Total
9126 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-25110 | 1 Futuriowp | 1 Futurio Extra | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Futurio Extra WordPress plugin before 1.6.3 allows any logged in user, such as subscriber, to extract any other user's email address. | |||||
| CVE-2021-24948 | 1 Posimyth | 1 The Plus Addons For Elementor | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does not validate the qvquery parameter of the tp_get_dl_post_info_ajax AJAX action, which could allow unauthenticated users to retrieve sensitive information, such as private and draft posts | |||||
| CVE-2021-24945 | 1 Likebtn | 1 Like Button Rating | 2024-11-21 | 6.0 MEDIUM | 8.0 HIGH |
| The Like Button Rating ♥ LikeBtn WordPress plugin before 2.6.38 does not have any authorisation and CSRF checks in the likebtn_export_votes AJAX action, which could allow any authenticated user, such as subscriber, to get a list of email and IP addresses of people who liked content from the blog. | |||||
| CVE-2021-24661 | 1 Wpxpo | 1 Postx - Gutenberg Blocks For Post Grid | 2024-11-21 | 3.5 LOW | 4.3 MEDIUM |
| The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with Contributor roles or higher to read password-protected or private post contents the user is otherwise unable to read, given the post ID. | |||||
| CVE-2021-24585 | 1 Motopress | 1 Timetable And Event Schedule | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Timetable and Event Schedule WordPress plugin before 2.4.0 outputs the Hashed Password, Username and Email Address (along other less sensitive data) of the user related to the Even Head of the Timeslot in the response when requesting the event Timeslot data with a user with the edit_posts capability. Combined with the other Unauthorised Event Timeslot Modification issue (https://wpscan.com/reports/submissions/4699/) where an arbitrary user ID can be set, this could allow low privilege users with the edit_posts capability (such as author) to retrieve sensitive User data by iterating over the user_id | |||||
| CVE-2021-24227 | 1 Patreon | 1 Patreon Wordpress | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Jetpack Scan team identified a Local File Disclosure vulnerability in the Patreon WordPress plugin before 1.7.0 that could be abused by anyone visiting the site. Using this attack vector, an attacker could leak important internal files like wp-config.php, which contains database credentials and cryptographic keys used in the generation of nonces and cookies. | |||||
| CVE-2021-24226 | 1 Accessally | 1 Accessally | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In the AccessAlly WordPress plugin before 3.5.7, the file "resource/frontend/product/product-shortcode.php" responsible for the [accessally_order_form] shortcode is dumping serialize($_SERVER), which contains all environment variables. The leakage occurs on all public facing pages containing the [accessally_order_form] shortcode, no login or administrator role is required. | |||||
| CVE-2021-24170 | 1 Cozmoslabs | 1 User Profile Picture | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The REST API endpoint get_users in the User Profile Picture WordPress plugin before 2.5.0 returned more information than was required for its functionality to users with the upload_files capability. This included password hashes, hashed user activation keys, usernames, emails, and other less sensitive information. | |||||
| CVE-2021-24167 | 1 Web-stat | 1 Web-stat | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| When visiting a site running Web-Stat < 1.4.0, the "wts_web_stat_load_init" function used the visitor’s browser to send an XMLHttpRequest request to https://wts2.one/ajax.htm?action=lookup_WP_account. | |||||
| CVE-2021-24164 | 1 Ninjaforms | 1 Ninja Forms | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| In the Ninja Forms Contact Form WordPress plugin before 3.4.34.1, low-level users, such as subscribers, were able to trigger the action, wp_ajax_nf_oauth, and retrieve the connection url needed to establish a connection. They could also retrieve the client_id for an already established OAuth connection. | |||||
