Skip to main content
CVE-2021-34647 MEDIUM POC PATCH This Month

The Ninja Forms WordPress plugin is vulnerable to sensitive information disclosure via the bulk_export_submissions function found in the ~/includes/Routes/Submissions.php file, in versions up to and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress PHP Information Disclosure Authentication Bypass Ninja Forms
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-39404 MEDIUM POC This Month

MaianAffiliate v1.0 allows an authenticated administrative user to save an XSS to the database. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Maianaffiliate
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2021-34648 MEDIUM POC PATCH This Month

The Ninja Forms WordPress plugin is vulnerable to arbitrary email sending via the trigger_email_action function found in the ~/includes/Routes/Submissions.php file, in versions up to and including. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress PHP Authentication Bypass Ninja Forms
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2021-21992 MEDIUM This Month

The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure VMware Cloud Foundation Vcenter Server
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-37860 MEDIUM PATCH This Month

Mattermost 5.38 and earlier fails to sufficiently sanitize clipboard contents, which allows a user-assisted attacker to inject arbitrary web script in product deployments that explicitly disable the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost XSS
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-38153 MEDIUM PATCH This Month

Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Apache Information Disclosure Kafka Quarkus Communications Brm Elastic Charging Engine +5
NVD
CVSS 3.1
5.9
EPSS
5.8%
CVE-2021-39339 MEDIUM This Month

The Telefication WordPress plugin is vulnerable to Open Proxy and Server-Side Request Forgery via the ~/bypass.php file due to a user-supplied URL request value that gets called by a curl requests. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress PHP SSRF Telefication
NVD
CVSS 3.1
5.3
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy