Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total632
Critical40
High107
Medium472
Reset
Showing 621-632 of 632 records
Threat Entry Updated 2024-11-21

CVE-2021-24267 - Before 2 Plugin

The “All-in-One Addons for Elementor – WidgetKit” WordPress Plugin before 2.3.10 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.

PLUGIN Before 2

CVE-2021-24267

MEDIUM CVSS 5.4 2021-05-05
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24266 - Before 2 Plugin

The “The Plus Addons for Elementor Page Builder Lite” WordPress Plugin before 2.0.6 has four widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.

PLUGIN Before 2

CVE-2021-24266

MEDIUM CVSS 5.4 2021-05-05
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24263 - Before 2 Plugin

The “Elementor Addons – PowerPack Addons for Elementor” WordPress Plugin before 2.3.2 for WordPress has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.

PLUGIN Before 2

CVE-2021-24263

MEDIUM CVSS 5.4 2021-05-05
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24235 - Before 2 Theme

The Goto WordPress theme before 2.0 does not sanitise the keywords and start_date GET parameter on its Tour List page, leading to an unauthenticated reflected Cross-Site Scripting issue.

THEME Before 2

CVE-2021-24235

MEDIUM CVSS 6.1 2021-04-22
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24220 - Before 2 Theme

Thrive “Legacy” Rise by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, Minus by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes WordPress theme before 2.0.0, FocusBlog by Thrive Themes WordPress theme before 2.0.0, Squared by Thrive Themes WordPress theme before 2.0.0, Voice WordPress theme before 2.0.0, Performag by Thrive Themes WordPress theme before 2.0.0, Pressive by Thrive Themes WordPress theme before 2.0.0, Storied by Thrive Themes WordPress theme before 2.0.0 register a REST API endpoint to compress images using the Kraken…

THEME Before 2

CVE-2021-24220

CRITICAL CVSS 9.1 2021-04-12
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24213 - Before 2 Plugin

The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.10.0 was affected by a reflected Cross-Site Scripting vulnerability inside of the administration panel, via the 's' GET parameter on the Donors page.

PLUGIN Before 2

CVE-2021-24213

MEDIUM CVSS 6.1 2021-04-12
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24219 - Before 2 Plugin

The Thrive Optimize WordPress plugin before 1.4.13.3, Thrive Comments WordPress plugin before 1.4.15.3, Thrive Headline Optimizer WordPress plugin before 1.3.7.3, Thrive Leads WordPress plugin before 2.3.9.4, Thrive Ultimatum WordPress plugin before 2.3.9.4, Thrive Quiz Builder WordPress plugin before 2.3.9.4, Thrive Apprentice WordPress plugin before 2.3.9.4, Thrive Visual Editor WordPress plugin before 2.6.7.4, Thrive Dashboard WordPress plugin before 2.3.9.3, Thrive Ovation WordPress plugin before 2.4.5, Thrive Clever Widgets WordPress plugin before 1.57.1 and Rise by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes WordPress theme before 2.0.0, Luxe by…

PLUGIN Before 2

CVE-2021-24219

MEDIUM CVSS 5.3 2021-04-12
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24212 - Before 2 Plugin

The WooCommerce Help Scout WordPress plugin before 2.9.1 (https://woocommerce.com/products/woocommerce-help-scout/) allows unauthenticated users to upload any files to the site which by default will end up in wp-content/uploads/hstmp.

PLUGIN Before 2

CVE-2021-24212

CRITICAL CVSS 9.8 2021-04-05
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24180 - Before 2 Plugin

Unvalidated input and lack of output encoding within the Related Posts for WordPress plugin before 2.0.4 lead to a Reflected Cross-Site Scripting (XSS) vulnerability within the 'lang' GET parameter while editing a post, triggered when users with the capability of editing posts access a malicious URL.

PLUGIN Before 2

CVE-2021-24180

MEDIUM CVSS 5.4 2021-04-05
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24170 - Before 2 Plugin

The REST API endpoint get_users in the User Profile Picture WordPress plugin before 2.5.0 returned more information than was required for its functionality to users with the upload_files capability. This included password hashes, hashed user activation keys, usernames, emails, and other less sensitive information.

PLUGIN Before 2

CVE-2021-24170

HIGH CVSS 7.5 2021-04-05
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24150 - Before 2 Plugin

The LikeBtn WordPress Like Button Rating ♥ LikeBtn WordPress plugin before 2.6.32 was vulnerable to Unauthenticated Full-Read Server-Side Request Forgery (SSRF).

PLUGIN Before 2

CVE-2021-24150

HIGH CVSS 7.5 2021-04-05
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24154 - Before 2 Plugin

The Theme Editor WordPress plugin before 2.6 did not validate the GET file parameter before passing it to the download_file() function, allowing administrators to download arbitrary files on the web server, such as /etc/passwd

PLUGIN Before 2

CVE-2021-24154

MEDIUM CVSS 4.9 2021-04-05
Open Full Technical Breakdown
Scroll to top