| CVE-2021-24163 | 1 Ninjaforms | 1 Ninja Forms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The AJAX action, wp_ajax_ninja_forms_sendwp_remote_install_handler, did not have a capability check on it, nor did it have any nonce protection, therefore making it possible for low-level users, such as subscribers, to install and activate the SendWP Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 and retrieve the client_secret key needed to establish the SendWP connection while also installing the SendWP plugin. | |||||
| CVE-2021-24122 | 3 Apache, Debian, Oracle | 3 Tomcat, Debian Linux, Agile Plm | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpected behaviour of the JRE API File.getCanonicalPath() which in turn was caused by the inconsistent behaviour of the Windows API (FindFirstFileW) in some circumstances. | |||||
| CVE-2021-23937 | 1 Apache | 1 Wicket | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A DNS proxy and possible amplification attack vulnerability in WebClientInfo of Apache Wicket allows an attacker to trigger arbitrary DNS lookups from the server when the X-Forwarded-For header is not properly sanitized. This DNS lookup can be engineered to overload an internal DNS server or to slow down request processing of the Apache Wicket application causing a possible denial of service on either the internal infrastructure or the web application itself. This issue affects Apache Wicket Apache Wicket 9.x version 9.2.0 and prior versions; Apache Wicket 8.x version 8.11.0 and prior versions; Apache Wicket 7.x version 7.17.0 and prior versions and Apache Wicket 6.x version 6.2.0 and later versions. | |||||
| CVE-2021-23890 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-11-21 | 5.8 MEDIUM | 6.5 MEDIUM |
| Information leak vulnerability in the Agent Handler of McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 allows an unauthenticated user to download McAfee product packages (specifically McAfee Agent) available in ePO repository and install them on their own machines to have it managed and then in turn get policy details from the ePO server. This can only happen when the ePO Agent Handler is installed in a Demilitarized Zone (DMZ) to service machines not connected to the network through a VPN. | |||||
| CVE-2021-23858 | 1 Bosch | 24 Indracontrol Xlc, Indracontrol Xlc Firmware, Rexroth Indramotion Mlc L20 and 21 more | 2024-11-21 | 7.8 HIGH | 8.6 HIGH |
| Information disclosure: The main configuration, including users and their hashed passwords, is exposed by an unprotected web server resource and can be accessed without authentication. Additionally, device details are exposed which include the serial number and the firmware version by another unprotected web server resource. | |||||
| CVE-2021-23855 | 1 Bosch | 4 Rexroth Indramotion Mlc, Rexroth Indramotion Mlc Firmware, Rexroth Indramotion Xlc and 1 more | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
| The user and password data base is exposed by an unprotected web server resource. Passwords are hashed with a weak hashing algorithm and therefore allow an attacker to determine the password by using rainbow tables. | |||||
| CVE-2021-23204 | 1 Gallagher | 1 Command Centre | 2024-11-21 | 4.0 MEDIUM | 8.1 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gallagher Command Centre Server allows OSDP key material to be exposed to Command Centre Operators. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3). | |||||
| CVE-2021-23195 | 1 Fresenius-kabi | 8 Agilia Connect, Agilia Connect Firmware, Agilia Partner Maintenance Software and 5 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 has the option for automated indexing (directory listing) activated. When accessing a directory, a web server delivers its entire content in HTML form. If an index file does not exist and directory listing is enabled, all content of the directory will be displayed, allowing an attacker to identify and access files on the server. | |||||
| CVE-2021-23193 | 1 Gallagher | 1 Command Centre | 2024-11-21 | 4.0 MEDIUM | 8.1 HIGH |
| Improper privilege validation vulnerability in COM Interface of Gallagher Command Centre Server allows authenticated unprivileged operators to retrieve sensitive information from the Command Centre Server. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3) ; 8.40 versions prior to 8.40.2063 (MR4); 8.30 versions prior to 8.30.1454 (MR4) ; 8.20 versions prior to 8.20.1291 (MR6); version 8.10 and prior versions. | |||||
| CVE-2021-22925 | 7 Apple, Fedoraproject, Haxx and 4 more | 27 Mac Os X, Macos, Fedora and 24 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application. | |||||