Skip to main content
CVE-2021-43043 MEDIUM POC This Month

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Apache Information Disclosure Unitrends Backup
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-43039 MEDIUM POC This Month

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Unitrends Backup
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-25041 MEDIUM POC PATCH This Month

The Photo Gallery by 10Web WordPress plugin before 1.5.68 is vulnerable to Reflected Cross-Site Scripting (XSS) issues via the bwg_album_breadcrumb_0 and shortcode_id GET parameters passed to the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress XSS Photo Gallery
NVD WPScan
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-24939 MEDIUM POC This Month

The LoginWP (Formerly Peter's Login Redirect) WordPress plugin before 3.0.0.5 does not sanitise and escape the rul_login_url and rul_logout_url parameter before outputting them back in attributes in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Loginwp
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-24938 MEDIUM POC This Month

The WOOCS WordPress plugin before 1.3.7.1 does not sanitise and escape the key parameter of the woocs_update_profiles_data AJAX action (available to any authenticated user) before outputting it back. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Woocommerce Currency Switcher
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-24935 MEDIUM POC PATCH This Month

The WP Google Fonts WordPress plugin before 3.1.5 does not escape the googlefont_ajax_name and googlefont_ajax_family parameter of the googlefont_action AJAx action (available to any authenticated. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Google WordPress XSS Wp Google Fonts
NVD WPScan
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-24924 MEDIUM POC This Month

The Email Log WordPress plugin before 2.4.8 does not escape the d parameter before outputting it back in an attribute in the Log page, leading to a Reflected Cross-Site Scripting issue. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Email Log
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-24930 MEDIUM POC This Month

The WordPress Online Booking and Scheduling Plugin WordPress plugin before 20.3.1 does not escape the Staff Full Name field before outputting it back in a page, which could lead to a Stored. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Bookly
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24759 MEDIUM POC This Month

The PDF.js Viewer WordPress plugin before 2.0.2 does not escape some of its shortcode and Gutenberg Block attributes, which could allow users with a role as low as Contributor to to perform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Pdf Js Viewer
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-43784 MEDIUM POC PATCH This Month

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Integer Overflow Runc Debian Linux
NVD GitHub
CVSS 3.1
5.0
EPSS
1.7%
CVE-2021-24718 MEDIUM POC This Month

The Contact Form, Survey & Popup Form Plugin for WordPress plugin before 1.5 does not properly sanitize some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Contact Form Survey Popup Form Plugin For Wordpress Arforms Form Builder
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24714 MEDIUM POC This Month

The Import any XML or CSV File to WordPress plugin before 3.6.3 does not escape the Import's Title and Unique Identifier fields before outputting them in admin pages, which could allow high privilege. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp All Import
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-43781 MEDIUM POC PATCH This Month

Invenio-Drafts-Resources is a submission/deposit module for Invenio, a software framework for research data management. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Invenio Drafts Resources
NVD GitHub
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-35245 MEDIUM This Month

When a user has admin rights in Serv-U Console, the user can move, create and delete any files are able to be accessed on the Serv-U host machine. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Serv U
NVD
CVSS 3.1
6.8
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy