Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In 2021
CVE-2021-39311
The link-list-manager WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the category parameter found in the ~/llm.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-12-14
CVE-2021-39312
The True Ranker plugin <= 2.2.2 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be accessed via the src parameter found in the ~/admin/vendor/datatables/examples/resources/examples.php file.
CVSS Score
7.5
EPSS Score
0.855
Published
2021-12-14
CVE-2021-39313
The Simple Image Gallery WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the msg parameter found in the ~/simple-image-gallery.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.6.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-12-14
CVE-2021-39314
The WooCommerce EnvioPack WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the dataid parameter found in the ~/includes/functions.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-12-14
CVE-2021-39315
The Magic Post Voice WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the ids parameter found in the ~/inc/admin/main.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-12-14
CVE-2021-39318
The H5P CSS Editor WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the h5p-css-file parameter found in the ~/h5p-css-editor.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-12-14
CVE-2021-39319
The duoFAQ - Responsive, Flat, Simple FAQ WordPess plugin is vulnerable to Reflected Cross-Site Scripting via the msg parameter found in the ~/duogeek/duogeek-panel.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4.8.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-12-14
CVE-2021-3836
dbeaver is vulnerable to Improper Restriction of XML External Entity Reference
CVSS Score
9.8
EPSS Score
0.002
Published
2021-12-14
CVE-2021-42050
An issue was discovered in AbanteCart before 1.3.2. It allows DOM Based XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-12-14
CVE-2021-42051
An issue was discovered in AbanteCart before 1.3.2. Any low-privileged user with file-upload permissions can upload a malicious SVG document that contains an XSS payload.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-12-14


Products
Pricing
Contact Us

Shodan ® - All rights reserved