Skip to main content
CVE-2021-24164 MEDIUM POC This Month

In the Ninja Forms Contact Form WordPress plugin before 3.4.34.1, low-level users, such as subscribers, were able to trigger the action, wp_ajax_nf_oauth, and retrieve the connection url needed to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Ninja Forms
NVD WPScan
CVSS 3.1
4.3
EPSS
0.9%
CVE-2021-20305 HIGH PATCH This Week

A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Nettle Fedora Enterprise Linux Active Iq Unified Manager +2
NVD
CVSS 3.1
8.1
EPSS
1.6%
CVE-2021-29261 HIGH PATCH This Week

The unofficial Svelte extension before 104.8.0 for Visual Studio Code allows attackers to execute arbitrary code via a crafted workspace configuration. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Svelte
NVD GitHub
CVSS 3.1
7.8
EPSS
1.2%
CVE-2021-28832 HIGH PATCH This Week

VSCodeVim before 1.19.0 allows attackers to execute arbitrary code via a crafted workspace configuration. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Vim
NVD GitHub
CVSS 3.1
7.8
EPSS
1.2%
CVE-2021-24167 HIGH This Week

When visiting a site running Web-Stat < 1.4.0, the "wts_web_stat_load_init" function used the visitor’s browser to send an XMLHttpRequest request to https://wts2.one/ajax.htm?action=lookup_WP_account. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Web Stat
NVD WPScan
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-30109 MEDIUM This Month

Froala Editor 3.2.6 is affected by Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Froala Editor
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-24173 MEDIUM This Month

The VM Backups WordPress plugin through 1.0 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as update the plugin's options, leading to a Stored. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress XSS Vm Backups
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2021-24152 MEDIUM This Month

The "All Subscribers" setting page of Popup Builder was vulnerable to reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Popup Builder
NVD WPScan
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-24154 MEDIUM This Month

The Theme Editor WordPress plugin before 2.6 did not validate the GET file parameter before passing it to the download_file() function, allowing administrators to download arbitrary files on the web. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Path Traversal Information Disclosure Theme Editor
NVD WPScan
CVSS 3.1
4.9
EPSS
1.1%
CVE-2021-24172 MEDIUM This Month

The VM Backups WordPress plugin through 1.0 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the DB, plugins, and current . Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Vm Backups
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy