Skip to main content
CVE-2021-24223 CRITICAL POC Act Now

The N5 Upload Form WordPress plugin through 1.0 suffers from an arbitrary file upload issue in page where a Form from the plugin is embed, as any file can be uploaded. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress File Upload N5 Upload Form
NVD GitHub WPScan
CVSS 3.1
9.8
EPSS
2.2%
CVE-2021-24222 CRITICAL POC Act Now

The WP-Curriculo Vitae Free WordPress plugin through 6.3 suffers from an arbitrary file upload issue in page where the [formCadastro] is embed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress File Upload Wp Curriculo Vitae Free
NVD GitHub WPScan
CVSS 3.1
9.8
EPSS
2.4%
CVE-2021-24215 CRITICAL POC Act Now

An Improper Access Control vulnerability was discovered in the Controlled Admin Access WordPress plugin before 1.5.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP Authentication Bypass Controlled Admin Access
NVD WPScan
CVSS 3.1
9.8
EPSS
9.7%
CVE-2021-23370 CRITICAL POC PATCH Act Now

This affects the package swiper before 6.5.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Swiper
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2021-23369 CRITICAL POC PATCH Act Now

The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Handlebars
NVD GitHub
CVSS 3.1
9.8
EPSS
7.0%
CVE-2021-24229 CRITICAL POC Act Now

The Jetpack Scan team identified a Reflected Cross-Site Scripting via the patreon_save_attachment_patreon_level AJAX action of the Patreon WordPress plugin before 1.7.2. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Patreon Wordpress
NVD WPScan
CVSS 3.1
9.6
EPSS
1.8%
CVE-2021-24228 CRITICAL POC Act Now

The Jetpack Scan team identified a Reflected Cross-Site Scripting in the Login Form of the Patreon WordPress plugin before 1.7.2. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Patreon Wordpress
NVD WPScan
CVSS 3.1
9.6
EPSS
1.9%
CVE-2021-24220 CRITICAL POC Act Now

Thrive “Legacy” Rise by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, Minus by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP File Upload Focusblog Ignition +8
NVD WPScan
CVSS 3.1
9.1
EPSS
3.9%
CVE-2021-24224 HIGH POC This Week

The EFBP_verify_upload_file AJAX action of the Easy Form Builder WordPress plugin through 1.0, available to authenticated users, does not have any security in place to verify uploaded files, allowing. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress File Upload Easy Form Builder By Bitware
NVD GitHub WPScan
CVSS 3.1
8.8
EPSS
1.9%
CVE-2021-24221 HIGH POC PATCH This Week

The Quiz And Survey Master - Best Quiz, Exam and Survey Plugin for WordPress plugin before 7.1.12 did not sanitise the result_id GET parameter on pages with the [qsm_result] shortcode without id. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress SQLi Quiz And Survey Master
NVD WPScan
CVSS 3.1
8.8
EPSS
1.9%
CVE-2021-24218 HIGH POC This Week

The wp_ajax_save_fbe_settings and wp_ajax_delete_fbe_settings AJAX actions of the Facebook for WordPress plugin before 3.0.4 were vulnerable to CSRF due to a lack of nonce protection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Facebook
NVD WPScan
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-29379 HIGH POC This Week

An issue was discovered on D-Link DIR-802 A1 devices through 1.00b05. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 802 Firmware
NVD
CVSS 3.1
8.8
EPSS
3.5%
CVE-2020-24285 HIGH POC This Week

INTELBRAS TELEFONE IP TIP200 version 60.61.75.22 allows an attacker to obtain sensitive information through /cgi-bin/cgiServer.exx. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tip200 Firmware Tip200Lite Firmware
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
3.9%
CVE-2021-29302 HIGH POC This Week

TP-Link TL-WR802N(US), Archer_C50v5_US v4_200 <= 2020.06 contains a buffer overflow vulnerability in the httpd process in the body message. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow RCE TP-Link Tl Wr802N Firmware
NVD GitHub
CVSS 3.1
8.1
EPSS
5.9%
CVE-2021-24230 HIGH POC This Week

