CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In April 2021

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
751 CVE-2021-24217 502 Exec Code 2021-04-12 2021-04-20
6.8
None Remote Medium Not required Partial Partial Partial
The run_action function of the Facebook for WordPress plugin before 3.0.0 deserializes user supplied data making it possible for PHP objects to be supplied creating an Object Injection vulnerability. There was also a useable magic method in the plugin that could be used to achieve remote code execution.
752 CVE-2021-24215 284 2021-04-12 2021-04-20
10.0
None Remote Low Not required Complete Complete Complete
An Improper Access Control vulnerability was discovered in the Controlled Admin Access WordPress plugin before 1.5.2. Uncontrolled access to the website customization functionality and global CMS settings, like /wp-admin/customization.php and /wp-admin/options.php, can lead to a complete compromise of the target resource.
753 CVE-2021-24213 79 XSS 2021-04-12 2021-04-20
4.3
None Remote Medium Not required None Partial None
The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.10.0 was affected by a reflected Cross-Site Scripting vulnerability inside of the administration panel, via the 's' GET parameter on the Donors page.
754 CVE-2021-24212 434 2021-04-05 2021-04-12
7.5
None Remote Low Not required Partial Partial Partial
The WooCommerce Help Scout WordPress plugin before 2.9.1 (https://woocommerce.com/products/woocommerce-help-scout/) allows unauthenticated users to upload any files to the site which by default will end up in wp-content/uploads/hstmp.
755 CVE-2021-24211 79 Exec Code XSS 2021-04-05 2021-04-12
3.5
None Remote Medium ??? None Partial None
The WordPress Related Posts plugin through 3.6.4 contains an authenticated (admin+) stored XSS vulnerability in the title field on the settings page. By exploiting that an attacker will be able to execute JavaScript code in the user's browser.
756 CVE-2021-24210 601 2021-04-05 2021-04-12
5.8
None Remote Medium Not required Partial Partial None
There is an open redirect in the PhastPress WordPress plugin before 1.111 that allows an attacker to malform a request to a page with the plugin and then redirect the victim to a malicious page. There is also a support comment from another user one year ago (https://wordpress.org/support/topic/phast-php-used-for-remote-fetch/) that says that the php involved in the request only go to whitelisted pages but it's possible to redirect the victim to any domain.
757 CVE-2021-24209 20 2021-04-05 2021-05-04
9.0
None Remote Low ??? Complete Complete Complete
The WP Super Cache WordPress plugin before 1.7.2 was affected by an authenticated (admin+) RCE in the settings page due to input validation failure and weak $cache_path check in the WP Super Cache Settings -> Cache Location option. Direct access to the wp-cache-config.php file is not prohibited, so this vulnerability can be exploited for a web shell injection.
758 CVE-2021-24208 79 XSS 2021-04-05 2021-04-12
3.5
None Remote Medium ??? None Partial None
The editor of the WP Page Builder WordPress plugin before 1.2.4 allows lower-privileged users to insert unfiltered HTML, including JavaScript, into pages via the “Raw HTML” widget and the “Custom HTML” widgets (though the custom HTML widget requires sending a crafted request - it appears that this widget uses some form of client side validation but not server side validation), all of which are added via the “page_builder_data” parameter when performing the “wppb_page_save” AJAX action. It is also possible to insert malicious JavaScript via the “wppb_page_css” parameter (this can be done by closing out the style tag and opening a script tag) when performing the “wppb_page_save” AJAX action.
759 CVE-2021-24207 863 2021-04-05 2021-05-04
4.0
None Remote Low ??? None Partial None
By default, the WP Page Builder WordPress plugin before 1.2.4 allows subscriber-level users to edit and make changes to any and all posts pages - user roles must be specifically blocked from editing posts and pages.
760 CVE-2021-24206 79 XSS 2021-04-05 2021-04-09
3.5
None Remote Medium ??? None Partial None
In the Elementor Website Builder WordPress plugin before 3.1.4, the image box widget (includes/widgets/image-box.php) accepts a ‘title_size’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request containing JavaScript in the ‘title_size’ parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed.
761 CVE-2021-24205 79 XSS 2021-04-05 2021-04-09
3.5
None Remote Medium ??? None Partial None
In the Elementor Website Builder WordPress plugin before 3.1.4, the icon box widget (includes/widgets/icon-box.php) accepts a ‘title_size’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request containing JavaScript in the ‘title_size’ parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed.
