Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total7
Critical0
High2
Medium5
Reset
Showing 1-7 of 7 records
Threat Entry Updated 2025-04-01

CVE-2024-1487 - Before 21 Plugin

The Photos and Files Contest Gallery WordPress plugin before 21.3.1 does not sanitize and escape some parameters, which could allow users with a role as low as author to perform Cross-Site Scripting attacks.

PLUGIN Before 21

CVE-2024-1487

MEDIUM CVSS 5.4 2024-03-11
Open Full Technical Breakdown
Threat Entry Updated 2025-04-22

CVE-2023-5307 - Before 21 Plugin

The Photos and Files Contest Gallery WordPress plugin before 21.2.8.1 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks via certain headers.

PLUGIN Before 21

CVE-2023-5307

MEDIUM CVSS 6.1 2023-10-31
Open Full Technical Breakdown
Threat Entry Updated 2025-02-26

CVE-2023-0865 - Before 21 Plugin

The WooCommerce Multiple Customer Addresses & Shipping WordPress plugin before 21.7 does not ensure that the address to add/update/retrieve/delete and duplicate belong to the user making the request, or is from a high privilege users, allowing any authenticated users, such as subscriber to add/update/duplicate/delete as well as retrieve addresses of other users.

PLUGIN Before 21

CVE-2023-0865

HIGH CVSS 8.8 2023-03-20
Open Full Technical Breakdown
Threat Entry Updated 2025-05-14

CVE-2022-3126 - Before 21 Plugin

The Frontend File Manager Plugin WordPress plugin before 21.4 does not have CSRF check when uploading files, which could allow attackers to make logged in users upload files on their behalf

PLUGIN Before 21

CVE-2022-3126

MEDIUM CVSS 4.3 2022-10-17
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-3125 - Before 21 Plugin

The Frontend File Manager Plugin WordPress plugin before 21.3 allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to basically be able to upload arbitrary files on the server and achieve RCE

PLUGIN Before 21

CVE-2022-3125

HIGH CVSS 8.8 2022-10-03
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-3124 - Before 21 Plugin

The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server

PLUGIN Before 21

CVE-2022-3124

MEDIUM CVSS 5.3 2022-10-03
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24299 - Before 21 Plugin

The ReDi Restaurant Reservation WordPress plugin before 21.0426 provides the functionality to let users make restaurant reservations. These reservations are stored and can be listed on an 'Upcoming' page provided by the plugin. An unauthenticated user can fill in the form to make a restaurant reservation. The form to make a restaurant reservation field called 'Comment' does not use proper input validation and can be used to store XSS payloads. The XSS payloads will be executed when the plugin user goes to the 'Upcoming' page, which is an external website…

PLUGIN Before 21

CVE-2021-24299

MEDIUM CVSS 6.1 2021-05-17
Open Full Technical Breakdown
Scroll to top