Security Vulnerabilities - CVEs Published In September 2021
Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to SQL Injection while linking the databases.
CVSS Score
9.8
EPSS Score
0.364
Published
2021-09-10
Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to linked applications takeover.
CVSS Score
9.8
EPSS Score
0.025
Published
2021-09-10
Zoho ManageEngine DesktopCentral before 10.0.709 allows anyone to get a valid user's APIKEY without authentication.
CVSS Score
7.5
EPSS Score
0.022
Published
2021-09-10
playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP code at the #tabs-information-page of core_main_config, and then executing that code via the index.php?app=main&inc=core_welcome URI.
CVSS Score
9.8
EPSS Score
0.353
Published
2021-09-10
The SMS OVH WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the position parameter found in the ~/sms-ovh-sent.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.1.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-09-10
The MoolaMojo WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the classes parameter found in the ~/views/button-generator.html.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.7.4.1.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-09-10
The WordPress InviteBox Plugin for viral Refer-a-Friend Promotions WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the message parameter found in the ~/admin/admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4.1.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-09-10
The wp-publications WordPress plugin is vulnerable to restrictive local file inclusion via the Q_FILE parameter found in the ~/bibtexbrowser.php file which allows attackers to include local zip files and achieve remote code execution, in versions up to and including 0.0.
CVSS Score
8.3
EPSS Score
0.046
Published
2021-09-10
The Border Loading Bar WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the `f` and `t` parameter found in the ~/titan-framework/iframe-googlefont-preview.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.1.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-09-10
The Simple Matted Thumbnails WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/simple-matted-thumbnail.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.01.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-09-10