Threat Entry Updated 2024-11-21

CVE-2021-24137 - Unvalidated Input In The Blog2social Plugin

Unvalidated input in the Blog2Social WordPress plugin, versions before 6.3.1, lead to SQL Injection in the Re-Share Posts feature, allowing authenticated users to inject arbitrary SQL commands.

PLUGIN Unvalidated Input In The Blog2social

CVE-2021-24137

HIGH CVSS 8.8 2021-03-18

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-11-21

CVE-2021-24132 - Slider By 10web Plugin

The Slider by 10Web WordPress plugin, versions before 1.2.36, in the bulk_action, export_full and save_slider_db functionalities of the plugin were vulnerable, allowing a high privileged user (Admin), or medium one such as Contributor+ (if "Role Options" is turn on for other users) to perform a SQL Injection attacks.

PLUGIN Slider By 10web

CVE-2021-24132

HIGH CVSS 8.8 2021-03-18

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-11-21

CVE-2021-24140 - Unvalidated Input In The Ajax Load More Plugin

Unvalidated input in the Ajax Load More WordPress plugin, versions before 5.3.2, lead to SQL Injection in POST /wp-admin/admin-ajax.php with param repeater=' or sleep(5)#&type=test.

PLUGIN Unvalidated Input In The Ajax Load More

CVE-2021-24140

HIGH CVSS 7.2 2021-03-18

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-11-21

CVE-2021-24131 - Unvalidated Input In The Anti Spam By Cleantalk Plugin

Unvalidated input in the Anti-Spam by CleanTalk WordPress plugin, versions before 5.149, lead to multiple authenticated SQL injection vulnerabilities, however, it requires high privilege user (admin+).

PLUGIN Unvalidated Input In The Anti Spam By Cleantalk

CVE-2021-24131

HIGH CVSS 7.2 2021-03-18

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2025-05-07

CVE-2021-24130 - Unvalidated Input In The Wp Google Map Plugin

Unvalidated input in the WP Google Map Plugin WordPress plugin, versions before 4.1.5, in the Manage Locations page within the plugin settings was vulnerable to SQL Injection through a high privileged user (admin+).

PLUGIN Unvalidated Input In The Wp Google Map

CVE-2021-24130

HIGH CVSS 7.2 2021-03-18

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-11-21

CVE-2021-24125 - Unvalidated Input In The Contact Form Submissions Plugin

Unvalidated input in the Contact Form Submissions WordPress plugin before 1.7.1, could lead to SQL injection in the wpcf7_contact_form GET parameter when submitting a filter request as a high privilege user (admin+)

PLUGIN Unvalidated Input In The Contact Form Submissions

CVE-2021-24125

HIGH CVSS 7.2 2021-03-18

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-11-21

CVE-2021-24123 - Arbitrary File Upload In The Powerpress Plugin

Arbitrary file upload in the PowerPress WordPress plugin, versions before 8.3.8, did not verify some of the uploaded feed images (such as the ones from Podcast Artwork section), allowing high privilege accounts (admin+) being able to upload arbitrary files, such as php, leading to RCE.

PLUGIN Arbitrary File Upload In The Powerpress

CVE-2021-24123

HIGH CVSS 7.2 2021-03-18

Risk Score

Open Full Technical Breakdown