Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-03-18 | CVE-2021-24131 | SQL Injection vulnerability in Cleantalk Anti-Spam Unvalidated input in the Anti-Spam by CleanTalk WordPress plugin, versions before 5.149, lead to multiple authenticated SQL injection vulnerabilities, however, it requires high privilege user (admin+). | 6.5 |
2021-03-18 | CVE-2021-24130 | SQL Injection vulnerability in Flippercode WP Google MAP Unvalidated input in the WP Google Map Plugin WordPress plugin, versions before 4.1.5, in the Manage Locations page within the plugin settings was vulnerable to SQL Injection through a high privileged user (admin+). | 6.5 |
2021-03-18 | CVE-2021-24129 | Cross-site Scripting vulnerability in Themify Portfolio Post Unvalidated input and lack of output encoding in the Themify Portfolio Post WordPress plugin, versions before 1.1.6, lead to Stored Cross-Site Scripting (XSS) vulnerabilities allowing low-privileged users (Contributor+) to inject arbitrary JavaScript code or HTML in posts where the Themify Custom Panel is embedded, which could lead to privilege escalation. | 3.5 |
2021-03-18 | CVE-2021-24128 | Cross-site Scripting vulnerability in Wpdarko Team Members Unvalidated input and lack of output encoding in the Team Members WordPress plugin, versions before 5.0.4, lead to Cross-site scripting vulnerabilities allowing medium-privileged authenticated attacker (contributor+) to inject arbitrary web script or HTML via the 'Description/biography' of a member. | 3.5 |
2021-03-18 | CVE-2021-24127 | Cross-site Scripting vulnerability in Caseproof Thirstyaffiliates Affiliate Link Manager Unvalidated input and lack of output encoding in the ThirstyAffiliates Affiliate Link Manager WordPress plugin, versions before 3.9.3, was vulnerable to authenticated Stored Cross-Site Scripting (XSS), which could lead to privilege escalation. | 3.5 |
2021-03-18 | CVE-2021-24126 | Cross-site Scripting vulnerability in Enviragallery Envira Gallery Unvalidated input and lack of output encoding in the Envira Gallery Lite WordPress plugin, versions before 1.8.3.3, did not properly sanitise the images metadata (namely title) before outputting them in the generated gallery, which could lead to privilege escalation. | 3.5 |
2021-03-18 | CVE-2021-24125 | SQL Injection vulnerability in Contact Form Submissions Project Contact Form Submissions Unvalidated input in the Contact Form Submissions WordPress plugin before 1.7.1, could lead to SQL injection in the wpcf7_contact_form GET parameter when submitting a filter request as a high privilege user (admin+) | 6.5 |
2021-03-18 | CVE-2021-24124 | Cross-site Scripting vulnerability in Terryl WP Shieldon Unvalidated input and lack of output encoding in the WP Shieldon WordPress plugin, version 1.6.3 and below, leads to Unauthenticated Reflected Cross-Site Scripting (XSS) when the CAPTCHA page is shown could lead to privileged escalation. | 4.3 |
2021-03-18 | CVE-2021-24123 | Unrestricted Upload of File with Dangerous Type vulnerability in Blubrry Powerpress Arbitrary file upload in the PowerPress WordPress plugin, versions before 8.3.8, did not verify some of the uploaded feed images (such as the ones from Podcast Artwork section), allowing high privilege accounts (admin+) being able to upload arbitrary files, such as php, leading to RCE. | 6.5 |
2021-03-18 | CVE-2021-28133 | Information Exposure vulnerability in Zoom Zoom through 5.5.4 sometimes allows attackers to read private information on a participant's screen, even though the participant never attempted to share the private part of their screen. | 4.3 |