
CVE-2021-24666
The Podlove Podcast Publisher WordPress plugin before 3.5.6 contains a 'Social & Donations' module (not activated by default), which adds the rest route '/services/contributor/(?P<id>[d]+), takes an 'id' and 'category' parameters as arguments. Both parameters can be used for the SQLi. Devamını Oku
CVE-2021-24670
The CoolClock WordPress plugin before 4.3.5 does not escape some shortcode attributes, allowing users with a role as low as Contributor toperform Stored Cross-Site Scripting attacks Devamını Oku
CVE-2021-24569
The Cookie Notice & Compliance for GDPR / CCPA WordPress plugin before 2.1.2 does not escape the value of its Button Text setting when outputting it in an attribute in the frontend, allowing high privilege users such as admin to perform Cross-Site Scripting even when the unfiltered_html capability is disallowed. Devamını Oku
CVE-2021-24610
The TranslatePress WordPress plugin before 2.0.9 does not implement a proper sanitisation on the translated strings. The 'trp_sanitize_string' function only removes script tag with a regex, still allowing other HTML tags and attributes to execute javascript, which could lead to authenticated Stored Cross-Site Scripting issues. Devamını Oku
CVE-2021-24632
The Recipe Card Blocks by WPZOOM WordPress plugin before 2.8.1 does not escape the message parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting issue Devamını Oku
CVE-2021-24633
The Countdown Block WordPress plugin before 1.1.2 does not have authorisation in the eb_write_block_css AJAX action, which allows any authenticated user, such as Subscriber, to modify post contents displayed to users. Devamını Oku
CVE-2021-24634
The Recipe Card Blocks by WPZOOM WordPress plugin before 2.8.3 does not properly sanitise or escape some of the properties of the Recipe Card Block (such as ingredientsLayout, iconSet, steps, ingredients, recipeTitle, or settings), which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks. Devamını Oku
CVE-2021-24643
The WP Map Block WordPress plugin before 1.2.3 does not escape some attributes of the WP Map Block, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks Devamını Oku
CVE-2021-24652
The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 performs incorrect checks before allowing any logged in user to perform some ajax based requests, allowing any user to modify, delete or add ultp_options values. Devamını Oku