Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In June 2021
The Comments Like Dislike WordPress plugin before 1.1.4 allows users to like/dislike posted comments, however does not prevent them from replaying the AJAX request to add a like. This allows any user (even unauthenticated) to add unlimited like/dislike to any comment. The plugin appears to have some Restriction modes, such as Cookie Restriction, IP Restrictions, Logged In User Restriction, however, they do not prevent such attack as they only check client side
CVSS Score
5.3
EPSS Score
0.002
Published
2021-06-21
The WP Google Maps WordPress plugin before 8.1.12 did not sanitise, validate of escape the Map Name when output in the Map List of the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue
CVSS Score
5.4
EPSS Score
0.009
Published
2021-06-21
A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Vfsjfilechooser2 version 0.2.9 and below which occurs when the application attempts to validate crafted URIs.
CVSS Score
7.5
EPSS Score
0.015
Published
2021-06-21
A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Mpmath v1.0.0 through v1.2.1 when the mpmathify function is called.
CVSS Score
7.5
EPSS Score
0.024
Published
2021-06-21
An XXE vulnerability exists in ConnectWise Automate before 2021.0.6.132.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-06-21
An issue was discovered in the stripTags and unescapeHTML components in Prototype 1.7.3 where an attacker can cause a Regular Expression Denial of Service (ReDOS) through stripping crafted HTML tags.
CVSS Score
7.5
EPSS Score
0.013
Published
2021-06-21
The Pods – Custom Content Types and Fields WordPress plugin before 2.7.27 was vulnerable to an Authenticated Stored Cross-Site Scripting (XSS) security vulnerability within the 'Singular Label' field parameter.
CVSS Score
5.4
EPSS Score
0.013
Published
2021-06-21
The Pods – Custom Content Types and Fields WordPress plugin before 2.7.27 was vulnerable to an Authenticated Stored Cross-Site Scripting (XSS) security vulnerability within the 'Menu Label' field parameter.
CVSS Score
5.4
EPSS Score
0.005
Published
2021-06-21
In the Location Manager WordPress plugin before 2.1.0.10, the AJAX action gd_popular_location_list did not properly sanitise or validate some of its POST parameters, which are then used in a SQL statement, leading to unauthenticated SQL Injection issues.
CVSS Score
9.8
EPSS Score
0.011
Published
2021-06-21
The Jannah WordPress theme before 5.4.4 did not properly sanitize the options JSON parameter in its tie_get_user_weather AJAX action before outputting it back in the page, leading to a Reflected Cross-Site Scripting (XSS) vulnerability.
CVSS Score
6.1
EPSS Score
0.023
Published
2021-06-21


Contact Us

Shodan ® - All rights reserved