Skip to main content
CVE-2021-24223 CRITICAL POC Act Now

The N5 Upload Form WordPress plugin through 1.0 suffers from an arbitrary file upload issue in page where a Form from the plugin is embed, as any file can be uploaded. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress File Upload N5 Upload Form
NVD GitHub WPScan
CVSS 3.1
9.8
EPSS
2.2%
CVE-2021-24222 CRITICAL POC Act Now

The WP-Curriculo Vitae Free WordPress plugin through 6.3 suffers from an arbitrary file upload issue in page where the [formCadastro] is embed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress File Upload Wp Curriculo Vitae Free
NVD GitHub WPScan
CVSS 3.1
9.8
EPSS
2.4%
CVE-2021-24215 CRITICAL POC Act Now

An Improper Access Control vulnerability was discovered in the Controlled Admin Access WordPress plugin before 1.5.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP Authentication Bypass Controlled Admin Access
NVD WPScan
CVSS 3.1
9.8
EPSS
9.7%
CVE-2021-23370 CRITICAL POC PATCH Act Now

This affects the package swiper before 6.5.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Swiper
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2021-23369 CRITICAL POC PATCH Act Now

The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Handlebars
NVD GitHub
CVSS 3.1
9.8
EPSS
7.0%
CVE-2021-24229 CRITICAL POC Act Now

The Jetpack Scan team identified a Reflected Cross-Site Scripting via the patreon_save_attachment_patreon_level AJAX action of the Patreon WordPress plugin before 1.7.2. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Patreon Wordpress
NVD WPScan
CVSS 3.1
9.6
EPSS
1.8%
CVE-2021-24228 CRITICAL POC Act Now

The Jetpack Scan team identified a Reflected Cross-Site Scripting in the Login Form of the Patreon WordPress plugin before 1.7.2. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Patreon Wordpress
NVD WPScan
CVSS 3.1
9.6
EPSS
1.9%
CVE-2021-24220 CRITICAL POC Act Now

Thrive “Legacy” Rise by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, Minus by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP File Upload Focusblog Ignition +8
NVD WPScan
CVSS 3.1
9.1
EPSS
3.9%
CVE-2021-21524 CRITICAL PATCH Act Now

Dell SRM versions prior to 4.5.0.1 and Dell SMR versions prior to 4.5.0.1 contain an Untrusted Deserialization Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Dell Deserialization RCE Storage Monitoring And Reporting Storage Resource Manager
NVD
CVSS 3.1
9.8
EPSS
3.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy