Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total3,047
Critical0
High3,047
Medium0
Reset
Showing 2961-2980 of 3047 records
Threat Entry Updated 2024-11-21

CVE-2021-34632 - Seo Backlinks Plugin

The SEO Backlinks WordPress plugin is vulnerable to Cross-Site Request Forgery via the loc_config function found in the ~/seo-backlinks.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.0.1.

PLUGIN Seo Backlinks

CVE-2021-34632

HIGH CVSS 8.8 2021-08-02
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-34628 - Admin Custom Login Plugin

The Admin Custom Login WordPress plugin is vulnerable to Cross-Site Request Forgery due to the loginbgSave action found in the ~/includes/Login-form-setting/Login-form-background.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.2.7.

PLUGIN Admin Custom Login

CVE-2021-34628

HIGH CVSS 8.8 2021-08-02
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24492 - Before 2 Plugin

The hndtst_action_instance_callback AJAX call of the Handsome Testimonials & Reviews WordPress plugin before 2.1.1, available to any authenticated users, does not sanitise, validate or escape the hndtst_previewShortcodeInstanceId POST parameter before using it in a SQL statement, leading to an SQL Injection issue.

PLUGIN Before 2

CVE-2021-24492

HIGH CVSS 8.8 2021-08-02
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24484 - Function In The Secure Copy Content Protection And Content Locking Plugin

The get_reports() function in the Secure Copy Content Protection and Content Locking WordPress plugin before 2.6.7 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard

PLUGIN Function In The Secure Copy Content Protection And Content Locking

CVE-2021-24484

HIGH CVSS 7.2 2021-08-02
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24483 - Functions In The Poll Maker Plugin

The get_poll_categories(), get_polls() and get_reports() functions in the Poll Maker WordPress plugin before 3.2.1 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard

PLUGIN Functions In The Poll Maker

CVE-2021-24483

HIGH CVSS 7.2 2021-08-02
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24463 - Function In The Image Slider By Ays Responsive Slider And Carousel Plugin

The get_sliders() function in the Image Slider by Ays- Responsive Slider and Carousel WordPress plugin before 2.5.0 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard

PLUGIN Function In The Image Slider By Ays Responsive Slider And Carousel

CVE-2021-24463

HIGH CVSS 8.8 2021-08-02
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24462 - Responsive Image Gallery Plugin

The get_gallery_categories() and get_galleries() functions in the Photo Gallery by Ays – Responsive Image Gallery WordPress plugin before 4.4.4 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard

PLUGIN Responsive Image Gallery

CVE-2021-24462

HIGH CVSS 8.8 2021-08-02
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24461 - Function In The Faq Builder Ays Plugin

The get_faqs() function in the FAQ Builder AYS WordPress plugin before 1.3.6 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard

PLUGIN Function In The Faq Builder Ays

CVE-2021-24461

HIGH CVSS 8.8 2021-08-02
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24460 - Before 3 Plugin

The get_fb_likeboxes() function in the Popup Like box – Page Plugin WordPress plugin before 3.5.3 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard

PLUGIN Before 3

CVE-2021-24460

HIGH CVSS 8.8 2021-08-02
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24459 - Functions In The Survey Maker Plugin

The get_results() and get_items() functions in the Survey Maker WordPress plugin before 1.5.6 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard

PLUGIN Functions In The Survey Maker

CVE-2021-24459

HIGH CVSS 8.8 2021-08-02
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24458 - Functions Of The Popup Box Plugin

The get_ays_popupboxes() and get_popup_categories() functions of the Popup box WordPress plugin before 2.3.4 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard

PLUGIN Functions Of The Popup Box

CVE-2021-24458

HIGH CVSS 8.8 2021-08-02
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24457 - Php Files Of The Portfolio Responsive Gallery Plugin

The get_portfolios() and get_portfolio_attributes() functions in the class-portfolio-responsive-gallery-list-table.php and class-portfolio-responsive-gallery-attributes-list-table.php files of the Portfolio Responsive Gallery WordPress plugin before 1.1.8 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard

PLUGIN Php Files Of The Portfolio Responsive Gallery

CVE-2021-24457

HIGH CVSS 8.8 2021-08-02
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24456 - Before 6 Plugin

The Quiz Maker WordPress plugin before 6.2.0.9 did not properly sanitise and escape the order and orderby parameters before using them in SQL statements, leading to SQL injection issues in the admin dashboard

PLUGIN Before 6

CVE-2021-24456

HIGH CVSS 7.2 2021-08-02
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24430 - Pagespeed Optimization Suite Plugin

The Speed Booster Pack ⚡ PageSpeed Optimization Suite WordPress plugin before 4.2.0 did not validate its caching_exclude_urls and caching_include_query_strings settings before outputting them in a PHP file, which could lead to RCE

PLUGIN Pagespeed Optimization Suite

CVE-2021-24430

HIGH CVSS 7.2 2021-08-02
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-34619 - Stock Manager For Woocommerce Plugin

The WooCommerce Stock Manager WordPress plugin is vulnerable to Cross-Site Request Forgery leading to Arbitrary File Upload in versions up to, and including, 2.5.7 due to missing nonce and file validation in the /woocommerce-stock-manager/trunk/admin/views/import-export.php file.

PLUGIN Stock Manager For Woocommerce

CVE-2021-34619

HIGH CVSS 8.8 2021-07-21
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24453 - Include Me Plugin

The Include Me WordPress plugin through 1.2.1 is vulnerable to path traversal / local file inclusion, which can lead to Remote Code Execution (RCE) of the system due to log poisoning and therefore potentially a full compromise of the underlying structure

PLUGIN Include Me

CVE-2021-24453

HIGH CVSS 8.8 2021-07-19
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-20781 - Wordpress Meta Data And Taxonomies Filter Plugin

Cross-site request forgery (CSRF) vulnerability in WordPress Meta Data Filter & Taxonomies Filter versions prior to v.1.2.8 and versions prior to v.2.2.8 allows remote attackers to hijack the authentication of administrators via unspecified vectors.

PLUGIN Wordpress Meta Data And Taxonomies Filter

CVE-2021-20781

HIGH CVSS 8.8 2021-07-14
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24441 - Sign Up Sheets Plugin

The Sign-up Sheets WordPress plugin before 1.0.14 does not not sanitise or validate the Sheet title when generating the CSV to export, which could lead to a CSV injection issue

PLUGIN Sign Up Sheets

CVE-2021-24441

HIGH CVSS 8.0 2021-07-12
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-34620 - contact_form Plugin

The WP Fluent Forms plugin < 3.6.67 for WordPress is vulnerable to Cross-Site Request Forgery leading to stored Cross-Site Scripting and limited Privilege Escalation due to a missing nonce check in the access control function for administrative AJAX actions

PLUGIN contact_form

CVE-2021-34620

HIGH CVSS 8.8 2021-07-07
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-20780 - Wordpress Currency Switcher Plugin

Cross-site request forgery (CSRF) vulnerability in WPCS - WordPress Currency Switcher 1.1.6 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

PLUGIN Wordpress Currency Switcher

CVE-2021-20780

HIGH CVSS 8.8 2021-07-07
Open Full Technical Breakdown
Scroll to top