Skip to main content
CVE-2021-24345 MEDIUM POC This Month

The page lists-management feature of the Sendit WP Newsletter WordPress plugin through 2.5.1, available to Administrator users does not sanitise, validate or escape the id_lista POST parameter before. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress SQLi Sendit
NVD WPScan
CVSS 3.1
6.6
EPSS
1.3%
CVE-2021-24360 MEDIUM POC This Month

The Yes/No Chart WordPress plugin before 1.0.12 did not sanitise its sid shortcode parameter before using it in a SQL statement, allowing medium privilege users (contributor+) to perform Blind SQL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Yes No Chart
NVD WPScan
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-24358 MEDIUM POC This Month

The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.10 did not validate a redirect parameter on a specifically crafted URL before redirecting the user to it, leading to an Open. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Open Redirect The Plus Addons For Elementor
NVD WPScan
CVSS 3.1
6.1
EPSS
2.3%
CVE-2021-24351 MEDIUM POC This Month

The theplus_more_post AJAX action of The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.12 did not properly sanitise some of its fields, leading to a reflected Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS The Plus Addons For Elementor
NVD WPScan
CVSS 3.1
6.1
EPSS
2.5%
CVE-2021-24350 MEDIUM POC This Month

The Visitors WordPress plugin through 0.3 is affected by an Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Visitors Online
NVD WPScan
CVSS 3.1
6.1
EPSS
1.3%
CVE-2021-24349 MEDIUM POC This Month

This Gallery from files WordPress plugin through 1.6.0 gives the functionality of uploading images to the server. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress XSS Gallery From Files
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2021-34693 MEDIUM POC This Month

net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Linux Information Disclosure Linux Kernel Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2021-24382 MEDIUM POC PATCH This Month

The Smart Slider 3 Free and pro WordPress plugins before 3.5.0.9 did not sanitise the Project Name before outputting it back in the page, leading to a Stored Cross-Site Scripting issue. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation WordPress XSS Smart Slider
NVD WPScan
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-24357 MEDIUM POC This Month

In the Best Image Gallery & Responsive Photo Gallery - FooGallery WordPress plugin before 2.0.35, the Custom CSS field of each gallery is not properly sanitised or validated before being being output. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Foogallery
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24346 MEDIUM POC This Month

The Stock in & out WordPress plugin through 1.0.4 has a search functionality, the lowest accessible level to it being contributor. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Stock In Out
NVD WPScan
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-24359 MEDIUM POC This Month

The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.11 did not properly check that a user requesting a password reset was the legitimate user, allowing an attacker to send an. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Open Redirect Authentication Bypass The Plus Addons For Elementor
NVD WPScan
CVSS 3.1
5.3
EPSS
1.1%
CVE-2021-24355 MEDIUM POC This Month

In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, the lack of capability checks and insufficient nonce check on the AJAX actions, simple301redirects/admin/get_wildcard and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Simple 301 Redirects
NVD WPScan
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-0467 MEDIUM This Month

In Chromecast bootROM, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Memory Corruption Google Android
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2021-21557 MEDIUM PATCH This Month

Dell PowerEdge Server BIOS and select Dell Precision Rack BIOS contain an out-of-bounds array access vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Dell RCE Denial Of Service Information Disclosure Poweredge R640 Firmware +30
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-21556 MEDIUM This Month

Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a stack-based buffer overflow vulnerability in systems with NVDIMM-N installed. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Dell Stack Overflow Information Disclosure +10
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-21555 MEDIUM This Month

Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a heap-based buffer overflow vulnerability in systems with NVDIMM-N installed. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Dell Information Disclosure Heap Overflow +10
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-21554 MEDIUM PATCH This Month

Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and, Dell Precision 7920 Rack Workstation BIOS contain a stack-based buffer overflow vulnerability in systems with Intel Optane. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Buffer Overflow Heap Overflow RCE Dell Information Disclosure +11
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-21439 MEDIUM This Month

DoS attack can be performed when an email contains specially designed URL in the body. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Otrs
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-32684 MEDIUM PATCH This Month

magento-scripts contains scripts and configuration used by Create Magento App, a zero-configuration tool-chain which allows one to deploy Magento 2. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Adobe Magento Scripts
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-27887 MEDIUM This Month

Cross-site Scripting (XSS) vulnerability in the main dashboard of Ellipse APM versions allows an authenticated user or integrated application to inject malicious data into the application that can. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Abb Ellipse Asset Performance Management
NVD
CVSS 3.1
5.4
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy