Skip to main content
CVE-2021-24293 MEDIUM POC This Month

In the eCommerce module of the NextGEN Gallery Pro WordPress plugin before 3.1.11, there is an action to call get_cart_items via photocrati_ajax , after that the settings[shipping_address][name] is. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Nextgen Gallery
NVD WPScan
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-24276 MEDIUM POC THREAT This Month

The Contact Form by Supsystic WordPress plugin before 1.7.15 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Contact Form
NVD WPScan Exploit-DB
CVSS 3.1
6.1
EPSS
16.0%
CVE-2021-24275 MEDIUM POC THREAT This Month

The Popup by Supsystic WordPress plugin before 1.10.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Popup
NVD WPScan Exploit-DB
CVSS 3.1
6.1
EPSS
18.2%
CVE-2021-24274 MEDIUM POC THREAT This Month

The Ultimate Maps by Supsystic WordPress plugin before 1.2.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Ultimate Maps
NVD WPScan Exploit-DB
CVSS 3.1
6.1
EPSS
17.6%
CVE-2021-24267 MEDIUM POC This Month

The “All-in-One Addons for Elementor - WidgetKit” WordPress Plugin before 2.3.10 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS All In One Addons For Elementor
NVD WPScan
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-24263 MEDIUM POC This Month

The “Elementor Addons - PowerPack Addons for Elementor” WordPress Plugin before 2.3.2 for WordPress has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Powerpack Addons For Elementor
NVD WPScan
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-24261 MEDIUM POC This Month

The “HT Mega - Absolute Addons for Elementor Page Builder” WordPress Plugin before 1.5.7 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Ht Mega
NVD WPScan
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-24260 MEDIUM POC This Month

The “Livemesh Addons for Elementor” WordPress Plugin before 6.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Addons For Elementor
NVD WPScan
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-24272 MEDIUM POC This Month

The fitness calculators WordPress plugin before 1.9.6 add calculators for Water intake, BMI calculator, protein Intake, and Body Fat and was lacking CSRF check, allowing attackers to make logged in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress XSS Fitness Calculators
NVD WPScan Exploit-DB
CVSS 3.1
4.3
EPSS
1.8%
CVE-2021-20254 MEDIUM This Month

A flaw was found in samba. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure Samba Fedora +2
NVD
CVSS 3.1
6.8
EPSS
1.6%
CVE-2021-29246 MEDIUM This Month

BTCPay Server through 1.0.7.0 suffers from directory traversal, which allows an attacker with admin privileges to achieve code execution. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Path Traversal Btcpay Server
NVD GitHub
CVSS 3.1
6.7
EPSS
1.5%
CVE-2021-20397 MEDIUM This Month

IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Qradar Security Information And Event Manager
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-25179 MEDIUM This Month

SolarWinds Serv-U before 15.2 is affected by Cross Site Scripting (XSS) via the HTTP Host header. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Serv U File Server
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
CVE-2021-24273 MEDIUM This Month

The “Clever Addons for Elementor” WordPress Plugin before 2.1.0 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Clever Addons For Elementor
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24271 MEDIUM This Month

The “Ultimate Addons for Elementor” WordPress Plugin before 1.30.0 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Ultimate Addons For Elementor
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24270 MEDIUM This Month

The “DeTheme Kit for Elementor” WordPress Plugin before 1.5.5.5 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Dethemekit For Elementor
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24269 MEDIUM This Month

The “Sina Extension for Elementor” WordPress Plugin before 3.3.12 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Sina Extension For Elementor
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24268 MEDIUM This Month

The “JetWidgets For Elementor” WordPress Plugin before 1.0.9 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Jetwidgets For Elementor
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24266 MEDIUM This Month

The “The Plus Addons for Elementor Page Builder Lite” WordPress Plugin before 2.0.6 has four widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS The Plus Addons For Elementor Page Builder Lite
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24265 MEDIUM This Month

The “Rife Elementor Extensions & Templates” WordPress Plugin before 1.1.6 has a widget that is vulnerable to stored Cross-Site Scripting(XSS) by lower-privileged users such as contributors, all via a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Rife Elementor Extensions Templates
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24264 MEDIUM This Month

The “Image Hover Effects - Elementor Addon” WordPress Plugin before 1.3.4 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Image Hover Effects
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24262 MEDIUM This Month

The “WooLentor - WooCommerce Elementor Addons + Builder” WordPress Plugin before 1.8.6 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Woolentor Woocommerce Elementor Addons Builder
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24259 MEDIUM This Month

The “Elementor Addon Elements” WordPress Plugin before 1.11.2 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Elementor Addon Elements
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24258 MEDIUM This Month

The Elements Kit Lite and Elements Kit Pro WordPress Plugins before 2.2.0 have a number of widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Elements Kit Elementor Addons
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24257 MEDIUM This Month

The “Premium Addons for Elementor” WordPress Plugin before 4.2.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Premium Addons For Elementor
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24256 MEDIUM This Month

The “Elementor - Header, Footer & Blocks Template” WordPress Plugin before 1.5.8 has two widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Elementor Header Footer Blocks Template
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24255 MEDIUM This Month

The Essential Addons for Elementor Lite WordPress Plugin before 4.5.4 has two widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, both via. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Essential Addons For Elementor
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-29489 MEDIUM PATCH This Month

Highcharts JS is a JavaScript charting library based on SVG. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Highcharts Cloud Backup Oncommand Insight Oncommand Workflow Automation +1
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-29250 MEDIUM This Month

BTCPay Server through 1.0.7.0 suffers from a Stored Cross Site Scripting (XSS) vulnerability within the POS Add Products functionality. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Btcpay Server
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29248 MEDIUM This Month

BTCPay Server through 1.0.7.0 could allow a remote attacker to obtain sensitive information, caused by failure to set the Secure flag for a cookie. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Btcpay Server
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-29247 MEDIUM This Month

BTCPay Server through 1.0.7.0 could allow a remote attacker to obtain sensitive information, caused by failure to set the HTTPOnly flag for a cookie. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Btcpay Server
NVD GitHub
CVSS 3.1
5.3
EPSS
1.2%
CVE-2021-29245 MEDIUM This Month

BTCPay Server through 1.0.7.0 uses a weak method Next to produce pseudo-random values to generate a legacy API key. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Btcpay Server
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy