Skip to main content
CVE-2021-24231 MEDIUM POC This Month

The Jetpack Scan team identified a Cross-Site Request Forgery vulnerability in the Patreon WordPress plugin before 1.7.0, allowing attackers to make a logged administrator disconnect the site from. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Patreon Wordpress
NVD WPScan
CVSS 3.1
6.5
EPSS
0.6%
CVE-2021-3163 MEDIUM POC This Month

A vulnerability in the HTML editor of Slab Quill 4.8.0 allows an attacker to execute arbitrary JavaScript by storing an XSS payload (a crafted onloadstart attribute of an IMG element) in a text. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Quill
NVD GitHub
CVSS 3.1
6.1
EPSS
1.3%
CVE-2021-25926 MEDIUM POC PATCH This Month

In SiCKRAGE, versions 9.3.54.dev1 to 10.0.11.dev1 are vulnerable to Reflected Cross-Site-Scripting (XSS) due to user input not being validated properly in the `quicksearch` feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Sickrage
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-24213 MEDIUM POC This Month

The GiveWP - Donation Plugin and Fundraising Platform WordPress plugin before 2.10.0 was affected by a reflected Cross-Site Scripting vulnerability inside of the administration panel, via the 's' GET. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Givewp
NVD WPScan
CVSS 3.1
6.1
EPSS
1.4%
CVE-2021-29429 MEDIUM POC This Month

In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Java Gradle Quarkus
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2021-25925 MEDIUM POC PATCH This Month

in SiCKRAGE, versions 4.2.0 to 10.0.11.dev1 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly when processed by the server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Sickrage
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-24225 MEDIUM POC PATCH This Month

The Advanced Booking Calendar WordPress plugin before 1.6.7 did not sanitise the calId GET parameter in the "Seasons & Calendars" page before outputing it in an A tag, leading to a reflected XSS issue. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress XSS Advanced Booking Calendar
NVD WPScan
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-24219 MEDIUM POC This Month

The Thrive Optimize WordPress plugin before 1.4.13.3, Thrive Comments WordPress plugin before 1.4.15.3, Thrive Headline Optimizer WordPress plugin before 1.3.7.3, Thrive Leads WordPress plugin before. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Focusblog Ignition Luxe +17
NVD WPScan
CVSS 3.1
5.3
EPSS
2.1%
CVE-2021-23368 MEDIUM POC PATCH This Month

The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Postcss
NVD GitHub
CVSS 3.1
5.3
EPSS
3.5%
CVE-2021-21393 MEDIUM PATCH This Month

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Python Denial Of Service Synapse Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
1.6%
CVE-2021-21394 MEDIUM PATCH This Month

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Python Denial Of Service Synapse Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
1.5%
CVE-2021-24024 MEDIUM This Month

A clear text storage of sensitive information into log file vulnerability in FortiADCManager 5.3.0 and below, 5.2.1 and below and FortiADC 5.3.7 and below may allow a remote authenticated attacker to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fortiadc Fortiadc Manager
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-22190 MEDIUM This Month

A path traversal vulnerability via the GitLab Workhorse in all versions of GitLab could result in the leakage of a JWT token. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Gitlab
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-24200 MEDIUM This Month

The wpDataTables - Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi PHP Wpdatatables
NVD WPScan
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-24199 MEDIUM This Month

The wpDataTables - Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi PHP Wpdatatables
NVD WPScan
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-21392 MEDIUM PATCH This Month

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Python Synapse Fedora
NVD GitHub
CVSS 3.1
6.3
EPSS
0.9%
CVE-2021-20519 MEDIUM PATCH This Month

IBM Jazz Team Server products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Collaborative Lifecycle Management Doors Next Engineering Insights +9
NVD
CVSS 3.1
5.4
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy