Skip to main content
CVE-2021-24139 CRITICAL POC Act Now

Unvalidated input in the Photo Gallery (10Web Photo Gallery) WordPress plugin, versions before 1.5.55, leads to SQL injection via the frontend/models/model.php bwg_search_x parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SQLi PHP Photo Gallery
NVD WPScan
CVSS 3.1
9.8
EPSS
5.4%
CVE-2021-28794 CRITICAL PATCH Act Now

The unofficial ShellCheck extension before 0.13.4 for Visual Studio Code mishandles shellcheck.executablePath. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Shellcheck
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-24148 CRITICAL Act Now

A business logic issue in the MStore API WordPress plugin, versions before 3.2.0, had an authentication bypass with Sign In With Apple allowing unauthenticated users to recover an authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Apple Authentication Bypass Mstore Api
NVD WPScan
CVSS 3.1
9.8
EPSS
3.4%
CVE-2021-22848 CRITICAL Act Now

HGiga MailSherlock contains a SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Msr45 Isherlock Antispam Msr45 Isherlock User Ssr45 Isherlock Antispam Ssr45 Isherlock User
NVD
CVSS 3.1
9.8
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy