Skip to main content
CVE-2021-42362 HIGH POC PATCH THREAT Act Now

The WordPress Popular Posts WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/src/Image.php file which makes it possible for. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress RCE PHP File Upload Wordpress Popular Posts
NVD GitHub WPScan Exploit-DB
CVSS 3.1
8.8
EPSS
79.8%
CVE-2021-41931 CRITICAL POC Act Now

The Company's Recruitment Management System in id=2 of the parameter from view_vacancy app on-page appears to be vulnerable to SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Recruitment Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-41274 HIGH POC PATCH This Week

solidus_auth_devise provides authentication services for the Solidus webstore framework, using the Devise gem. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Solidus Auth Devise
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-42956 HIGH POC This Week

Zoho Remote Access Plus Server Windows Desktop Binary fixed in 10.1.2132.6 is affected by a sensitive information disclosure vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Privilege Escalation Zoho Information Disclosure Manageengine Remote Access Plus Server
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-24847 HIGH POC This Week

The importFromRedirection AJAX action of the SEO Redirection Plugin - 301 Redirect Manager WordPress plugin before 8.2, available to any authenticated user, does not properly sanitise the offset. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Seo Redirection 301 Redirect Manager
NVD WPScan
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-24804 HIGH POC This Week

The Simple JWT Login WordPress plugin before 3.2.1 does not have nonce checks when saving its settings, allowing attackers to make a logged in admin changed them. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Simple Jwt Login
NVD WPScan
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-24772 HIGH POC PATCH This Week

The Stream WordPress plugin before 3.8.2 does not sanitise and validate the order GET parameter from the Stream Records admin dashboard before using it in a SQL statement, leading to an SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress SQLi Stream
NVD WPScan
CVSS 3.1
8.8
EPSS
1.5%
CVE-2021-24758 HIGH POC This Week

The Email Log WordPress plugin before 2.4.7 does not properly validate, sanitise and escape the "orderby" and "order" GET parameters before using them in SQL statement in the admin dashboard, leading. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Email Log
NVD WPScan
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-33481 HIGH POC This Week

A stack-based buffer overflow vulnerability was discovered in gocr through 0.53-20200802 in try_to_divide_boxes() in pgm2asc.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Optical Character Recognition
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2021-33479 HIGH POC This Week

A stack-based buffer overflow vulnerability was discovered in gocr through 0.53-20200802 in measure_pitch() in pgm2asc.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Optical Character Recognition
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2021-42955 HIGH POC This Week

Zoho Remote Access Plus Server Windows Desktop binary fixed in version 10.1.2132 is affected by an unauthorized password reset vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Zoho Authentication Bypass Manageengine Remote Access Plus
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-42954 HIGH POC This Week

Zoho Remote Access Plus Server Windows Desktop Binary fixed from 10.1.2121.1 is affected by incorrect access control. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Privilege Escalation Zoho Information Disclosure Manageengine Remote Access Plus
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-41277 HIGH POC KEV PATCH THREAT This Week

Metabase is an open source data analytics platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Metabase
NVD GitHub
CVSS 3.1
7.5
EPSS
97.2%
CVE-2021-43975 MEDIUM POC This Month

In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Linux Memory Corruption Linux Kernel Fedora +9
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2021-24852 MEDIUM POC This Month

The MouseWheel Smooth Scroll WordPress plugin before 5.7 does not have CSRF check in place on its settings page, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Mousewheel Smooth Scroll
NVD WPScan
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-24802 MEDIUM POC This Month

The Colorful Categories WordPress plugin before 2.0.15 does not enforce nonce checks which could allow attackers to make a logged in admin or editor change taxonomy colors via a CSRF attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Colorful Categories
NVD WPScan
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-24796 MEDIUM POC This Month

The My Tickets WordPress plugin before 1.8.31 does not properly sanitise and escape the Email field of booked tickets before outputting it in the Payment admin dashboard, which could allow. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS My Tickets
NVD WPScan
CVSS 3.1
6.1
EPSS
1.2%
CVE-2021-43996 CRITICAL PATCH Act Now

The Ignition component before 1.16.15, and 2.0.x before 2.0.6, for Laravel has a "fix variable names" feature that can lead to incorrect access control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ignition
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-32234 CRITICAL Act Now

SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Smartermail
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-33480 MEDIUM POC This Month

An use-after-free vulnerability was discovered in gocr through 0.53-20200802 in context_correction() in pgm2asc.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Information Disclosure Optical Character Recognition
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2021-42360 MEDIUM POC This Month

On sites that also had the Elementor plugin for WordPress installed, it was possible for users with the edit_posts capability, which includes Contributor-level users, to import blocks onto any page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Starter Templates
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24854 MEDIUM POC This Month

The QR Redirector WordPress plugin before 1.6.1 does not sanitise and escape some of the QR Redirect fields, which could allow users with a role as low as Contributor perform Stored Cross-Site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Qr Redirector
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24850 MEDIUM POC This Month

The Insert Pages WordPress plugin before 3.7.0 adds a shortcode that prints out other pages' content and custom fields. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Insert Pages
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-41275 HIGH PATCH This Week

spree_auth_devise is an open source library which provides authentication and authorization services for use with the Spree storefront framework by using an underlying Devise authentication. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Spree Auth Devise
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-0071 HIGH This Week

Improper input validation in firmware for some Intel(R) PROSet/Wireless WiFi in UEFI may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Intel Privilege Escalation Ax210 Firmware Ax201 Firmware Ax200 Firmware +10
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-24856 MEDIUM POC This Month

The Shared Files WordPress plugin before 1.6.61 does not sanitise and escape the Download Counter Text settings, which could allow high privilege users to perform Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Shared Files
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24841 MEDIUM POC This Month

