Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-03-18 | CVE-2021-24147 | Cross-site Scripting vulnerability in Webnus Modern Events Calendar Lite Unvalidated input and lack of output encoding in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not sanitise the mic_comment field (Notes on time) when adding/editing an event, allowing users with privilege as low as author to add events with a Cross-Site Scripting payload in them, which will be triggered in the frontend when viewing the event. | 3.5 |
2021-03-18 | CVE-2021-24146 | Missing Authorization vulnerability in Webnus Modern Events Calendar Lite Lack of authorisation checks in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format for example. | 5.0 |
2021-03-18 | CVE-2021-24145 | Unrestricted Upload of File with Dangerous Type vulnerability in Webnus Modern Events Calendar Lite Arbitrary file upload in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly check the imported file, allowing PHP ones to be uploaded by administrator by using the 'text/csv' content-type in the request. | 6.5 |
2021-03-18 | CVE-2021-24144 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Ciphercoin Contact Form 7 Database Addon Unvalidated input in the Contact Form 7 Database Addon plugin, versions before 1.2.5.6, was prone to a vulnerability that lets remote attackers inject arbitrary formulas into CSV files. | 7.8 |
2021-03-18 | CVE-2021-24143 | SQL Injection vulnerability in Accesspressthemes Accesspress Social Icons Unvalidated input in the AccessPress Social Icons plugin, versions before 1.8.1, did not sanitise its widget attribute, allowing accounts with post permission, such as author, to perform SQL injections. | 6.5 |
2021-03-18 | CVE-2021-24142 | SQL Injection vulnerability in Webfactoryltd 301 Redirects Unvaludated input in the 301 Redirects - Easy Redirect Manager WordPress plugin, versions before 2.51, did not sanitise its "Redirect From" column when importing a CSV file, allowing high privilege users to perform SQL injections. | 7.2 |
2021-03-18 | CVE-2021-24141 | SQL Injection vulnerability in Sigmaplugin Advanced Database Cleaner Unvaludated input in the Advanced Database Cleaner plugin, versions before 3.0.2, lead to SQL injection allowing high privilege users (admin+) to perform SQL attacks. | 6.5 |
2021-03-18 | CVE-2021-24140 | SQL Injection vulnerability in Connekthq Ajax Load More Unvalidated input in the Ajax Load More WordPress plugin, versions before 5.3.2, lead to SQL Injection in POST /wp-admin/admin-ajax.php with param repeater=' or sleep(5)#&type=test. | 6.5 |
2021-03-18 | CVE-2021-24139 | SQL Injection vulnerability in 10Web Photo Gallery Unvalidated input in the Photo Gallery (10Web Photo Gallery) WordPress plugin, versions before 1.5.55, leads to SQL injection via the frontend/models/model.php bwg_search_x parameter. | 7.5 |
2021-03-18 | CVE-2021-24138 | SQL Injection vulnerability in Ajdg Adrotate Unvalidated input in the AdRotate WordPress plugin, versions before 5.8.4, leads to Authenticated SQL injection via param "id". | 5.5 |