Skip to main content
CVE-2021-24997 MEDIUM POC This Month

The WP Guppy WordPress plugin before 1.3 does not have any authorisation in some of the REST API endpoints, allowing any user to call them and could lead to sensitive information disclosure, such as. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Authentication Bypass Wp Guppy
NVD GitHub WPScan
CVSS 3.1
6.5
EPSS
2.8%
CVE-2021-24984 MEDIUM POC This Month

The WPFront User Role Editor WordPress plugin before 3.2.1.11184 does not sanitise and escape the changes-saved parameter before outputting it back in the admin dashboard, leading to a Reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wpfront User Role Editor
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-24980 MEDIUM POC This Month

The Gwolle Guestbook WordPress plugin before 4.2.0 does not sanitise and escape the gwolle_gb_user_email parameter before outputting it back in an attribute, leading to a Reflected Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Gwolle Guestbook
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-24979 MEDIUM POC PATCH This Month

The Paid Memberships Pro WordPress plugin before 2.6.6 does not escape the s parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress XSS Paid Memberships Pro
NVD WPScan
CVSS 3.1
6.1
EPSS
1.9%
CVE-2021-24967 MEDIUM POC This Month

The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.6.4 does not sanitise and escape some lead values, which could allow unauthenticated users to perform Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Contact Form Lead Form Elementor Builder
NVD WPScan
CVSS 3.1
6.1
EPSS
1.2%
CVE-2021-24797 MEDIUM POC This Month

The Tickera WordPress plugin before 3.4.8.3 does not properly sanitise and escape the Name fields of booked Events before outputting them in the Orders admin dashboard, which could allow. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Tickera
NVD WPScan
CVSS 3.1
6.1
EPSS
1.2%
CVE-2021-45906 MEDIUM POC This Month

OpenWrt 21.02.1 allows XSS via the NAT Rules Name screen. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openwrt
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-45905 MEDIUM POC This Month

OpenWrt 21.02.1 allows XSS via the Traffic Rules Name screen. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openwrt
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-45904 MEDIUM POC This Month

OpenWrt 21.02.1 allows XSS via the Port Forwards Add Name screen. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openwrt
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-43856 MEDIUM POC PATCH This Month

Wiki.js is a wiki app built on Node.js. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Node.js XSS File Upload Wiki Js
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-43855 MEDIUM POC PATCH This Month

Wiki.js is a wiki app built on node.js. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Node.js XSS File Upload Wiki Js
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-24988 MEDIUM POC This Month

The WP RSS Aggregator WordPress plugin before 4.19.3 does not sanitise and escape data before outputting it in the System Info admin dashboard, which could lead to a Stored XSS issue due to the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress XSS Wp Rss Aggregator
NVD WPScan
CVSS 3.1
5.4
EPSS
0.3%
CVE-2021-24969 MEDIUM POC This Month

The WordPress Download Manager WordPress plugin before 3.2.22 does not sanitise and escape Template data before outputting it in various pages (such as admin dashboard and frontend). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress XSS Download Manager
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24992 MEDIUM POC This Month

The Smart Floating / Sticky Buttons WordPress plugin before 2.5.5 does not sanitise and escape some parameter before outputting them in attributes and page, which could allow high privilege users to. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Buttonizer
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24902 MEDIUM POC This Month

The Typebot | Build beautiful conversational forms WordPress plugin before 1.4.3 does not sanitise and escape the Publish ID setting, which could allow high privilege users to perform Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Typebot
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-43550 MEDIUM This Month

The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information, which affects the communications between Patient Information. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Patient Information Center Ix Efficia Cm Firmware
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2021-43548 MEDIUM This Month

Patient Information Center iX (PIC iX) Versions C.02 and C.03 receives input or data, but does not validate or incorrectly validates that the input has the properties required to process the data. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Patient Information Center Ix
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-45895 MEDIUM PATCH This Month

Netgen Tags Bundle 3.4.x before 3.4.11 and 4.0.x before 4.0.15 allows XSS in the Tags Admin interface. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Tags Bundle
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-35232 MEDIUM This Month

Hard coded credentials discovered in SolarWinds Web Help Desk product. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Webhelpdesk
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2021-38961 MEDIUM This Month

IBM OPENBMC OP910 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Power System Ac922 8335 Gtg Firmware Power System Ac922 8335 Gtc Firmware Power System Ac922 8335 Gtw Firmware
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-43552 MEDIUM This Month

The use of a hard-coded cryptographic key significantly increases the possibility encrypted data may be recovered from the Patient Information Center iX (PIC iX) Versions B.02, C.02, and C.03. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Patient Information Center Ix
NVD
CVSS 3.1
5.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy