Export limit exceeded: 350235 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 350235 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 80436 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (80436 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-24160 | 1 Expresstech | 1 Responsive Menu | 2024-11-21 | 8.8 High |
| In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, subscribers could upload zip archives containing malicious PHP files that would get extracted to the /rmp-menu/ directory. These files could then be accessed via the front end of the site to trigger remote code execution and ultimately allow an attacker to execute commands to further infect a WordPress site. | ||||
| CVE-2021-24159 | 1 Rocklobster | 1 Contact Form 7 | 2024-11-21 | 8.8 High |
| Due to the lack of sanitization and lack of nonce protection on the custom CSS feature, an attacker could craft a request to inject malicious JavaScript on a site using the Contact Form 7 Style WordPress plugin through 3.1.9. If an attacker successfully tricked a site’s administrator into clicking a link or attachment, then the request could be sent and the CSS settings would be successfully updated to include malicious JavaScript. | ||||
| CVE-2021-24155 | 1 Backup-guard | 1 Backup Guard | 2024-11-21 | 7.2 High |
| The WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users (admin+) to upload arbitrary files, including PHP ones, leading to RCE. | ||||
| CVE-2021-24150 | 1 Likebtn-like-button Project | 1 Likebtn-like-button | 2024-11-21 | 7.5 High |
| The LikeBtn WordPress Like Button Rating ♥ LikeBtn WordPress plugin before 2.6.32 was vulnerable to Unauthenticated Full-Read Server-Side Request Forgery (SSRF). | ||||
| CVE-2021-24149 | 1 Webnus | 1 Modern Events Calendar Lite | 2024-11-21 | 8.8 High |
| Unvalidated input in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.6, did not sanitise the mec[post_id] POST parameter in the mec_fes_form AJAX action when logged in as an author+, leading to an authenticated SQL Injection issue. | ||||
| CVE-2021-24146 | 1 Webnus | 1 Modern Events Calendar Lite | 2024-11-21 | 7.5 High |
| Lack of authorisation checks in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format for example. | ||||
| CVE-2021-24145 | 1 Webnus | 1 Modern Events Calendar Lite | 2024-11-21 | 7.2 High |
| Arbitrary file upload in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly check the imported file, allowing PHP ones to be uploaded by administrator by using the 'text/csv' content-type in the request. | ||||
| CVE-2021-24144 | 1 Ciphercoin | 1 Contact Form 7 Database Addon | 2024-11-21 | 7.8 High |
| Unvalidated input in the Contact Form 7 Database Addon plugin, versions before 1.2.5.6, was prone to a vulnerability that lets remote attackers inject arbitrary formulas into CSV files. | ||||
| CVE-2021-24143 | 1 Accesspressthemes | 1 Accesspress Social Icons | 2024-11-21 | 8.8 High |
| Unvalidated input in the AccessPress Social Icons plugin, versions before 1.8.1, did not sanitise its widget attribute, allowing accounts with post permission, such as author, to perform SQL injections. | ||||
| CVE-2021-24142 | 1 Webfactoryltd | 1 301 Redirects | 2024-11-21 | 7.2 High |
| Unvaludated input in the 301 Redirects - Easy Redirect Manager WordPress plugin, versions before 2.51, did not sanitise its "Redirect From" column when importing a CSV file, allowing high privilege users to perform SQL injections. | ||||
| CVE-2021-24141 | 1 Sigmaplugin | 1 Advanced Database Cleaner | 2024-11-21 | 7.2 High |
| Unvaludated input in the Advanced Database Cleaner plugin, versions before 3.0.2, lead to SQL injection allowing high privilege users (admin+) to perform SQL attacks. | ||||
| CVE-2021-24140 | 1 Connekthq | 1 Ajax Load More | 2024-11-21 | 7.2 High |
| Unvalidated input in the Ajax Load More WordPress plugin, versions before 5.3.2, lead to SQL Injection in POST /wp-admin/admin-ajax.php with param repeater=' or sleep(5)#&type=test. | ||||
| CVE-2021-24137 | 1 Adenion | 1 Blog2social | 2024-11-21 | 8.8 High |
| Unvalidated input in the Blog2Social WordPress plugin, versions before 6.3.1, lead to SQL Injection in the Re-Share Posts feature, allowing authenticated users to inject arbitrary SQL commands. | ||||
| CVE-2021-24132 | 1 10web | 1 Slider | 2024-11-21 | 8.8 High |
| The Slider by 10Web WordPress plugin, versions before 1.2.36, in the bulk_action, export_full and save_slider_db functionalities of the plugin were vulnerable, allowing a high privileged user (Admin), or medium one such as Contributor+ (if "Role Options" is turn on for other users) to perform a SQL Injection attacks. | ||||
| CVE-2021-24131 | 1 Cleantalk | 1 Anti-spam | 2024-11-21 | 7.2 High |
| Unvalidated input in the Anti-Spam by CleanTalk WordPress plugin, versions before 5.149, lead to multiple authenticated SQL injection vulnerabilities, however, it requires high privilege user (admin+). | ||||
| CVE-2021-24125 | 1 Contact Form Submissions Project | 1 Contact Form Submissions | 2024-11-21 | 7.2 High |
| Unvalidated input in the Contact Form Submissions WordPress plugin before 1.7.1, could lead to SQL injection in the wpcf7_contact_form GET parameter when submitting a filter request as a high privilege user (admin+) | ||||
| CVE-2021-24123 | 1 Blubrry | 1 Powerpress | 2024-11-21 | 7.2 High |
| Arbitrary file upload in the PowerPress WordPress plugin, versions before 8.3.8, did not verify some of the uploaded feed images (such as the ones from Podcast Artwork section), allowing high privilege accounts (admin+) being able to upload arbitrary files, such as php, leading to RCE. | ||||
| CVE-2021-24112 | 1 Microsoft | 4 .net, .net Core, Mono and 1 more | 2024-11-21 | 8.1 High |
| .NET Core Remote Code Execution Vulnerability | ||||
| CVE-2021-24111 | 1 Microsoft | 10 .net, .net Framework, Windows 10 and 7 more | 2024-11-21 | 7.5 High |
| .NET Framework Denial of Service Vulnerability | ||||
| CVE-2021-24110 | 1 Microsoft | 1 High Efficiency Video Coding | 2024-11-21 | 7.8 High |
| HEVC Video Extensions Remote Code Execution Vulnerability | ||||