Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In May 2021
CVE-2021-24266
The “The Plus Addons for Elementor Page Builder Lite” WordPress Plugin before 2.0.6 has four widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-05-05
CVE-2021-24267
The “All-in-One Addons for Elementor – WidgetKit” WordPress Plugin before 2.3.10 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-05-05
CVE-2021-24268
The “JetWidgets For Elementor” WordPress Plugin before 1.0.9 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-05-05
CVE-2021-24269
The “Sina Extension for Elementor” WordPress Plugin before 3.3.12 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-05-05
CVE-2021-24270
The “DeTheme Kit for Elementor” WordPress Plugin before 1.5.5.5 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-05-05
CVE-2021-24271
The “Ultimate Addons for Elementor” WordPress Plugin before 1.30.0 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-05-05
CVE-2021-24272
The fitness calculators WordPress plugin before 1.9.6 add calculators for Water intake, BMI calculator, protein Intake, and Body Fat and was lacking CSRF check, allowing attackers to make logged in users perform unwanted actions, such as change the calculator headers. Due to the lack of sanitisation, this could also lead to a Stored Cross-Site Scripting issue
CVSS Score
4.3
EPSS Score
0.002
Published
2021-05-05
CVE-2021-24273
The “Clever Addons for Elementor” WordPress Plugin before 2.1.0 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-05-05
CVE-2021-24274
The Ultimate Maps by Supsystic WordPress plugin before 1.2.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue
CVSS Score
6.1
EPSS Score
0.055
Published
2021-05-05
CVE-2021-24275
The Popup by Supsystic WordPress plugin before 1.10.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue
CVSS Score
6.1
EPSS Score
0.059
Published
2021-05-05


Products
Pricing
Contact Us

Shodan ® - All rights reserved