CVE-2021-24632
The Recipe Card Blocks by WPZOOM WordPress plugin before 2.8.1 does not escape the message parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting issue
Source: CVE-2021-24632
[월:] 2021년 09월
CVE-2021-24569
CVE-2021-24569
The Cookie Notice & Compliance for GDPR / CCPA WordPress plugin before 2.1.2 does not escape the value of its Button Text setting when outputting it in an attribute in the frontend, allowing high privilege users such as admin to perform Cross-Site Scripting even when the unfiltered_html capability is disallowed.
Source: CVE-2021-24569
CVE-2021-24633
CVE-2021-24633
The Countdown Block WordPress plugin before 1.1.2 does not have authorisation in the eb_write_block_css AJAX action, which allows any authenticated user, such as Subscriber, to modify post contents displayed to users.
Source: CVE-2021-24633
CVE-2021-24634
CVE-2021-24634
The Recipe Card Blocks by WPZOOM WordPress plugin before 2.8.3 does not properly sanitise or escape some of the properties of the Recipe Card Block (such as ingredientsLayout, iconSet, steps, ingredients, recipeTitle, or settings), which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks.
Source: CVE-2021-24634
CVE-2021-24643
CVE-2021-24643
The WP Map Block WordPress plugin before 1.2.3 does not escape some attributes of the WP Map Block, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks
Source: CVE-2021-24643
CVE-2021-24652
CVE-2021-24652
The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 performs incorrect checks before allowing any logged in user to perform some ajax based requests, allowing any user to modify, delete or add ultp_options values.
Source: CVE-2021-24652
CVE-2021-24659
CVE-2021-24659
The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the plugin’s block.
Source: CVE-2021-24659
CVE-2021-37539
CVE-2021-37539
Zoho ManageEngine ADManager Plus before 7111 is vulnerable to unrestricted file which leads to Remote code execution.
Source: CVE-2021-37539
CVE-2021-26587
CVE-2021-26587
A potential DOM-based Cross Site Scripting security vulnerability has been identified in HPE StoreOnce. The vulnerability could be remotely exploited to cause an elevation of privilege leading to partial impact to confidentiality, availability, and integrity. HPE has made the following software update – HPE StoreOnce 4.3.0, to resolve the vulnerability in HPE StoreOnce.
Source: CVE-2021-26587
CVE-2021-36878
CVE-2021-36878
Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for attackers to update settings.
Source: CVE-2021-36878