Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2021
CVE-2021-24476
The Steam Group Viewer WordPress plugin through 2.1 does not sanitise or escape its "Steam Group Address" settings before outputting it in the page, leading to an authenticated Stored Cross-Site Scripting issue
CVSS Score
5.4
EPSS Score
0.004
Published
2021-08-02
CVE-2021-24477
The Migrate Users WordPress plugin through 1.0.1 does not sanitise or escape its Delimiter option before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin does not have CSRF check in place when saving its options, allowing the issue to be exploited via a CSRF attack.
CVSS Score
6.1
EPSS Score
0.001
Published
2021-08-02
CVE-2021-24478
The Bookshelf WordPress plugin through 2.0.4 does not sanitise or escape its "Paypal email address" setting before outputting it in the page, leading to an authenticated Stored Cross-Site Scripting issue
CVSS Score
5.4
EPSS Score
0.004
Published
2021-08-02
CVE-2021-24479
The DrawBlog WordPress plugin through 0.90 does not sanitise or validate some of its settings before outputting them back in the page, leading to an authenticated stored Cross-Site Scripting issue
CVSS Score
4.8
EPSS Score
0.004
Published
2021-08-02
CVE-2021-24480
The Event Geek WordPress plugin through 2.5.2 does not sanitise or escape its "Use your own " setting before outputting it in the page, leading to an authenticated (admin+) stored Cross-Site Scripting issue
CVSS Score
4.8
EPSS Score
0.004
Published
2021-08-02
CVE-2021-24481
The Any Hostname WordPress plugin through 1.0.6 does not sanitise or escape its "Allowed hosts" setting, leading to an authenticated stored XSS issue as high privilege users are able to set XSS payloads in it
CVSS Score
4.8
EPSS Score
0.004
Published
2021-08-02
CVE-2021-24483
The get_poll_categories(), get_polls() and get_reports() functions in the Poll Maker WordPress plugin before 3.2.1 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard
CVSS Score
7.2
EPSS Score
0.006
Published
2021-08-02
CVE-2021-24484
The get_reports() function in the Secure Copy Content Protection and Content Locking WordPress plugin before 2.6.7 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard
CVSS Score
7.2
EPSS Score
0.006
Published
2021-08-02
CVE-2021-24488
The slider import search feature and tab parameter of the Post Grid WordPress plugin before 2.1.8 settings are not properly sanitised before being output back in the pages, leading to Reflected Cross-Site Scripting issues
CVSS Score
6.1
EPSS Score
0.115
Published
2021-08-02
CVE-2021-24492
The hndtst_action_instance_callback AJAX call of the Handsome Testimonials & Reviews WordPress plugin before 2.1.1, available to any authenticated users, does not sanitise, validate or escape the hndtst_previewShortcodeInstanceId POST parameter before using it in a SQL statement, leading to an SQL Injection issue.
CVSS Score
8.8
EPSS Score
0.009
Published
2021-08-02


Products
Pricing
Contact Us

Shodan ® - All rights reserved