Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total471
Critical68
High135
Medium268
Reset
Showing 461-471 of 471 records
Threat Entry Updated 2024-11-21

CVE-2021-24320 - Before 1 Theme

The Bello - Directory & Listing WordPress theme before 1.6.0 did not properly sanitise and escape its listing_list_view, bt_bb_listing_field_my_lat, bt_bb_listing_field_my_lng, bt_bb_listing_field_distance_value, bt_bb_listing_field_my_lat_default, bt_bb_listing_field_keyword, bt_bb_listing_field_location_autocomplete, bt_bb_listing_field_price_range_from and bt_bb_listing_field_price_range_to parameter in ints listing page, leading to reflected Cross-Site Scripting issues.

THEME Before 1

CVE-2021-24320

MEDIUM CVSS 6.1 2021-06-01
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24319 - Before 1 Theme

The Bello - Directory & Listing WordPress theme before 1.6.0 did not properly sanitise its post_excerpt parameter before outputting it back in the shop/my-account/bello-listing-endpoint/ page, leading to a Cross-Site Scripting issue

THEME Before 1

CVE-2021-24319

MEDIUM CVSS 5.4 2021-06-01
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24317 - Before 1 Theme

The Listeo WordPress theme before 1.6.11 did not properly sanitise some parameters in its Search, Booking Confirmation and Personal Message pages, leading to Cross-Site Scripting issues

THEME Before 1

CVE-2021-24317

MEDIUM CVSS 6.1 2021-06-01
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24297 - Before 2 Theme

The Goto WordPress theme before 2.1 did not properly sanitize the formvalue JSON POST parameter in its tl_filter AJAX action, leading to an unauthenticated Reflected Cross-site Scripting (XSS) vulnerability.

THEME Before 2

CVE-2021-24297

MEDIUM CVSS 6.1 2021-05-24
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24314 - Before 2 Theme

The Goto WordPress theme before 2.1 did not sanitise, validate of escape the keywords GET parameter from its listing page before using it in a SQL statement, leading to an Unauthenticated SQL injection issue

THEME Before 2

CVE-2021-24314

CRITICAL CVSS 9.8 2021-05-17
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24270 - Dethemekit For Elementor

The “DeTheme Kit for Elementor” WordPress Plugin before 1.5.5.5 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.

THEME Dethemekit For Elementor

CVE-2021-24270

MEDIUM CVSS 5.4 2021-05-05
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24235 - Before 2 Theme

The Goto WordPress theme before 2.0 does not sanitise the keywords and start_date GET parameter on its Tour List page, leading to an unauthenticated reflected Cross-Site Scripting issue.

THEME Before 2

CVE-2021-24235

MEDIUM CVSS 6.1 2021-04-22
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24220 - Focusblog By Thrive Themes

Thrive “Legacy” Rise by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, Minus by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes WordPress theme before 2.0.0, FocusBlog by Thrive Themes WordPress theme before 2.0.0, Squared by Thrive Themes WordPress theme before 2.0.0, Voice WordPress theme before 2.0.0, Performag by Thrive Themes WordPress theme before 2.0.0, Pressive by Thrive Themes WordPress theme before 2.0.0, Storied by Thrive Themes WordPress theme before 2.0.0 register a REST API endpoint to compress images using the Kraken…

THEME Focusblog By Thrive Themes

CVE-2021-24220

CRITICAL CVSS 9.1 2021-04-12
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24219 - 1 And Rise By Thrive Themes

The Thrive Optimize WordPress plugin before 1.4.13.3, Thrive Comments WordPress plugin before 1.4.15.3, Thrive Headline Optimizer WordPress plugin before 1.3.7.3, Thrive Leads WordPress plugin before 2.3.9.4, Thrive Ultimatum WordPress plugin before 2.3.9.4, Thrive Quiz Builder WordPress plugin before 2.3.9.4, Thrive Apprentice WordPress plugin before 2.3.9.4, Thrive Visual Editor WordPress plugin before 2.6.7.4, Thrive Dashboard WordPress plugin before 2.3.9.3, Thrive Ovation WordPress plugin before 2.4.5, Thrive Clever Widgets WordPress plugin before 1.57.1 and Rise by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes WordPress theme before 2.0.0, Luxe by…

THEME 1 And Rise By Thrive Themes

CVE-2021-24219

MEDIUM CVSS 5.3 2021-04-12
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24154 - Theme Editor

The Theme Editor WordPress plugin before 2.6 did not validate the GET file parameter before passing it to the download_file() function, allowing administrators to download arbitrary files on the web server, such as /etc/passwd

THEME Theme Editor

CVE-2021-24154

MEDIUM CVSS 4.9 2021-04-05
Open Full Technical Breakdown
Scroll to top