The Jetpack Scan team identified a Cross-Site Request Forgery vulnerability in the Patreon WordPress plugin before 1.7.0, allowing attackers to make a logged in user overwrite or create arbitrary. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Patreon Wordpress
NVD WPScan
CVSS 3.1
8.1
EPSS
0.6%
CVE-2021-24217 HIGH POC This Week

The run_action function of the Facebook for WordPress plugin before 3.0.0 deserializes user supplied data making it possible for PHP objects to be supplied creating an Object Injection vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Deserialization WordPress RCE PHP Facebook
NVD WPScan
CVSS 3.1
8.1
EPSS
3.5%
CVE-2021-24227 HIGH POC This Week

The Jetpack Scan team identified a Local File Disclosure vulnerability in the Patreon WordPress plugin before 1.7.0 that could be abused by anyone visiting the site. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP Information Disclosure Patreon Wordpress
NVD WPScan
CVSS 3.1
7.5
EPSS
5.9%
CVE-2021-24226 HIGH POC This Week

In the AccessAlly WordPress plugin before 3.5.7, the file "resource/frontend/product/product-shortcode.php" responsible for the [accessally_order_form] shortcode is dumping serialize($_SERVER), which. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP Information Disclosure Accessally
NVD WPScan
CVSS 3.1
7.5
EPSS
5.4%
CVE-2021-23371 HIGH POC PATCH This Week

This affects the package chrono-node before 2.2.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Chrono Node
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%
CVE-2021-24231 MEDIUM POC This Month

The Jetpack Scan team identified a Cross-Site Request Forgery vulnerability in the Patreon WordPress plugin before 1.7.0, allowing attackers to make a logged administrator disconnect the site from. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Patreon Wordpress
NVD WPScan
CVSS 3.1
6.5
EPSS
0.6%
CVE-2021-3163 MEDIUM POC This Month

A vulnerability in the HTML editor of Slab Quill 4.8.0 allows an attacker to execute arbitrary JavaScript by storing an XSS payload (a crafted onloadstart attribute of an IMG element) in a text. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Quill
NVD GitHub
CVSS 3.1
6.1
EPSS
1.3%
CVE-2021-25926 MEDIUM POC PATCH This Month

In SiCKRAGE, versions 9.3.54.dev1 to 10.0.11.dev1 are vulnerable to Reflected Cross-Site-Scripting (XSS) due to user input not being validated properly in the `quicksearch` feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Sickrage
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-24213 MEDIUM POC This Month

The GiveWP - Donation Plugin and Fundraising Platform WordPress plugin before 2.10.0 was affected by a reflected Cross-Site Scripting vulnerability inside of the administration panel, via the 's' GET. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Givewp
NVD WPScan
CVSS 3.1
6.1
EPSS
1.4%
CVE-2021-21524 CRITICAL PATCH Act Now

Dell SRM versions prior to 4.5.0.1 and Dell SMR versions prior to 4.5.0.1 contain an Untrusted Deserialization Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Dell Deserialization RCE Storage Monitoring And Reporting Storage Resource Manager
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2021-29429 MEDIUM POC This Month

In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Java Gradle Quarkus
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2021-25925 MEDIUM POC PATCH This Month

in SiCKRAGE, versions 4.2.0 to 10.0.11.dev1 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly when processed by the server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Sickrage
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-24225 MEDIUM POC PATCH This Month

The Advanced Booking Calendar WordPress plugin before 1.6.7 did not sanitise the calId GET parameter in the "Seasons & Calendars" page before outputing it in an A tag, leading to a reflected XSS issue. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress XSS Advanced Booking Calendar
NVD WPScan
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-24219 MEDIUM POC This Month

The Thrive Optimize WordPress plugin before 1.4.13.3, Thrive Comments WordPress plugin before 1.4.15.3, Thrive Headline Optimizer WordPress plugin before 1.3.7.3, Thrive Leads WordPress plugin before. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Focusblog Ignition Luxe +17
NVD WPScan
CVSS 3.1
5.3
EPSS
2.1%
CVE-2021-23368 MEDIUM POC PATCH This Month

