Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-18 | CVE-2021-24141 | SQL Injection vulnerability in Sigmaplugin Advanced Database Cleaner Unvaludated input in the Advanced Database Cleaner plugin, versions before 3.0.2, lead to SQL injection allowing high privilege users (admin+) to perform SQL attacks. | 6.5 |
| 2021-03-18 | CVE-2021-24140 | SQL Injection vulnerability in Connekthq Ajax Load More Unvalidated input in the Ajax Load More WordPress plugin, versions before 5.3.2, lead to SQL Injection in POST /wp-admin/admin-ajax.php with param repeater=' or sleep(5)#&type=test. | 6.5 |
| 2021-03-18 | CVE-2021-24139 | SQL Injection vulnerability in 10Web Photo Gallery Unvalidated input in the Photo Gallery (10Web Photo Gallery) WordPress plugin, versions before 1.5.55, leads to SQL injection via the frontend/models/model.php bwg_search_x parameter. | 7.5 |
| 2021-03-18 | CVE-2021-24138 | SQL Injection vulnerability in Ajdg Adrotate Unvalidated input in the AdRotate WordPress plugin, versions before 5.8.4, leads to Authenticated SQL injection via param "id". | 5.5 |
| 2021-03-18 | CVE-2021-24137 | SQL Injection vulnerability in Adenion Blog2Social Unvalidated input in the Blog2Social WordPress plugin, versions before 6.3.1, lead to SQL Injection in the Re-Share Posts feature, allowing authenticated users to inject arbitrary SQL commands. | 6.5 |
| 2021-03-18 | CVE-2021-24136 | Cross-site Scripting vulnerability in Axelerant Testimonials Widget Unvalidated input and lack of output encoding in the Testimonials Widget WordPress plugin, versions before 4.0.0, lead to multiple Cross-Site Scripting vulnerabilities, allowing remote attackers to inject arbitrary JavaScript code or HTML via the below parameters: - Author - Job Title - Location - Company - Email - URL | 3.5 |
| 2021-03-18 | CVE-2021-24135 | Cross-site Scripting vulnerability in Gowebsolutions WP Customer Reviews Unvalidated input and lack of output encoding in the WP Customer Reviews WordPress plugin, versions before 3.4.3, lead to multiple Stored Cross-Site Scripting vulnerabilities allowing remote attackers to inject arbitrary JavaScript code or HTML. | 4.3 |
| 2021-03-18 | CVE-2021-24134 | Cross-site Scripting vulnerability in Constantcontact Constant Contact Forms Unvalidated input and lack of output encoding in the Constant Contact Forms WordPress plugin, versions before 1.8.8, lead to multiple Stored Cross-Site Scripting vulnerabilities, which allowed high-privileged user (Editor+) to inject arbitrary JavaScript code or HTML in posts where the malicious form is embed. | 3.5 |
| 2021-03-18 | CVE-2021-24133 | Cross-Site Request Forgery (CSRF) vulnerability in Activecampaign Lack of CSRF checks in the ActiveCampaign WordPress plugin, versions before 8.0.2, on its Settings form, which could allow attacker to make a logged-in administrator change API Credentials to attacker's account. | 4.3 |
| 2021-03-18 | CVE-2021-24132 | SQL Injection vulnerability in 10Web Slider The Slider by 10Web WordPress plugin, versions before 1.2.36, in the bulk_action, export_full and save_slider_db functionalities of the plugin were vulnerable, allowing a high privileged user (Admin), or medium one such as Contributor+ (if "Role Options" is turn on for other users) to perform a SQL Injection attacks. | 6.5 |