Skip to main content
CVE-2021-24347 HIGH POC THREAT Act Now

The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP Information Disclosure Sp Project Document Manager
NVD WPScan
CVSS 3.1
8.8
EPSS
52.0%
CVE-2021-24356 HIGH POC This Week

In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, a lack of capability checks and insufficient nonce check on the AJAX action, simple301redirects/admin/activate_plugin, made. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Simple 301 Redirects
NVD WPScan
CVSS 3.1
8.8
EPSS
3.0%
CVE-2021-24354 HIGH POC This Week

A lack of capability checks and insufficient nonce check on the AJAX action in the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, made it possible for authenticated users to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Simple 301 Redirects
NVD WPScan
CVSS 3.1
8.8
EPSS
1.5%
CVE-2021-24353 HIGH POC This Week

The import_data function of the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4 had no capability or nonce checks making it possible for unauthenticated users to import a set of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Simple 301 Redirects
NVD WPScan
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-24352 HIGH POC This Week

The export_data function of the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4 had no capability or nonce checks making it possible for unauthenticated users to export a site's. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Simple 301 Redirects
NVD WPScan
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-24341 HIGH POC PATCH This Week

When deleting a date in the Xllentech English Islamic Calendar WordPress plugin before 2.6.8, the year_number and month_number POST parameters are not sanitised, escaped or validated before being. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress SQLi English Islamic Calendar
NVD WPScan
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-24348 HIGH POC This Week

The menu delete functionality of the Side Menu - add fixed side buttons WordPress plugin before 3.1.5, available to Administrator users takes the did GET parameter and uses it into an SQL statement. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Side Menu
NVD WPScan
CVSS 3.1
7.2
EPSS
1.6%
CVE-2021-20027 HIGH This Week

A buffer overflow vulnerability in SonicOS allows a remote attacker to cause a Denial of Service (DoS) by sending a specially crafted request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Sonicos
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-27196 HIGH This Week

Improper Input Validation vulnerability in Hitachi ABB Power Grids Relion 670 Series, Relion 670/650 Series, Relion 670/650/SAM600-IO, Relion 650, REB500, RTU500 Series, FOX615 (TEGO1), MSM, GMS600,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure Relion 670 Firmware Relion 650 Firmware Relion Sam600 Io Firmware +6
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-26845 HIGH This Week

Information Exposure vulnerability in Hitachi ABB Power Grids eSOMS allows unauthorized user to gain access to report data if the URL used to access the report is discovered. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure Authentication Bypass Esoms
NVD
CVSS 3.1
7.5
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy