CVE-2021-29063
A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Mpmath v1.0.0 when the mpmathify function is called.
Source: CVE-2021-29063
[월:] 2021년 06월
CVE-2021-24379
CVE-2021-24379
The Comments Like Dislike WordPress plugin before 1.1.4 allows users to like/dislike posted comments, however does not prevent them from replaying the AJAX request to add a like. This allows any user (even unauthenticated) to add unlimited like/dislike to any comment. The plugin appears to have some Restriction modes, such as Cookie Restriction, IP Restrictions, Logged In User Restriction, however, they do not prevent such attack as they only check client side
Source: CVE-2021-24379
CVE-2021-24383
CVE-2021-24383
The WP Google Maps WordPress plugin before 8.1.12 did not sanitise, validate of escape the Map Name when output in the Map List of the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue
Source: CVE-2021-24383
CVE-2021-35066
CVE-2021-35066
An XXE vulnerability exists in ConnectWise Automate before 2021.0.6.132.
Source: CVE-2021-35066
CVE-2021-24370
CVE-2021-24370
The Fancy Product Designer WordPress plugin before 4.6.9 allows unauthenticated attackers to upload arbitrary files, resulting in remote code execution.
Source: CVE-2021-24370
CVE-2021-24338
CVE-2021-24338
The Pods – Custom Content Types and Fields WordPress plugin before 2.7.27 was vulnerable to an Authenticated Stored Cross-Site Scripting (XSS) security vulnerability within the ‘Singular Label’ field parameter.
Source: CVE-2021-24338
CVE-2021-24369
CVE-2021-24369
In the GetPaid WordPress plugin before 2.3.4, users with the contributor role and above can create a new Payment Form, however the Label and Help Text input fields were not getting sanitized properly. So it was possible to inject malicious content such as img tags, leading to a Stored Cross-Site Scripting issue which is triggered when the form will be edited, for example when an admin reviews it and could lead to privilege escalation.
Source: CVE-2021-24369
CVE-2021-24367
CVE-2021-24367
The WP Config File Editor WordPress plugin through 1.7.1 was affected by an Authenticated Stored Cross-Site Scripting (XSS) vulnerability.
Source: CVE-2021-24367
CVE-2021-24339
CVE-2021-24339
The Pods – Custom Content Types and Fields WordPress plugin before 2.7.27 was vulnerable to an Authenticated Stored Cross-Site Scripting (XSS) security vulnerability within the ‘Menu Label’ field parameter.
Source: CVE-2021-24339
CVE-2021-24372
CVE-2021-24372
The WP Hardening – Fix Your WordPress Security WordPress plugin before 1.2.2 did not sanitise or escape the $_SERVER[‘REQUEST_URI’] before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue.
Source: CVE-2021-24372