The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Postcss
NVD GitHub
CVSS 3.1
5.3
EPSS
3.5%
CVE-2021-29357 HIGH This Week

The ECT Provider component in OutSystems Platform Server 10 before 10.0.1104.0 and 11 before 11.9.0 (and LifeTime management console before 11.7.0) allows SSRF for arbitrary outbound HTTP requests. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Lifetime Management Console Outsystems Platform Server
NVD
CVSS 3.1
8.6
EPSS
1.0%
CVE-2021-24198 HIGH This Week

The wpDataTables - Tables & Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Wpdatatables
NVD WPScan
CVSS 3.1
8.1
EPSS
1.5%
CVE-2021-24197 HIGH This Week

The wpDataTables - Tables & Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Wpdatatables
NVD WPScan
CVSS 3.1
8.1
EPSS
1.2%
CVE-2021-21545 HIGH This Week

Dell Peripheral Manager 1.3.1 or greater contains remediation for a local privilege escalation vulnerability that could be potentially exploited to gain arbitrary code execution on the system with. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell RCE Privilege Escalation Peripheral Manager
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-27486 HIGH This Week

FATEK Automation WinProladder Versions 3.30 and prior is vulnerable to an integer underflow, which may cause an out-of-bounds write and allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow RCE Winproladder
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-3128 HIGH This Week

In ASUS RT-AX3000, ZenWiFi AX (XT8), RT-AX88U, and other ASUS routers with firmware < 3.0.0.4.386.42095 or < 9.0.0.4.386.41994, when IPv6 is used, a routing loop can occur that generates excessive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zenwifi Ax Xt8 Firmware Rt Ax3000 Firmware Rt Ax55 Firmware Rt Ax56U Firmware +23
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2021-3125 HIGH This Week

In TP-Link TL-XDR3230 < 1.0.12, TL-XDR1850 < 1.0.9, TL-XDR1860 < 1.0.14, TL-XDR3250 < 1.0.2, TL-XDR6060 Turbo < 1.1.8, TL-XDR5430 < 1.0.11, and possibly others, when IPv6 is used, a routing loop can. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

TP-Link Information Disclosure Tl Xdr3230 Firmware Tl Xdr5430 Firmware Tl Xdr3250 Firmware +3
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-23270 HIGH PATCH This Week

In Gargoyle OS 1.12.0, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Gargoyle
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-22497 HIGH This Week

Advanced Authentication versions prior to 6.3 SP4 have a potential broken authentication due to improper session management issue. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Netiq Advanced Authentication
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2021-21393 MEDIUM PATCH This Month

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Python Denial Of Service Synapse Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
1.6%
CVE-2021-21394 MEDIUM PATCH This Month

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Python Denial Of Service Synapse Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
1.5%
CVE-2021-24024 MEDIUM This Month

A clear text storage of sensitive information into log file vulnerability in FortiADCManager 5.3.0 and below, 5.2.1 and below and FortiADC 5.3.7 and below may allow a remote authenticated attacker to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fortiadc Fortiadc Manager
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-22190 MEDIUM This Month

A path traversal vulnerability via the GitLab Workhorse in all versions of GitLab could result in the leakage of a JWT token. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Gitlab
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-24200 MEDIUM This Month

The wpDataTables - Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi PHP Wpdatatables
NVD WPScan
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-24199 MEDIUM This Month

The wpDataTables - Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi PHP Wpdatatables
NVD WPScan
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-21392 MEDIUM PATCH This Month

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Python Synapse Fedora
NVD GitHub
CVSS 3.1
6.3
EPSS
0.9%
CVE-2021-20519 MEDIUM PATCH This Month

IBM Jazz Team Server products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Collaborative Lifecycle Management Doors Next Engineering Insights +9
NVD
CVSS 3.1
5.4
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy