Filtered by vendor Pickplugins
Subscribe
Search
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-24488 | 1 Pickplugins | 1 Post Grid | 2021-08-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| The slider import search feature and tab parameter of the Post Grid WordPress plugin before 2.1.8 settings are not properly sanitised before being output back in the pages, leading to Reflected Cross-Site Scripting issues | |||||
| CVE-2021-24300 | 1 Pickplugins | 1 Product Slider For Woocommerce | 2021-05-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The slider import search feature of the PickPlugins Product Slider for WooCommerce WordPress plugin before 1.13.22 did not properly sanitised the keyword GET parameter, leading to reflected Cross-Site Scripting issue | |||||
| CVE-2021-24283 | 1 Pickplugins | 1 Accordion | 2021-05-21 | 3.5 LOW | 5.4 MEDIUM |
| The tab GET parameter of the settings page is not sanitised or escaped when being output back in an HTML attribute, leading to a reflected XSS issue. | |||||
| CVE-2020-13644 | 1 Pickplugins | 1 Accordion | 2020-05-28 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in the Accordion plugin before 2.2.9 for WordPress. The unprotected AJAX wp_ajax_accordions_ajax_import_json action allowed any authenticated user with Subscriber or higher permissions the ability to import a new accordion and inject malicious JavaScript as part of the accordion. | |||||