Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total67
Critical4
High14
Medium49
Reset
Showing 61-67 of 67 records
Threat Entry Updated 2024-11-21

CVE-2021-24390 - Through 3 Plugin

A proid GET parameter of the WordPress支付宝Alipay|财付通Tenpay|贝宝PayPal集成插件 WordPress plugin through 3.7.2 is not sanitised, properly escaped or validated before inserting to a SQL statement not delimited by quotes, leading to SQL injection.

PLUGIN Through 3

CVE-2021-24390

HIGH CVSS 7.2 2021-09-06
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24474 - Through 3 Plugin

The Awesome Weather Widget WordPress plugin through 3.0.2 does not sanitize the id parameter of its awesome_weather_refresh AJAX action, leading to an unauthenticated Reflected Cross-Site Scripting (XSS) Vulnerability.

PLUGIN Through 3

CVE-2021-24474

MEDIUM CVSS 6.1 2021-08-02
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24336 - Through 3 Plugin

The FlightLog WordPress plugin through 3.0.2 does not sanitise, validate or escape various POST parameters before using them a SQL statement, leading to SQL injections exploitable by editor and administrator users

PLUGIN Through 3

CVE-2021-24336

HIGH CVSS 7.2 2021-06-07
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24302 - Through 3 Plugin

The Hana Flv Player WordPress plugin through 3.1.3 is vulnerable to an Authenticated Stored Cross-Site Scripting (XSS) vulnerability within the 'Default Skin' field.

PLUGIN Through 3

CVE-2021-24302

MEDIUM CVSS 5.4 2021-05-24
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24284 - Through 3 Plugin

The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows unauthenticated arbitrary file upload via the 'uploadFontIcon' AJAX action. The supplied zipfile being unzipped in the wp-content/uploads/kaswara/fonts_icon directory with no checks for malicious files such as PHP.

PLUGIN Through 3

CVE-2021-24284

CRITICAL CVSS 9.8 2021-05-14
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24253 - Through 3 Plugin

The Classyfrieds WordPress plugin through 3.8 does not properly check the uploaded file when an authenticated user adds a listing, only checking the content-type in the request. This allows any authenticated user to upload arbitrary PHP files via the Add Listing feature of the plugin, leading to RCE.

PLUGIN Through 3

CVE-2021-24253

HIGH CVSS 8.8 2021-05-06
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24159 - Through 3 Plugin

Due to the lack of sanitization and lack of nonce protection on the custom CSS feature, an attacker could craft a request to inject malicious JavaScript on a site using the Contact Form 7 Style WordPress plugin through 3.1.9. If an attacker successfully tricked a site’s administrator into clicking a link or attachment, then the request could be sent and the CSS settings would be successfully updated to include malicious JavaScript.

PLUGIN Through 3

CVE-2021-24159

HIGH CVSS 8.8 2021-04-05
Open Full Technical Breakdown
Scroll to top