762 CVE-2021-24204 79 XSS 2021-04-05 2021-04-09
3.5
None Remote Medium ??? None Partial None
In the Elementor Website Builder WordPress plugin before 3.1.4, the accordion widget (includes/widgets/accordion.php) accepts a ‘title_html_tag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request containing JavaScript in the ‘title_html_tag’ parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed.
763 CVE-2021-24203 79 XSS 2021-04-05 2021-04-09
3.5
None Remote Medium ??? None Partial None
In the Elementor Website Builder WordPress plugin before 3.1.4, the divider widget (includes/widgets/divider.php) accepts an ‘html_tag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request with this parameter set to ‘script’ and combined with a ‘text’ parameter containing JavaScript, which will then be executed when the saved page is viewed or previewed.
764 CVE-2021-24202 79 XSS 2021-04-05 2021-04-09
3.5
None Remote Medium ??? None Partial None
In the Elementor Website Builder WordPress plugin before 3.1.4, the heading widget (includes/widgets/heading.php) accepts a ‘header_size’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request with this parameter set to ‘script’ and combined with a ‘title’ parameter containing JavaScript, which will then be executed when the saved page is viewed or previewed.
765 CVE-2021-24201 79 XSS 2021-04-05 2021-04-09
3.5
None Remote Medium ??? None Partial None
In the Elementor Website Builder WordPress plugin before 3.1.4, the column element (includes/elements/column.php) accepts an ‘html_tag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request containing JavaScript in the ‘html_tag’ parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed.
766 CVE-2021-24200 89 Sql 2021-04-12 2021-04-13
4.0
None Remote Low ??? Partial None None
The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=get_wdtable&table_id=1, on the 'length' HTTP POST parameter. This allows an attacker to access all the data in the database and obtain access to the WordPress application.
767 CVE-2021-24199 89 Sql 2021-04-12 2021-04-13
4.0
None Remote Low ??? Partial None None
The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=get_wdtable&table_id=1, on the 'start' HTTP POST parameter. This allows an attacker to access all the data in the database and obtain access to the WordPress application.
768 CVE-2021-24198 284 2021-04-12 2021-04-13
5.5
None Remote Low ??? None Partial Partial
The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tamper the parameters to delete the data of another user that are present in the same table through id_key and id_val parameters. By exploiting this issue an attacker is able to delete the data of all users in the same table.
769 CVE-2021-24197 284 2021-04-12 2021-04-13
5.5
None Remote Low ??? Partial Partial None
The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tamper the parameters to access the data of another user that are present in the same table by taking over the user permissions on the table through formdata[wdt_ID] parameter. By exploiting this issue an attacker is able to access and manage the data of all users in the same table.
770 CVE-2021-24196 79 XSS 2021-04-05 2021-04-09
3.5
None Remote Medium ??? None Partial None
The Social Slider Widget WordPress plugin before 1.8.5 allowed Authenticated Reflected XSS in the plugin settings page as the ‘token_error’ parameter can be controlled by users and it is directly echoed without being sanitized
771 CVE-2021-24187 79 XSS 2021-04-05 2021-06-02
3.5
None Remote Medium ??? None Partial None
The setting page of the SEO Redirection Plugin - 301 Redirect Manager WordPress plugin before 6.4 is vulnerable to reflected Cross-Site Scripting (XSS) as user input is not properly sanitised before being output in an attribute.
772 CVE-2021-24186 89 Sql 2021-04-05 2021-04-09
4.0
None Remote Low ??? Partial None None
The tutor_answering_quiz_question/get_answer_by_id function pair from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students.
773 CVE-2021-24185 89 Sql 2021-04-05 2021-04-09
4.0
None Remote Low ??? Partial None None
The tutor_place_rating AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 was vulnerable to blind and time based SQL injections that could be exploited by students.
774 CVE-2021-24184 269 2021-04-05 2021-04-09
6.5
None Remote Low ??? Partial Partial Partial
Several AJAX endpoints in the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 were unprotected, allowing students to modify course information and elevate their privileges among many other actions.
775 CVE-2021-24183 89 Sql 2021-04-05 2021-04-09
4.0
None Remote Low ??? Partial None None
The tutor_quiz_builder_get_question_form AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students.
