Day: Mart 7, 2022

CVE-2021-24824

The [field] shortcode included with the Custom Content Shortcode WordPress plugin before 4.0.1, allows authenticated users with a role as low as contributor, to access…

Devamını oku

CVE-2021-24821

The Cost Calculator WordPress plugin before 1.6 allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the Description…

Devamını oku

CVE-2021-24810

The WP Event Manager WordPress plugin before 3.1.23 does not escape some of its Field Editor settings when outputting them, allowing high privilege users to…

Devamını oku

CVE-2021-24778

The test parameter of the xmlfeed in the Tradetracker-Store WordPress plugin before 4.6.60 is not sanitised, escaped or validated before inserting to a SQL statement,…

Devamını oku

CVE-2021-24777

The view submission functionality in the Hotscot Contact Form WordPress plugin before 1.3 makes a get request with the sub_id parameter which not sanitised, escaped…

Devamını oku

CVE-2021-24216

The All-in-One WP Migration WordPress plugin before 7.41 does not validate uploaded files’ extension, which allows administrators to upload PHP files on their site, even…

Devamını oku