CVE-2021-24320

The Bello - Directory & Listing WordPress theme before 1.6.0 did not properly sanitise and escape its listinglistview, btbblistingfieldmylat, btbblistingfieldmylng, btbblistingfielddistancevalue, btbblistingfieldmylatdefault, btbblistingfieldkeyword, btbblistingfieldlocationautocomplete,...

CVE-2021-24317

The Listeo WordPress theme before 1.6.11 did not properly sanitise some parameters in its Search, Booking Confirmation and Personal Message pages, leading to Cross-Site Scripting issues...

CVE-2021-24316

The search feature of the Mediumish WordPress theme through 1.0.47 does not properly sanitise it's 's' GET parameter before output it back the page, leading to the Cross-SIte Scripting issue...

Cross site scripting

The Bello - Directory & Listing WordPress theme before 1.6.0 did not properly sanitise its postexcerpt parameter before outputting it back in the shop/my-account/bello-listing-endpoint/ page, leading to a Cross-Site Scripting issue...

Cross site scripting

The Car Repair Services & Auto Mechanic WordPress theme before 4.0 did not properly sanitise its serviceestimatekey search parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting issue...

Cross site scripting

The search feature of the Mediumish WordPress theme through 1.0.47 does not properly sanitise it's 's' GET parameter before output it back the page, leading to the Cross-SIte Scripting issue...

CVE-2021-24335 Car Repair Services < 4.0 - Unauthenticated Reflected XSS & XFS

The Car Repair Services & Auto Mechanic WordPress theme before 4.0 did not properly sanitise its serviceestimatekey search parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting issue...

CVE-2021-24335

The WordPress Car Repair Services & Auto Mechanic Theme (pre-4.0) contains a reflected Cross-Site Scripting (XSS) vulnerability in the serviceestimatekey parameter, which is echoed back in the page without proper sanitization. This could enable injection of malicious scripts when the parameter is...

WordPress 插件 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...

CVE-2021-24297

The Goto WordPress theme before 2.1 did not properly sanitize the formvalue JSON POST parameter in its tlfilter AJAX action, leading to an unauthenticated Reflected Cross-site Scripting XSS vulnerability...

CVE-2021-24297

The Goto WordPress theme before 2.1 did not properly sanitize the formvalue JSON POST parameter in its tlfilter AJAX action, leading to an unauthenticated Reflected Cross-site Scripting XSS vulnerability...

CVE-2021-24297 Goto < 2.1 - Reflected Cross-Site Scripting (XSS)

The Goto WordPress theme before 2.1 did not properly sanitize the formvalue JSON POST parameter in its tlfilter AJAX action, leading to an unauthenticated Reflected Cross-site Scripting XSS vulnerability...

WordPress plugin SQL injection vulnerability (CNVD-2021-37479)

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . A SQL injection vulnerability exists in Goto WordPress...

CVE-2021-24314

The Goto WordPress theme before 2.1 did not sanitise, validate of escape the keywords GET parameter from its listing page before using it in a SQL statement, leading to an Unauthenticated SQL injection issue...

CVE-2021-24314 Goto < 2.1 - Unauthenticated Blind SQL Injection

The Goto WordPress theme before 2.1 did not sanitise, validate of escape the keywords GET parameter from its listing page before using it in a SQL statement, leading to an Unauthenticated SQL injection issue...

CVE-2021-24235

The Goto WordPress theme before 2.0 does not sanitise the keywords and startdate GET parameter on its Tour List page, leading to an unauthenticated reflected Cross-Site Scripting issue...

CVE-2021-24235

The Goto WordPress theme before 2.0 does not sanitise the keywords and startdate GET parameter on its Tour List page, leading to an unauthenticated reflected Cross-Site Scripting issue...

CVE-2021-24235

CVE-2021-24235 concerns the WordPress Goto Tour & Travel Theme prior to 2.0, where the Tour List page fails to sanitise the keywords and start_date GET parameters. This causes an unauthenticated reflected cross-site scripting vulnerability. Connected sources (Nuclei template, Red Hat advisory, CV...

CVE-2021-24220 All Thrive Themes Legacy Themes < 2.0.0 - Unauthenticated Arbitrary File Upload and Option Deletion

Thrive “Legacy” Rise by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, Minus by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes WordPress theme before 2.0.0, FocusBlog by Thrive Themes WordPress theme before 2.0.0, Squared by...

VulnCheck KEV: CVE-2020-36719

The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Arbitrary Plugin Installation, Activation and Deactivation in versions before 2.6.1. This is due to a missing capability check on the lpccaddonsactions function. This makes it possible for unauthenticated...