Unknown — Vulnerabilities & Security Advisories 4138

Browse all 4138 CVE security advisories affecting Unknown. AI-powered Chinese analysis, POCs, and references for each vulnerability.

CVE ID	Title	CVSS	Severity	Published
CVE-2021-24217	Facebook for WordPress < 3.0.0 - PHP Object Injection with POP Chain — Facebook for WordPressCWE-502	8.1	-	2021-04-12
CVE-2021-24215	Controlled Admin Access < 1.5.2 - Improper Access Control & Privilege Escalation — Controlled Admin AccessCWE-284	9.8	-	2021-04-12
CVE-2021-24210	PhastPress < 1.111 - Open Redirect — PhastPressCWE-601	6.1	-	2021-04-05
CVE-2021-24211	WordPress Related Posts <= 3.6.4 - Authenticated Stored Cross-Site Scripting (XSS) — WordPress Related PostsCWE-79	5.4	-	2021-04-05
CVE-2021-24212	WooCommerce Help Scout < 2.9.1 - Unauthenticated Arbitrary File Upload leading to RCE — WooCommerce Help ScoutCWE-434	9.8	-	2021-04-05
CVE-2021-24201	Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Column Element — Elementor Website BuilderCWE-79	5.4	-	2021-04-05
CVE-2021-24202	Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Heading Widget — Elementor Website BuilderCWE-79	5.4	-	2021-04-05
CVE-2021-24203	Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Divider Widget — Elementor Website BuilderCWE-79	5.4	-	2021-04-05
CVE-2021-24204	Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Accordion Widget — Elementor Website BuilderCWE-79	5.4	-	2021-04-05
CVE-2021-24205	Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Icon Box Widget — Elementor Website BuilderCWE-79	5.4	-	2021-04-05
CVE-2021-24206	Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Image Box Widget — Elementor Website BuilderCWE-79	5.4	-	2021-04-05
CVE-2021-24207	WP Page Builder < 1.2.4 - Insecure default configuration Allows Subscribers Editing Access to Posts — WP Page BuilderCWE-863	4.3	-	2021-04-05
CVE-2021-24208	WP Page Builder < 1.2.4 - Multiple Stored Cross-Site scripting (XSS) — WP Page BuilderCWE-79	5.4	-	2021-04-05
CVE-2021-24209	WP Super Cache < 1.7.2 - Authenticated Remote Code Execution (RCE) — WP Super Cache	7.2	-	2021-04-05
CVE-2021-24177	WP File Manager < 7.1 - Reflected Cross-Site Scripting (XSS) — File ManagerCWE-79	5.4	-	2021-04-05
CVE-2021-24180	Related Posts for WordPress < 2.0.4 - Authenticated Reflected Cross-Site Scripting (XSS) — Related Posts for WordPressCWE-79	5.4	-	2021-04-05
CVE-2021-24181	Tutor LMS < 1.7.7 - SQL Injection via tutor_mark_answer_as_correct — Tutor LMS – eLearning and online course solutionCWE-89	6.5	-	2021-04-05
CVE-2021-24182	Tutor LMS < 1.8.3 - SQL Injection via tutor_quiz_builder_get_answers_by_question — Tutor LMS – eLearning and online course solutionCWE-89	6.5	-	2021-04-05
CVE-2021-24183	Tutor LMS < 1.8.3 - SQL Injection via tutor_quiz_builder_get_question_form — Tutor LMS – eLearning and online course solutionCWE-89	6.5	-	2021-04-05
CVE-2021-24184	Tutor LMS < 1.7.7 - Unprotected AJAX including Privilege Escalation — Tutor LMS – eLearning and online course solutionCWE-862	8.8	-	2021-04-05
CVE-2021-24185	Tutor LMS < 1.7.7 - SQL Injection via tutor_place_rating — Tutor LMS – eLearning and online course solutionCWE-89	6.5	-	2021-04-05
CVE-2021-24186	Tutor LMS < 1.8.3 - SQL Injection via tutor_answering_quiz_question/get_answer_by_id — Tutor LMS – eLearning and online course solutionCWE-89	6.5	-	2021-04-05
CVE-2021-24187	SEO Redirection < 6.4 - Authenticated Reflected Cross-Site Scripting (XSS) — SEO Redirection Plugin - 301 Redirect ManagerCWE-79	6.1	-	2021-04-05
CVE-2021-24196	Social Slider Widget < 1.8.5 - Authenticated Reflected Cross-Site Scripting (XSS) — Social Slider WidgetCWE-79	5.4	-	2021-04-05
CVE-2021-24168	Easy Contact Form Pro < 1.1.1.9 - Authenticated Stored Cross-Site Scripting (XSS) — Easy Contact Form ProCWE-79	5.4	-	2021-04-05
CVE-2021-24169	Advanced Order Export For WooCommerce < 3.1.8 - Reflected Cross-Site Scripting (XSS) — Advanced Order Export For WooCommerceCWE-79	6.1	-	2021-04-05
CVE-2021-24170	User Profile Picture < 2.5.0 - Sensitive Information Disclosure — User Profile PictureCWE-200	7.5	-	2021-04-05
CVE-2021-24171	WooCommerce Upload Files < 59.4 - Unauthenticated Arbitrary File Upload — WooCommerce Upload FilesCWE-434	9.8	-	2021-04-05
CVE-2021-24172	VM Backups <= 1.0 - CSRF to Database Backup Download — VM BackupsCWE-352	6.5	-	2021-04-05
CVE-2021-24173	VM Backups <= 1.0 - CSRF to Stored Cross-Site Scripting (XSS) — VM BackupsCWE-352	6.1	-	2021-04-05

This page lists every published CVE security advisory associated with Unknown. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

Unknown — Vulnerabilities & Security Advisories 4138