Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total922
Critical922
High0
Medium0
Reset
Showing 921-922 of 922 records
Threat Entry Updated 2024-11-21

CVE-2021-24139 - Photo Gallery Plugin

Unvalidated input in the Photo Gallery (10Web Photo Gallery) WordPress plugin, versions before 1.5.55, leads to SQL injection via the frontend/models/model.php bwg_search_x parameter.

PLUGIN Photo Gallery

CVE-2021-24139

CRITICAL CVSS 9.8 2021-03-18
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-3120 - Yith Woocommerce Gift Cards Plugin

An arbitrary file upload vulnerability in the YITH WooCommerce Gift Cards Premium plugin before 3.3.1 for WordPress allows remote attackers to achieve remote code execution on the operating system in the security context of the web server. In order to exploit this vulnerability, an attacker must be able to place a valid Gift Card product into the shopping cart. An uploaded file is placed at a predetermined path on the web server with a user-specified filename and extension. This occurs because the ywgc-upload-picture parameter can have a .php value even…

PLUGIN Yith Woocommerce Gift Cards

CVE-2021-3120

CRITICAL CVSS 9.8 2021-02-22
Open Full Technical Breakdown
Scroll to top