The Helpful WordPress plugin before 4.4.59 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Helpful
NVD WPScan
CVSS 3.1
4.8
EPSS
0.7%
CVE-2021-24815 MEDIUM POC This Month

The Accept Donations with PayPal WordPress plugin before 1.3.2 does not escape the Amount Menu Name field of created Buttons, which could allow a high privilege users to perform Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Accept Donations With Paypal
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24787 MEDIUM POC This Month

The Client Invoicing by Sprout Invoices WordPress plugin before 19.9.7 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Client Invoicing By Sprout Invoices
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24598 MEDIUM POC PATCH This Month

The Testimonial WordPress plugin before 1.6.0 does not escape some testimonial fields which could allow high privilege users to perform Cross Site Scripting attacks even when the unfiltered_html. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress XSS Testimonial Builder
NVD WPScan
CVSS 3.1
4.8
EPSS
0.7%
CVE-2021-0180 HIGH This Week

Uncontrolled resource consumption in the Intel(R) HAXM software before version 7.6.6 may allow an unauthenticated user to potentially enable privilege escalation via local access. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Intel Denial Of Service Hardware Accelerated Execution Manager
NVD
CVSS 3.1
8.4
EPSS
0.3%
CVE-2021-24853 MEDIUM POC This Month

The QR Redirector WordPress plugin before 1.6 does not have capability and CSRF checks when saving bulk QR Redirector settings via the qr_save_bulk AJAX action, which could allow any authenticated. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Authentication Bypass Qr Redirector
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2021-24851 MEDIUM POC PATCH This Month

The Insert Pages WordPress plugin before 3.7.0 allows users with a role as low as Contributor to access content and metadata from arbitrary posts/pages regardless of their author and status (ie. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress Authentication Bypass Insert Pages
NVD WPScan
CVSS 3.1
4.3
EPSS
0.9%
CVE-2021-24776 MEDIUM POC This Month

The WP Performance Score Booster WordPress plugin before 2.1 does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Wp Performance Score Booster
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2021-0078 HIGH This Week

Improper input validation in software for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi in Windows 10 may allow an unauthenticated user to potentially enable denial of service or information. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Denial Of Service Intel Information Disclosure Ax210 Firmware +14
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2021-43997 HIGH This Week

FreeRTOS versions 10.2.0 through 10.4.5 do not prevent non-kernel code from calling the xPortRaisePrivilege internal function to raise privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Freertos
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-33118 HIGH This Week

Improper access control in the software installer for the Intel(R) Serial IO driver for Intel(R) NUC 11 Gen before version 30.100.2104.1 may allow an authenticated user to potentially enable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Serial Io Driver For Intel Nuc 11 Gen
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-33071 HIGH This Week

Incorrect default permissions in the installer for the Intel(R) oneAPI Rendering Toolkit before version 2021.2 may allow an authenticated user to potentially enable escalation of privilege via local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Oneapi Rendering Toolkit
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-33063 HIGH This Week

Uncontrolled search path in the Intel(R) RealSense(TM) D400 Series UWP driver for Windows 10 before version 6.1.160.22 may allow an authenticated user to potentially enable escalation of privilege. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Intel Realsense D400 Series Universal Windows Platform Driver
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-33062 HIGH This Week

Incorrect default permissions in the software installer for the Intel(R) VTune(TM) Profiler before version 2021.3.0 may allow an authenticated user to potentially enable escalation of privilege via. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Vtune Profiler
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-33058 HIGH This Week

Improper access control in the installer Intel(R)Administrative Tools for Intel(R) Network Adaptersfor Windowsbefore version 1.4.0.21 may allow an unauthenticated user to potentially enable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Administrative Tools For Intel Network Adapters
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-0151 HIGH This Week

Improper access control in the installer for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products in Windows 10 may allow an authenticated user to potentially enable escalation of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Intel Ax210 Firmware Ax201 Firmware +13
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-0082 HIGH This Week

Uncontrolled search path in software installer for Intel(R) PROSet/Wireless WiFi in Windows 10 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Intel Ax210 Firmware Ax201 Firmware +13
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-0065 HIGH This Week

Incorrect default permissions in the Intel(R) PROSet/Wireless WiFi software installer for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Intel Ax210 Firmware Ax201 Firmware +11
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-0064 HIGH This Week

Insecure inherited permissions in the Intel(R) PROSet/Wireless WiFi software installer for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Intel Ax210 Firmware Ax201 Firmware +10
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-33106 HIGH This Week

Integer overflow in the Safestring library maintained by Intel(R) may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Privilege Escalation Intel Safestring Library
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-33095 HIGH This Week

Unquoted search path in the installer for the Intel(R) NUC M15 Laptop Kit Keyboard LED Service driver pack before version 1.0.0.4 may allow an authenticated user to potentially enable escalation of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Nuc M15 Laptop Kit Keyboard Led Service Driver Pack
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-33094 HIGH This Week

Insecure inherited permissions in the installer for the Intel(R) NUC M15 Laptop Kit Keyboard LED Service driver pack before version 1.0.0.4 may allow an authenticated user to potentially enable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Nuc M15 Laptop Kit Keyboard Led Service Driver Pack
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-33093 HIGH This Week

Insecure inherited permissions in the installer for the Intel(R) NUC M15 Laptop Kit Serial IO driver pack before version 30.100.2104.1 may allow an authenticated user to potentially enable escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Nuc M15 Laptop Kit Serial Io Driver Pack
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-33092 HIGH This Week

Incorrect default permissions in the installer for the Intel(R) NUC M15 Laptop Kit HID Event Filter driver pack before version 2.2.1.383 may allow an authenticated user to potentially enable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Nuc M15 Laptop Kit Hid Event Filter Driver Pack
NVD
CVSS 3.1
7.8
EPSS
0.2%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy