Skip to main content
CVE-2021-24155 HIGH POC THREAT Act Now

The WordPress Backup and Migrate Plugin - Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP File Upload Backup Guard
NVD WPScan Exploit-DB
CVSS 3.1
7.2
EPSS
84.1%
CVE-2021-24184 HIGH POC This Week

Several AJAX endpoints in the Tutor LMS - eLearning and online course solution WordPress plugin before 1.7.7 were unprotected, allowing students to modify course information and elevate their. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Tutor Lms
NVD WPScan
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-24163 HIGH POC This Week

The AJAX action, wp_ajax_ninja_forms_sendwp_remote_install_handler, did not have a capability check on it, nor did it have any nonce protection, therefore making it possible for low-level users, such. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Ninja Forms
NVD WPScan
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-24162 HIGH POC This Week

In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into importing all new settings. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Responsive Menu
NVD WPScan
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-24161 HIGH POC This Week

In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into uploading a zip archive containing malicious PHP files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress RCE PHP Responsive Menu
NVD WPScan
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-24160 HIGH POC This Week

In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, subscribers could upload zip archives containing malicious PHP files that would get extracted to the /rmp-menu/ directory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress RCE PHP File Upload Responsive Menu
NVD WPScan
CVSS 3.1
8.8
EPSS
8.2%
CVE-2021-30055 HIGH POC This Week

A SQL injection vulnerability in Knowage Suite version 7.1 exists in the documentexecution/url analytics driver component via the 'par_year' parameter when running a report. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Knowage
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-24174 HIGH POC This Week

The Database Backups WordPress plugin through 1.2.2.6 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the database, change the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Database Backups
NVD WPScan Exploit-DB
CVSS 3.1
8.1
EPSS
3.2%
CVE-2021-30141 HIGH POC PATCH This Week

Module/Settings/UserExport.php in Friendica through 2021.01 allows settings/userexport to be used by anonymous users, as demonstrated by an attempted access to an array offset on a value of type. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP Information Disclosure Friendica
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-24170 HIGH POC This Week

The REST API endpoint get_users in the User Profile Picture WordPress plugin before 2.5.0 returned more information than was required for its functionality to users with the upload_files capability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure User Profile Picture
NVD WPScan
CVSS 3.1
7.5
EPSS
4.8%
CVE-2021-24150 HIGH POC This Week

The LikeBtn WordPress Like Button Rating ♥ LikeBtn WordPress plugin before 2.6.32 was vulnerable to Unauthenticated Full-Read Server-Side Request Forgery (SSRF). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SSRF Likebtn Like Button
NVD WPScan
CVSS 3.1
7.5
EPSS
4.3%
CVE-2021-24209 HIGH POC PATCH THREAT This Week

The WP Super Cache WordPress plugin before 1.7.2 was affected by an authenticated (admin+) RCE in the settings page due to input validation failure and weak $cache_path check in the WP Super Cache. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress RCE PHP Code Injection WP Super Cache
NVD WPScan
CVSS 3.1
7.2
EPSS
23.8%
CVE-2021-24159 HIGH This Week

Due to the lack of sanitization and lack of nonce protection on the custom CSS feature, an attacker could craft a request to inject malicious JavaScript on a site using the Contact Form 7 Style. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Contact Form 7
NVD WPScan
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-20305 HIGH PATCH This Week

A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Nettle Fedora Enterprise Linux Active Iq Unified Manager +2
NVD
CVSS 3.1
8.1
EPSS
1.6%
CVE-2021-29261 HIGH PATCH This Week

The unofficial Svelte extension before 104.8.0 for Visual Studio Code allows attackers to execute arbitrary code via a crafted workspace configuration. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Svelte
NVD GitHub
CVSS 3.1
7.8
EPSS
1.2%
CVE-2021-28832 HIGH PATCH This Week

VSCodeVim before 1.19.0 allows attackers to execute arbitrary code via a crafted workspace configuration. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Vim
NVD GitHub
CVSS 3.1
7.8
EPSS
1.2%
CVE-2021-24167 HIGH This Week

When visiting a site running Web-Stat < 1.4.0, the "wts_web_stat_load_init" function used the visitor’s browser to send an XMLHttpRequest request to https://wts2.one/ajax.htm?action=lookup_WP_account. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Web Stat
NVD WPScan
CVSS 3.1
7.5
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy