Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-03-18 | CVE-2021-24127 | Cross-site Scripting vulnerability in Caseproof Thirstyaffiliates Affiliate Link Manager Unvalidated input and lack of output encoding in the ThirstyAffiliates Affiliate Link Manager WordPress plugin, versions before 3.9.3, was vulnerable to authenticated Stored Cross-Site Scripting (XSS), which could lead to privilege escalation. | 3.5 |
2021-03-18 | CVE-2021-24126 | Cross-site Scripting vulnerability in Enviragallery Envira Gallery Unvalidated input and lack of output encoding in the Envira Gallery Lite WordPress plugin, versions before 1.8.3.3, did not properly sanitise the images metadata (namely title) before outputting them in the generated gallery, which could lead to privilege escalation. | 3.5 |
2021-03-18 | CVE-2021-24125 | SQL Injection vulnerability in Contact Form Submissions Project Contact Form Submissions Unvalidated input in the Contact Form Submissions WordPress plugin before 1.7.1, could lead to SQL injection in the wpcf7_contact_form GET parameter when submitting a filter request as a high privilege user (admin+) | 6.5 |
2021-03-18 | CVE-2021-24124 | Cross-site Scripting vulnerability in Terryl WP Shieldon Unvalidated input and lack of output encoding in the WP Shieldon WordPress plugin, version 1.6.3 and below, leads to Unauthenticated Reflected Cross-Site Scripting (XSS) when the CAPTCHA page is shown could lead to privileged escalation. | 4.3 |
2021-03-18 | CVE-2021-24123 | Unrestricted Upload of File with Dangerous Type vulnerability in Blubrry Powerpress Arbitrary file upload in the PowerPress WordPress plugin, versions before 8.3.8, did not verify some of the uploaded feed images (such as the ones from Podcast Artwork section), allowing high privilege accounts (admin+) being able to upload arbitrary files, such as php, leading to RCE. | 6.5 |
2021-03-18 | CVE-2021-28133 | Information Exposure vulnerability in Zoom Zoom through 5.5.4 sometimes allows attackers to read private information on a participant's screen, even though the participant never attempted to share the private part of their screen. | 4.3 |
2021-03-18 | CVE-2021-26237 | Out-of-bounds Write vulnerability in Faststone Image Viewer FastStone Image Viewer <= 7.5 is affected by a user mode write access violation at 0x00402d7d, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. | 6.8 |
2021-03-18 | CVE-2021-26235 | NULL Pointer Dereference vulnerability in Faststone Image Viewer FastStone Image Viewer <= 7.5 is affected by a user mode write access violation near NULL at 0x005bdfc9, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. | 6.8 |
2021-03-18 | CVE-2021-26234 | Out-of-bounds Write vulnerability in Faststone Image Viewer FastStone Image Viewer <= 7.5 is affected by a user mode write access violation at 0x00402d8a, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. | 6.8 |
2021-03-18 | CVE-2021-26233 | Out-of-bounds Write vulnerability in Faststone Image Viewer FastStone Image Viewer <= 7.5 is affected by a user mode write access violation near NULL at 0x005bdfcb, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. | 6.8 |