776 CVE-2021-24182 89 Sql 2021-04-05 2021-04-09
4.0
None Remote Low ??? Partial None None
The tutor_quiz_builder_get_answers_by_question AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students.
777 CVE-2021-24181 89 Sql 2021-04-05 2021-04-09
4.0
None Remote Low ??? Partial None None
The tutor_mark_answer_as_correct AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 was vulnerable to blind and time based SQL injections that could be exploited by students.
778 CVE-2021-24180 79 XSS 2021-04-05 2021-04-09
3.5
None Remote Medium ??? None Partial None
Unvalidated input and lack of output encoding within the Related Posts for WordPress plugin before 2.0.4 lead to a Reflected Cross-Site Scripting (XSS) vulnerability within the 'lang' GET parameter while editing a post, triggered when users with the capability of editing posts access a malicious URL.
779 CVE-2021-24177 79 XSS 2021-04-05 2021-04-09
3.5
None Remote Medium ??? None Partial None
In the default configuration of the File Manager WordPress plugin before 7.1, a Reflected XSS can occur on the endpoint /wp-admin/admin.php?page=wp_file_manager_properties when a payload is submitted on the User-Agent parameter. The payload is then reflected back on the web application response.
780 CVE-2021-24176 79 XSS 2021-04-05 2021-10-18
3.5
None Remote Medium ??? None Partial None
The JH 404 Logger WordPress plugin through 1.1 doesn't sanitise the referer and path of 404 pages, when they are output in the dashboard, which leads to executing arbitrary JavaScript code in the WordPress dashboard.
781 CVE-2021-24175 287 Bypass 2021-04-05 2021-04-09
7.5
None Remote Low Not required Partial Partial Partial
The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.7 was being actively exploited to by malicious actors to bypass authentication, allowing unauthenticated users to log in as any user (including admin) by just providing the related username, as well as create accounts with arbitrary roles, such as admin. These issues can be exploited even if registration is disabled, and the Login widget is not active.
782 CVE-2021-24174 352 CSRF 2021-04-05 2021-12-03
5.8
None Remote Medium Not required Partial Partial None
The Database Backups WordPress plugin through 1.2.2.6 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the database, change the plugin's settings and delete backups.
783 CVE-2021-24173 352 XSS CSRF 2021-04-05 2021-04-09
4.3
None Remote Medium Not required None Partial None
The VM Backups WordPress plugin through 1.0 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as update the plugin's options, leading to a Stored Cross-Site Scripting issue.
784 CVE-2021-24172 352 CSRF 2021-04-05 2021-04-09
4.3
None Remote Medium Not required None Partial None
The VM Backups WordPress plugin through 1.0 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the DB, plugins, and current .
785 CVE-2021-24171 434 Bypass 2021-04-05 2021-04-12
7.5
None Remote Low Not required Partial Partial Partial
The WooCommerce Upload Files WordPress plugin before 59.4 ran a single sanitization pass to remove blocked extensions such as .php. It was possible to bypass this and upload a file with a PHP extension by embedding a "blocked" extension within another "blocked" extension in the "wcuf_file_name" parameter. It was also possible to perform a double extension attack and upload files to a different location via path traversal using the "wcuf_current_upload_session_id" parameter.
786 CVE-2021-24170 200 +Info 2021-04-05 2021-04-09
5.0
None Remote Low Not required Partial None None
The REST API endpoint get_users in the User Profile Picture WordPress plugin before 2.5.0 returned more information than was required for its functionality to users with the upload_files capability. This included password hashes, hashed user activation keys, usernames, emails, and other less sensitive information.
787 CVE-2021-24169 79 XSS 2021-04-05 2021-12-03
4.3
None Remote Medium Not required None Partial None
This Advanced Order Export For WooCommerce WordPress plugin before 3.1.8 helps you to easily export WooCommerce order data. The tab parameter in the Admin Panel is vulnerable to reflected XSS.
788 CVE-2021-24168 79 +Priv XSS 2021-04-05 2021-04-09
3.5
None Remote Medium ??? None Partial None
The Easy Contact Form Pro WordPress plugin before 1.1.1.9 did not properly sanitise the text fields (such as Email Subject, Email Recipient, etc) when creating or editing a form, leading to an authenticated (author+) stored cross-site scripting issue. This could allow medium privilege accounts (such as author and editor) to perform XSS attacks against high privilege ones like administrator.
