|
461
|
9.8 |
CRITICAL
Network
|
-
|
-
|
WordPress MStore API 2.0.6 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the REST API endpoint. Attackers…
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2021-47933
|
2026-05-10 22:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
462
|
9.8 |
CRITICAL
Network
|
-
|
-
|
WordPress TheCartPress 1.5.3.6 contains an unauthenticated privilege escalation vulnerability that allows attackers to create administrator accounts by submitting crafted requests to the AJAX handler…
New
|
CWE-862
Missing Authorization
|
CVE-2021-47932
|
2026-05-10 22:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
463
|
6.4 |
MEDIUM
Network
|
-
|
-
|
Exponent CMS 2.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Title and Text Block parameters in the text editing e…
New
|
CWE-79
Cross-site Scripting
|
CVE-2021-47931
|
2026-05-10 22:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
464
|
8.2 |
HIGH
Network
|
-
|
-
|
Balbooa Joomla Forms Builder 2.0.6 contains an unauthenticated SQL injection vulnerability in the form submission handler that allows remote attackers to execute arbitrary SQL queries. Attackers can …
New
|
CWE-89
SQL Injection
|
CVE-2021-47930
|
2026-05-10 22:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
465
|
6.4 |
MEDIUM
Network
|
-
|
-
|
Filterable Portfolio Gallery 1.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by entering payloads in the title field. Attac…
New
|
CWE-79
Cross-site Scripting
|
CVE-2021-47929
|
2026-05-10 22:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
466
|
8.2 |
HIGH
Network
|
-
|
-
|
Opencart TMD Vendor System 3.x contains a blind SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the product_id paramete…
New
|
CWE-89
SQL Injection
|
CVE-2021-47928
|
2026-05-10 22:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
467
|
6.4 |
MEDIUM
Network
|
-
|
-
|
WordPress Plugin WP Symposium Pro 2021.10 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting insufficient sanitization …
New
|
CWE-79
Cross-site Scripting
|
CVE-2021-47927
|
2026-05-10 22:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
468
|
6.4 |
MEDIUM
Network
|
-
|
-
|
Contact Form to Email 1.3.24 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by creating forms with script tags in the form name f…
New
|
CWE-79
Cross-site Scripting
|
CVE-2021-47926
|
2026-05-10 22:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
469
|
6.4 |
MEDIUM
Network
|
-
|
-
|
CMDBuild 3.3.2 contains multiple stored cross-site scripting vulnerabilities that allow authenticated attackers to inject arbitrary web script or HTML via crafted input in card creation and file uplo…
New
|
CWE-79
Cross-site Scripting
|
CVE-2021-47925
|
2026-05-10 22:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
470
|
6.4 |
MEDIUM
Network
|
-
|
-
|
Ultimate Product Catalog 5.8.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the price parameter. Attackers can submit P…
New
|
CWE-79
Cross-site Scripting
|
CVE-2021-47924
|
2026-05-10 22:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
