Latest CVE Feed
-
6.1
MEDIUMCVE-2021-38330
The Yet Another bol.com Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/yabp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.... Read more
Affected Products : yabp- EPSS Score: %0.21
- Published: Sep. 10, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-38329
The DJ EmailPublish WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/dj-email-publish.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1... Read more
Affected Products : dj_emailpublish- EPSS Score: %0.21
- Published: Sep. 10, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-38328
The Notices WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/notices.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 6.1.... Read more
Affected Products : notices- EPSS Score: %0.21
- Published: Sep. 10, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-38327
The YouTube Video Inserter WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/adminUI/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and incl... Read more
Affected Products : youtube_video_inserter- EPSS Score: %0.21
- Published: Sep. 10, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-38326
The Post Title Counter WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the notice parameter found in the ~/post-title-counter.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.1.... Read more
Affected Products : post_title_counter- EPSS Score: %0.21
- Published: Sep. 10, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-38325
The User Activation Email WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the uae-key parameter found in the ~/user-activation-email.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.3.... Read more
Affected Products : user-activation-email- EPSS Score: %0.21
- Published: Sep. 09, 2021
- Modified: Nov. 21, 2024
-
8.2
HIGHCVE-2021-38324
The SP Rental Manager WordPress plugin is vulnerable to SQL Injection via the orderby parameter found in the ~/user/shortcodes.php file which allows attackers to retrieve information contained in a site's database, in versions up to and including 1.5.3.... Read more
Affected Products : sp_rental_manager- EPSS Score: %0.51
- Published: Sep. 09, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-38323
The RentPress WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the selections parameter found in the ~/src/rentPress/AjaxRequests.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 6.6.4.... Read more
Affected Products : rentpress- EPSS Score: %0.21
- Published: Sep. 09, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-38322
The Twitter Friends Widget WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the pmc_TF_user and pmc_TF_password parameter found in the ~/twitter-friends-widget.php file which allows attackers to inject arbitrary web scripts, in version... Read more
Affected Products : twitter_friends_widget- EPSS Score: %0.21
- Published: Sep. 09, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-38321
The Custom Menu Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the selected_menu parameter found in the ~/custom-menus.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.3.3.... Read more
Affected Products : custom-sub-menus- EPSS Score: %0.21
- Published: Sep. 09, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-38320
The simpleSAMLphp Authentication WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/simplesamlphp-authentication.php file which allows attackers to inject arbitrary web scripts, in versi... Read more
Affected Products : simplesamlphp_authentication- EPSS Score: %0.26
- Published: Sep. 09, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-38319
The More From Google WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/morefromgoogle.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.... Read more
Affected Products : more_from_google- EPSS Score: %0.21
- Published: Sep. 09, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-38318
The 3D Cover Carousel WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter in the ~/cover-carousel.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.... Read more
Affected Products : 3d_cover_carousel- EPSS Score: %0.21
- Published: Sep. 09, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-38317
The Konnichiwa! Membership WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the plan_id parameter in the ~/views/subscriptions.html.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.8.3.... Read more
Affected Products : konnichiwa- EPSS Score: %0.21
- Published: Sep. 09, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-38316
The WP Academic People List WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the category_name parameter in the ~/admin-panel.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.4.1.... Read more
Affected Products : wp_academic_people_list- EPSS Score: %0.21
- Published: Sep. 09, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-38315
The SP Project & Document Manager WordPress plugin is vulnerable to attribute-based Reflected Cross-Site Scripting via the from and to parameters in the ~/functions.php file which allows attackers to inject arbitrary web scripts, in versions up to and inc... Read more
Affected Products : sp_project_\&_document_manager- EPSS Score: %0.21
- Published: Aug. 16, 2021
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-38314
The Gutenberg Template Library & Redux Framework plugin <= 4.2.11 for WordPress registered several AJAX actions available to unauthenticated users in the `includes` function in `redux-core/class-redux-core.php` that were unique to a given site but determi... Read more
Affected Products : gutenberg_template_library_\&_redux_framework- EPSS Score: %86.72
- Published: Sep. 02, 2021
- Modified: Nov. 21, 2024
-
7.1
HIGHCVE-2021-38312
The Gutenberg Template Library & Redux Framework plugin <= 4.2.11 for WordPress used an incorrect authorization check in the REST API endpoints registered under the “redux/v1/templates/” REST Route in “redux-templates/classes/class-api.php”. The `permissi... Read more
Affected Products : gutenberg_template_library_\&_redux_framework- EPSS Score: %0.22
- Published: Sep. 02, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-38311
In Contiki 3.0, potential nonterminating acknowledgment loops exist in the Telnet service. When the negotiated options are already disabled, servers still respond to DONT and WONT requests with WONT or DONT commands, which may lead to infinite acknowledgm... Read more
Affected Products : contiki- EPSS Score: %0.28
- Published: Aug. 09, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-38306
Network Attached Storage on LG N1T1*** 10124 devices allows an unauthenticated attacker to gain root access via OS command injection in the en/ajp/plugins/access.ssh/checkInstall.php destServer parameter.... Read more
- EPSS Score: %31.59
- Published: Aug. 24, 2021
- Modified: Nov. 21, 2024