Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-18 | CVE-2021-24143 | SQL Injection vulnerability in Accesspressthemes Accesspress Social Icons Unvalidated input in the AccessPress Social Icons plugin, versions before 1.8.1, did not sanitise its widget attribute, allowing accounts with post permission, such as author, to perform SQL injections. | 6.5 |
| 2021-03-18 | CVE-2021-24142 | SQL Injection vulnerability in Webfactoryltd 301 Redirects Unvaludated input in the 301 Redirects - Easy Redirect Manager WordPress plugin, versions before 2.51, did not sanitise its "Redirect From" column when importing a CSV file, allowing high privilege users to perform SQL injections. | 7.2 |
| 2021-03-18 | CVE-2021-24141 | SQL Injection vulnerability in Sigmaplugin Advanced Database Cleaner Unvaludated input in the Advanced Database Cleaner plugin, versions before 3.0.2, lead to SQL injection allowing high privilege users (admin+) to perform SQL attacks. | 6.5 |
| 2021-03-18 | CVE-2021-24140 | SQL Injection vulnerability in Connekthq Ajax Load More Unvalidated input in the Ajax Load More WordPress plugin, versions before 5.3.2, lead to SQL Injection in POST /wp-admin/admin-ajax.php with param repeater=' or sleep(5)#&type=test. | 6.5 |
| 2021-03-18 | CVE-2021-24139 | SQL Injection vulnerability in 10Web Photo Gallery Unvalidated input in the Photo Gallery (10Web Photo Gallery) WordPress plugin, versions before 1.5.55, leads to SQL injection via the frontend/models/model.php bwg_search_x parameter. | 7.5 |
| 2021-03-18 | CVE-2021-24138 | SQL Injection vulnerability in Ajdg Adrotate Unvalidated input in the AdRotate WordPress plugin, versions before 5.8.4, leads to Authenticated SQL injection via param "id". | 5.5 |
| 2021-03-18 | CVE-2021-24137 | SQL Injection vulnerability in Adenion Blog2Social Unvalidated input in the Blog2Social WordPress plugin, versions before 6.3.1, lead to SQL Injection in the Re-Share Posts feature, allowing authenticated users to inject arbitrary SQL commands. | 6.5 |
| 2021-03-18 | CVE-2021-24136 | Cross-site Scripting vulnerability in Axelerant Testimonials Widget Unvalidated input and lack of output encoding in the Testimonials Widget WordPress plugin, versions before 4.0.0, lead to multiple Cross-Site Scripting vulnerabilities, allowing remote attackers to inject arbitrary JavaScript code or HTML via the below parameters: - Author - Job Title - Location - Company - Email - URL | 3.5 |
| 2021-03-18 | CVE-2021-24135 | Cross-site Scripting vulnerability in Gowebsolutions WP Customer Reviews Unvalidated input and lack of output encoding in the WP Customer Reviews WordPress plugin, versions before 3.4.3, lead to multiple Stored Cross-Site Scripting vulnerabilities allowing remote attackers to inject arbitrary JavaScript code or HTML. | 4.3 |
| 2021-03-18 | CVE-2021-24134 | Cross-site Scripting vulnerability in Constantcontact Constant Contact Forms Unvalidated input and lack of output encoding in the Constant Contact Forms WordPress plugin, versions before 1.8.8, lead to multiple Stored Cross-Site Scripting vulnerabilities, which allowed high-privileged user (Editor+) to inject arbitrary JavaScript code or HTML in posts where the malicious form is embed. | 3.5 |