CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24868 – Document Embedder < 1.7.9 - Subscriber+ Arbitrary Private/Draft Post Title Disclosure
https://notcve.org/view.php?id=CVE-2021-24868
03 Jan 2022 — The Document Embedder WordPress plugin before 1.7.9 contains a AJAX action endpoint, which could allow any authenticated user, such as subscriber to enumerate the title of arbitrary private and draft posts. El plugin Document Embedder de WordPress versiones anteriores a 1.7.9, contiene un endpoint de acción AJAX, que podría permitir a cualquier usuario autenticado, como el suscriptor, enumerar el título de publicaciones privadas y borradores arbitrarios • https://wpscan.com/vulnerability/45a43927-a427-46bc-9c61-e0b8532c8138 • CWE-285: Improper Authorization CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24775 – Document Embedder < 1.7.5 - Unauthenticated Arbitrary Private/Draft Post Title Disclosure
https://notcve.org/view.php?id=CVE-2021-24775
03 Jan 2022 — The Document Embedder WordPress plugin before 1.7.5 contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitrary private and draft posts. El plugin Document Embedder de WordPress versiones anteriores a 1.7.5, contiene un endpoint REST, que podría permitir a usuarios no autenticados enumerar el título de publicaciones privadas y borradores arbitrarios The Document Embedder WordPress plugin before 1.7.6 contains a REST endpoint, which could allow unauthenticated users ... • https://wpscan.com/vulnerability/c6f24afe-d273-4f87-83ca-a791a385b06b • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24412 – Html5 Audio Player < 2.1.3 - Contributor+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24412
20 Sep 2021 — The Html5 Audio Player – Audio Player for WordPress plugin before 2.1.3 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode El plugin Html5 Audio Player - Audio Player de WordPress versiones anteriores a 2.1.3 no sanea ni comprueba los parámetros de su shortcode, permitiendo a usuarios con un rol tan bajo como el de colaborador est... • https://wpscan.com/vulnerability/c4ed3e52-cbe0-46dc-ab43-65de78cfb225 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24413 – Easy Twitter Feed < 1.2 - Contributor+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24413
20 Sep 2021 — The Easy Twitter Feed WordPress plugin before 1.2 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode El plugin Easy Twitter Feed de WordPress versiones anteriores a 1.2, no sanea o comprueba los parámetros de su shortcode, permitiendo a usuarios con un rol tan bajo como el de colaborador establecer en ellos una carga útil de tipo ... • https://wpscan.com/vulnerability/ce6d17c3-6741-4c80-ab13-e1824960ae24 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-24416 – StreamCast < 2.1.1 - Contributor+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24416
20 Sep 2021 — The StreamCast – Radio Player for WordPress plugin before 2.1.1 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode El plugin StreamCast - Radio Player de WordPress versiones anteriores a 2.1.1, no sanea ni comprueba los parámetros de su shortcode, permitiendo a usuarios con un rol tan bajo como el de colaborador establecer en ello... • https://wpscan.com/vulnerability/260c7e2d-d48c-42d6-ae05-bad3f3bac01d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-24415 – Polo Video Gallery <= 1.2 - Contributor+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24415
20 Sep 2021 — The Polo Video Gallery – Best wordpress video gallery plugin WordPress plugin through 1.2 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode El plugin Polo Video Gallery - Best wordpress video gallery de WordPress versiones hasta 1.2, no sanea ni comprueba los parámetros de su shortcode, permitiendo a usuarios con un rol tan bajo ... • https://wpscan.com/vulnerability/fd312bfd-7c98-4682-877d-846442e9c6a2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •