Skip to main content
CVE-2021-24659 MEDIUM This Month

The PostX - Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the plugin's block. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Postx Gutenberg Blocks For Post Grid
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-41580 MEDIUM PATCH This Month

The passport-oauth2 package before 1.6.1 for Node.js mishandles the error condition of failure to obtain an access token. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Information Disclosure Passport Oauth2
NVD GitHub
CVSS 3.1
5.3
EPSS
1.3%
CVE-2021-40349 MEDIUM PATCH This Month

e7d Speed Test (aka speedtest) 0.5.3 allows a path-traversal attack that results in information disclosure via the "GET /.." substring. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Information Disclosure Speed Test
NVD GitHub
CVSS 3.1
5.3
EPSS
1.1%
CVE-2021-0660 MEDIUM This Month

In ccu, there is a possible out of bounds read due to incorrect error handling. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2021-36875 MEDIUM This Month

Cross-site Scripting (XSS) vulnerability in Stylemix Directory Listings WordPress plugin - uListing allows Reflected XSS.0.5. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Ulisting
NVD
CVSS 3.1
4.8
EPSS
0.7%
CVE-2021-36845 MEDIUM This Month

Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in YITH Maintenance Mode (WordPress plugin) versions <= 1.3.8, there are 46 vulnerable parameters that were missed by the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Yith Maintenance Mode
NVD
CVSS 3.1
4.8
EPSS
0.7%
CVE-2021-20317 MEDIUM PATCH This Month

A flaw was found in the Linux kernel. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Linux Denial Of Service Linux Kernel Debian Linux
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2021-24661 MEDIUM This Month

The PostX - Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with Contributor roles or higher to read password-protected or private post. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Information Disclosure Postx Gutenberg Blocks For Post Grid
NVD WPScan
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-36878 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for attackers to update settings. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Ulisting
NVD
CVSS 3.1
4.3
EPSS
0.4%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy