|
6011
|
6.4 |
MEDIUM
Network
|
-
|
-
|
Contact Form to Email 1.3.24 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by creating forms with script tags in the form name f…
|
CWE-79
Cross-site Scripting
|
CVE-2021-47926
|
2026-05-12 23:24 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6012
|
6.4 |
MEDIUM
Network
|
-
|
-
|
WordPress Plugin WP Symposium Pro 2021.10 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting insufficient sanitization …
|
CWE-79
Cross-site Scripting
|
CVE-2021-47927
|
2026-05-12 23:24 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6013
|
8.2 |
HIGH
Network
|
-
|
-
|
Opencart TMD Vendor System 3.x contains a blind SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the product_id paramete…
|
CWE-89
SQL Injection
|
CVE-2021-47928
|
2026-05-12 23:24 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6014
|
9.8 |
CRITICAL
Network
|
-
|
-
|
WordPress TheCartPress 1.5.3.6 contains an unauthenticated privilege escalation vulnerability that allows attackers to create administrator accounts by submitting crafted requests to the AJAX handler…
|
CWE-862
Missing Authorization
|
CVE-2021-47932
|
2026-05-12 23:24 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6015
|
9.8 |
CRITICAL
Network
|
-
|
-
|
WordPress MStore API 2.0.6 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the REST API endpoint. Attackers…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2021-47933
|
2026-05-12 23:24 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6016
|
9.8 |
CRITICAL
Network
|
-
|
-
|
OpenCATS 0.9.4 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by uploading malicious PHP files disguised as resume attachments. Att…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2021-47936
|
2026-05-12 23:24 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6017
|
8.8 |
HIGH
Network
|
-
|
-
|
e107 CMS 2.3.0 contains a remote code execution vulnerability that allows authenticated users with theme installation permissions to execute arbitrary commands by uploading malicious theme files. Att…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2021-47937
|
2026-05-12 23:24 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6018
|
8.8 |
HIGH
Network
|
-
|
-
|
ImpressCMS 1.4.2 contains a remote code execution vulnerability in the autotasks administrative interface that allows authenticated attackers to execute arbitrary PHP code by injecting malicious code…
|
CWE-94
Code Injection
|
CVE-2021-47938
|
2026-05-12 23:24 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6019
|
8.8 |
HIGH
Network
|
-
|
-
|
Evolution CMS 3.1.6 contains a remote code execution vulnerability that allows authenticated users with module creation permissions to execute arbitrary system commands by injecting PHP code into mod…
|
CWE-94
Code Injection
|
CVE-2021-47939
|
2026-05-12 23:24 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6020
|
9.8 |
CRITICAL
Network
|
-
|
-
|
WordPress Plugin Download From Files version 1.48 and earlier contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by exploiting the AJAX fi…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2021-47940
|
2026-05-12 23:24 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
