Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total443
Critical34
High82
Medium311
Reset
Showing 441-443 of 443 records
Threat Entry Updated 2024-11-21

CVE-2021-24166 - Before 3 Plugin

The wp_ajax_nf_oauth_disconnect from the Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 had no nonce protection making it possible for attackers to craft a request to disconnect a site's OAuth connection.

PLUGIN Before 3

CVE-2021-24166

MEDIUM CVSS 5.4 2021-04-05
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24164 - Before 3 Plugin

In the Ninja Forms Contact Form WordPress plugin before 3.4.34.1, low-level users, such as subscribers, were able to trigger the action, wp_ajax_nf_oauth, and retrieve the connection url needed to establish a connection. They could also retrieve the client_id for an already established OAuth connection.

PLUGIN Before 3

CVE-2021-24164

MEDIUM CVSS 4.3 2021-04-05
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24153 - Before 3 Plugin

A Stored Cross-Site Scripting vulnerability was discovered in the Yoast SEO WordPress plugin before 3.4.1, which had built-in blacklist filters which were blacklisting Parenthesis as well as several functions such as alert but bypasses were found.

PLUGIN Before 3

CVE-2021-24153

MEDIUM CVSS 5.4 2021-04-05
Open Full Technical Breakdown
Scroll to top