Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total808
Critical39
High132
Medium616
Reset
Showing 801-808 of 808 records
Threat Entry Updated 2024-11-21

CVE-2021-24185 - Before 1 Plugin

The tutor_place_rating AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 was vulnerable to blind and time based SQL injections that could be exploited by students.

PLUGIN Before 1

CVE-2021-24185

MEDIUM CVSS 6.5 2021-04-05
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24183 - Before 1 Plugin

The tutor_quiz_builder_get_question_form AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students.

PLUGIN Before 1

CVE-2021-24183

MEDIUM CVSS 6.5 2021-04-05
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24182 - Before 1 Plugin

The tutor_quiz_builder_get_answers_by_question AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students.

PLUGIN Before 1

CVE-2021-24182

MEDIUM CVSS 6.5 2021-04-05
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24181 - Before 1 Plugin

The tutor_mark_answer_as_correct AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 was vulnerable to blind and time based SQL injections that could be exploited by students.

PLUGIN Before 1

CVE-2021-24181

MEDIUM CVSS 6.5 2021-04-05
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24196 - Before 1 Plugin

The Social Slider Widget WordPress plugin before 1.8.5 allowed Authenticated Reflected XSS in the plugin settings page as the ‘token_error’ parameter can be controlled by users and it is directly echoed without being sanitized

PLUGIN Before 1

CVE-2021-24196

MEDIUM CVSS 5.4 2021-04-05
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24168 - Before 1 Plugin

The Easy Contact Form Pro WordPress plugin before 1.1.1.9 did not properly sanitise the text fields (such as Email Subject, Email Recipient, etc) when creating or editing a form, leading to an authenticated (author+) stored cross-site scripting issue. This could allow medium privilege accounts (such as author and editor) to perform XSS attacks against high privilege ones like administrator.

PLUGIN Before 1

CVE-2021-24168

MEDIUM CVSS 5.4 2021-04-05
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24155 - Before 1 Plugin

The WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users (admin+) to upload arbitrary files, including PHP ones, leading to RCE.

PLUGIN Before 1

CVE-2021-24155

HIGH CVSS 7.2 2021-04-05
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24125 - Before 1 Plugin

Unvalidated input in the Contact Form Submissions WordPress plugin before 1.7.1, could lead to SQL injection in the wpcf7_contact_form GET parameter when submitting a filter request as a high privilege user (admin+)

PLUGIN Before 1

CVE-2021-24125

HIGH CVSS 7.2 2021-03-18
Open Full Technical Breakdown
Scroll to top