789 CVE-2021-24167 200 +Info 2021-04-05 2021-04-09
5.0
None Remote Low Not required Partial None None
When visiting a site running Web-Stat < 1.4.0, the "wts_web_stat_load_init" function used the visitor’s browser to send an XMLHttpRequest request to https://wts2.one/ajax.htm?action=lookup_WP_account.
790 CVE-2021-24166 352 2021-04-05 2021-04-09
5.8
None Remote Medium Not required None Partial Partial
The wp_ajax_nf_oauth_disconnect from the Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 had no nonce protection making it possible for attackers to craft a request to disconnect a site's OAuth connection.
791 CVE-2021-24165 601 2021-04-05 2021-04-09
5.8
None Remote Medium Not required Partial Partial None
In the Ninja Forms Contact Form WordPress plugin before 3.4.34, the wp_ajax_nf_oauth_connect AJAX action was vulnerable to open redirect due to the use of a user supplied redirect parameter and no protection in place.
792 CVE-2021-24164 200 +Info 2021-04-05 2021-04-09
4.0
None Remote Low ??? Partial None None
In the Ninja Forms Contact Form WordPress plugin before 3.4.34.1, low-level users, such as subscribers, were able to trigger the action, wp_ajax_nf_oauth, and retrieve the connection url needed to establish a connection. They could also retrieve the client_id for an already established OAuth connection.
793 CVE-2021-24163 200 +Info 2021-04-05 2021-04-09
6.5
None Remote Low ??? Partial Partial Partial
The AJAX action, wp_ajax_ninja_forms_sendwp_remote_install_handler, did not have a capability check on it, nor did it have any nonce protection, therefore making it possible for low-level users, such as subscribers, to install and activate the SendWP Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 and retrieve the client_secret key needed to establish the SendWP connection while also installing the SendWP plugin.
794 CVE-2021-24162 352 2021-04-05 2021-04-08
6.8
None Remote Medium Not required Partial Partial Partial
In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into importing all new settings. These settings could be modified to include malicious JavaScript, therefore allowing an attacker to inject payloads that could aid in further infection of the site.
795 CVE-2021-24161 352 Exec Code 2021-04-05 2021-04-08
6.8
None Remote Medium Not required Partial Partial Partial
In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into uploading a zip archive containing malicious PHP files. The attacker could then access those files to achieve remote code execution and further infect the targeted site.
796 CVE-2021-24160 434 Exec Code 2021-04-05 2021-04-08
6.5
None Remote Low ??? Partial Partial Partial
In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, subscribers could upload zip archives containing malicious PHP files that would get extracted to the /rmp-menu/ directory. These files could then be accessed via the front end of the site to trigger remote code execution and ultimately allow an attacker to execute commands to further infect a WordPress site.
797 CVE-2021-24159 352 2021-04-05 2021-04-20
6.8
None Remote Medium Not required Partial Partial Partial
Due to the lack of sanitization and lack of nonce protection on the custom CSS feature, an attacker could craft a request to inject malicious JavaScript on a site using the Contact Form 7 Style WordPress plugin through 3.1.9. If an attacker successfully tricked a site’s administrator into clicking a link or attachment, then the request could be sent and the CSS settings would be successfully updated to include malicious JavaScript.
798 CVE-2021-24158 269 2021-04-05 2021-04-09
3.5
None Remote Medium ??? None Partial None
Orbit Fox by ThemeIsle has a feature to add a registration form to both the Elementor and Beaver Builder page builders functionality. As part of the registration form, administrators can choose which role to set as the default for users upon registration. This field is hidden from view for lower-level users, however, they can still supply the user_role parameter to update the default role for registration.
799 CVE-2021-24157 79 XSS 2021-04-05 2021-04-09
3.5
None Remote Medium ??? None Partial None
Orbit Fox by ThemeIsle has a feature to add custom scripts to the header and footer of a page or post. There were no checks to verify that a user had the unfiltered_html capability prior to saving the script tags, thus allowing lower-level users to inject scripts that could potentially be malicious.
800 CVE-2021-24156 79 XSS 2021-04-05 2021-04-08
3.5
None Remote Medium ??? None Partial None
Stored Cross-Site Scripting vulnerabilities in Testimonial Rotator 3.0.3 allow low privileged users (Contributor) to inject arbitrary JavaScript code or HTML without approval. This could lead to privilege escalation
Total number of vulnerabilities : 1821   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 (This Page)17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.