Skip to main content
CVE-2021-24835 HIGH POC This Week

The WCFM - Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible WordPress plugin before 6.5.12, when used in combination with another WCFM - WooCommerce Multivendor. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Frontend Manager For Woocommerce Along With Bookings Subscription Listings Compatible
NVD WPScan
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-24829 HIGH POC This Week

The Visitor Traffic Real Time Statistics WordPress plugin before 3.9 does not validate and escape user input passed to the today_traffic_index AJAX action (available to any authenticated users). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Visitor Traffic Real Time Statistics
NVD WPScan
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-24669 HIGH POC This Week

The MAZ Loader - Preloader Builder for WordPress plugin before 1.3.3 does not validate or escape the loader_id parameter of the mzldr shortcode, which allows users with a role as low as Contributor. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Maz Loader
NVD WPScan
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-24631 HIGH POC This Week

The Unlimited PopUps WordPress plugin through 4.5.3 does not sanitise or escape the did GET parameter before using it in a SQL statement, available to users as low as editor, leading to an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Unlimited Popups
NVD WPScan
CVSS 3.1
8.8
EPSS
1.5%
CVE-2021-24630 HIGH POC This Week

The Schreikasten WordPress plugin through 0.14.18 does not sanitise or escape the id GET parameter before using it in SQL statements in the comments dashboard from various actions, leading to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Schreikasten
NVD WPScan
CVSS 3.1
8.8
EPSS
1.5%
CVE-2021-24626 HIGH POC This Week

The Chameleon CSS WordPress plugin through 1.2 does not have any CSRF and capability checks in all its AJAX calls, allowing any authenticated user, such as subscriber to call them and perform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress SQLi Chameleon Css
NVD WPScan
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-24575 HIGH POC This Week

The School Management System - WPSchoolPress WordPress plugin before 2.1.10 does not properly sanitize or use prepared statements before using POST variable in SQL queries, leading to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Wpschoolpress
NVD WPScan
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-42372 HIGH POC This Week

A shell command injection in the HW Events SNMP community in XoruX LPAR2RRD and STOR2RRD before 7.30 allows authenticated remote attackers to execute arbitrary shell commands as the user running the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Lpar2Rrd Stor2Rrd
NVD GitHub
CVSS 3.1
8.8
EPSS
6.1%
CVE-2021-42072 HIGH POC This Week

An issue was discovered in Barrier before 2.4.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Barrier Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-31599 HIGH POC This Week

An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Vantara Pentaho Vantara Pentaho Business Intelligence Server
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2021-42073 HIGH POC This Week

An issue was discovered in Barrier before 2.4.0. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Session Fixation Barrier
NVD GitHub
CVSS 3.1
8.2
EPSS
1.4%
CVE-2021-41253 HIGH POC PATCH This Week

Zydis is an x86/x86-64 disassembler library. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Buffer Overflow Heap Overflow Zydis
NVD GitHub
CVSS 3.1
8.1
EPSS
1.8%
CVE-2021-24647 HIGH POC This Week

The Registration Forms - User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.1.7.6 has a flaw in the social login implementation, allowing. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Pie Register
NVD WPScan
CVSS 3.1
8.1
EPSS
8.4%
CVE-2021-24695 HIGH POC This Week

The Simple Download Monitor WordPress plugin before 3.9.6 saves logs in a predictable location, and does not have any authentication or authorisation in place to prevent unauthenticated users to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Simple Download Monitor
NVD WPScan
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-39182 HIGH POC PATCH This Week

EnroCrypt is a Python module for encryption and hashing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure Enrocrypt
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2021-28022 HIGH POC This Week

Blind SQL injection in the login form in ServiceTonic Helpdesk software < 9.0.35937 allows attacker to exfiltrate information via specially crafted HQL-compatible time-based SQL queries. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Servicetonic
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-42076 HIGH POC This Week

An issue was discovered in Barrier before 2.3.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Barrier
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-42075 HIGH POC This Week

An issue was discovered in Barrier before 2.3.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Barrier
NVD GitHub
CVSS 3.1
7.5
EPSS
2.1%
CVE-2021-42074 HIGH POC This Week

An issue was discovered in Barrier before 2.3.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Information Disclosure Barrier
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-31602 HIGH POC THREAT This Week

An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Authentication Bypass Vantara Pentaho Vantara Pentaho Business Intelligence Server
NVD
CVSS 3.1
7.5
EPSS
51.7%
CVE-2021-24844 HIGH POC PATCH This Week

The Affiliates Manager WordPress plugin before 2.8.7 does not validate the orderby parameter before using it in an SQL statement in the admin dashboard, leading to an SQL Injection issue. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress SQLi Affiliates Manager
NVD WPScan
CVSS 3.1
7.2
EPSS
1.5%
CVE-2021-24791 HIGH POC This Week

The Header Footer Code Manager WordPress plugin before 1.1.14 does not validate and escape the "orderby" and "order" request parameters before using them in a SQL statement when viewing the Snippets. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Header Footer Code Manager
NVD WPScan
CVSS 3.1
7.2
EPSS
5.1%
CVE-2021-24629 HIGH POC This Week

The Post Content XMLRPC WordPress plugin through 1.0 does not sanitise or escape multiple GET/POST parameters before using them in SQL statements in the admin dashboard, leading to an authenticated. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Post Content Xmlrpc
NVD WPScan
CVSS 3.1
7.2
EPSS
1.5%
CVE-2021-24628 HIGH POC This Week

The Wow Forms WordPress plugin through 3.1.3 does not sanitise or escape a 'did' GET parameter before using it in a SQL statement, when deleting a form in the admin dashboard, leading to an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Wow Forms
NVD WPScan
CVSS 3.1
7.2
EPSS
1.5%
CVE-2021-24627 HIGH POC This Week

The G Auto-Hyperlink WordPress plugin through 1.0.1 does not sanitise or escape an 'id' GET parameter before using it in a SQL statement, to select data to be displayed in the admin dashboard,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi G Auto Hyperlink
NVD WPScan
CVSS 3.1
7.2
EPSS
6.6%
CVE-2021-24625 HIGH POC This Week

The SpiderCatalog WordPress plugin through 1.7.3 does not sanitise or escape the 'parent' and 'ordering' parameters from the admin dashboard before using them in a SQL statement, leading to a SQL. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Spidercatalog
NVD WPScan
CVSS 3.1
7.2
EPSS
1.5%
CVE-2021-24537 HIGH POC This Week

The Similar Posts WordPress plugin through 3.1.5 allow high privilege users to execute arbitrary PHP code in an hardened environment (ie with DISALLOW_FILE_EDIT, DISALLOW_FILE_MODS and. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress RCE PHP Code Injection Similar Posts
NVD WPScan
CVSS 3.1
7.2
EPSS
1.5%
CVE-2021-34685 HIGH POC This Week

UploadService in Hitachi Vantara Pentaho Business Analytics through 9.1 does not properly verify uploaded user files, which allows an authenticated user to upload various files of different file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Vantara Pentaho
NVD
CVSS 3.1
7.2
EPSS
2.2%
CVE-2021-41772 HIGH PATCH This Week

Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Go Fedora Timesten In Memory Database
NVD
CVSS 3.1
7.5
EPSS
3.1%
CVE-2021-41771 HIGH PATCH This Week

ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Go Fedora Debian Linux
NVD
CVSS 3.1
7.5
EPSS
4.4%
CVE-2021-42370 HIGH This Week

A password mismanagement situation exists in XoruX LPAR2RRD and STOR2RRD before 7.30 because cleartext information is present in HTML password input fields in the device properties. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lpar2Rrd Stor2Rrd
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy