Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total125
Critical10
High22
Medium93
Reset
Showing 121-125 of 125 records
Threat Entry Updated 2024-11-21

CVE-2021-24454 - Before 6 Plugin

In the YOP Poll WordPress plugin before 6.2.8, when a pool is created with the options "Allow other answers", "Display other answers in the result list" and "Show results", it can lead to Stored Cross-Site Scripting issues as the 'Other' answer is not sanitised before being output in the page. The execution of the XSS payload depends on the 'Show results' option selected, which could be before or after sending the vote for example.

PLUGIN Before 6

CVE-2021-24454

MEDIUM CVSS 6.1 2021-07-12
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24429 - Before 6 Plugin

The Salon booking system WordPress plugin before 6.3.1 does not properly sanitise and escape the First Name field when booking an appointment, allowing low privilege users such as subscriber to set JavaScript in them, leading to a Stored Cross-Site Scripting (XSS) vulnerability. The Payload will then be triggered when an admin visits the "Calendar" page and the malicious script is executed in the admin context.

PLUGIN Before 6

CVE-2021-24429

MEDIUM CVSS 6.1 2021-07-12
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24327 - Before 6 Plugin

The SEO Redirection Plugin – 301 Redirect Manager WordPress plugin before 6.4 did not sanitise the Redirect From and Redirect To fields when creating a new redirect in the dashboard, allowing high privilege users (even with the unfiltered_html disabled) to set XSS payloads

PLUGIN Before 6

CVE-2021-24327

MEDIUM CVSS 4.8 2021-05-17
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24260 - Before 6 Plugin

The “Livemesh Addons for Elementor” WordPress Plugin before 6.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.

PLUGIN Before 6

CVE-2021-24260

MEDIUM CVSS 5.4 2021-05-05
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24187 - Before 6 Plugin

The setting page of the SEO Redirection Plugin - 301 Redirect Manager WordPress plugin before 6.4 is vulnerable to reflected Cross-Site Scripting (XSS) as user input is not properly sanitised before being output in an attribute.

PLUGIN Before 6

CVE-2021-24187

MEDIUM CVSS 5.4 2021-04-05
Open Full Technical Breakdown
Scroll to top