‼ CVE-2021-41387 ‼
📖 Read
via "National Vulnerability Database".
seatd-launch in seatd 0.6.x before 0.6.2 allows privilege escalation because it uses execlp and may be installed setuid root.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21547 ‼
📖 Read
via "National Vulnerability Database".
Libsixel 1.8.2 contains a heap-based buffer overflow in the dither_func_fs function in tosixel.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38412 ‼
📖 Read
via "National Vulnerability Database".
Properly formatted POST requests to multiple resources on the HTTP and HTTPS web servers of the Digi PortServer TS 16 Rack device do not require authentication or authentication tokens. This vulnerability could allow an attacker to enable the SNMP service and manipulate the community strings to achieve further control in.📖 Read
via "National Vulnerability Database".
🗓️ VPN users unmasked by zero-day vulnerability in Virgin Media routers 🗓️
📖 Read
via "The Daily Swig".
Disclosure comes two years after privacy-busting flaw was discovered📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
VPN users unmasked by zero-day vulnerability in Virgin Media routers
Disclosure comes two years after privacy-busting flaw was discovered
‼ CVE-2021-24741 ‼
📖 Read
via "National Vulnerability Database".
The Support Board WordPress plugin before 3.3.4 does not escape multiple POST parameters (such as status_code, department, user_id, conversation_id, conversation_status_code, and recipient_id) before using them in SQL statements, leading to SQL injections which are exploitable by unauthenticated users.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24663 ‼
📖 Read
via "National Vulnerability Database".
The Simple Schools Staff Directory WordPress plugin through 1.1 does not validate uploaded logo pictures to ensure that are indeed images, allowing high privilege users such as admin to upload arbitrary file like PHP, leading to RCE📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24401 ‼
📖 Read
via "National Vulnerability Database".
The Edit domain functionality in the WP Domain Redirect WordPress plugin through 1.0 has an `editid` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24604 ‼
📖 Read
via "National Vulnerability Database".
The Availability Calendar WordPress plugin before 1.2.2 does not sanitise or escape its Category Names before outputting them in page/post where the associated shortcode is embed, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24638 ‼
📖 Read
via "National Vulnerability Database".
The OMGF WordPress plugin before 4.5.4 does not escape or validate the handle parameter of the REST API, which allows unauthenticated users to perform path traversal and overwrite arbitrary CSS file with Google Fonts CSS, or download fonts uploaded on Google Fonts website.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24600 ‼
📖 Read
via "National Vulnerability Database".
The WP Dialog WordPress plugin through 1.2.5.5 does not sanitise and escape some of its settings before outputting them in pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24618 ‼
📖 Read
via "National Vulnerability Database".
The Donate With QRCode WordPress plugin before 1.4.5 does not sanitise or escape its QRCode Image setting, which result into a Stored Cross-Site Scripting (XSS). Furthermore, the plugin also does not have any CSRF and capability checks in place when saving such setting, allowing any authenticated user (as low as subscriber), or unauthenticated user via a CSRF vector to update them and perform such attack.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24585 ‼
📖 Read
via "National Vulnerability Database".
The Timetable and Event Schedule WordPress plugin before 2.4.0 outputs the Hashed Password, Username and Email Address (along other less sensitive data) of the user related to the Even Head of the Timeslot in the response when requesting the event Timeslot data with a user with the edit_posts capability. Combined with the other Unauthorised Event Timeslot Modification issue (https://wpscan.com/reports/submissions/4699/) where an arbitrary user ID can be set, this could allow low privilege users with the edit_posts capability (such as author) to retrieve sensitive User data by iterating over the user_id📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24398 ‼
📖 Read
via "National Vulnerability Database".
The Add new scene functionality in the Responsive 3D Slider WordPress plugin through 1.2 uses an id parameter which is not sanitised, escaped or validated before being inserted to a SQL statement, leading to SQL injection. This is a time based SQLI and in the same function vulnerable parameter is passed twice so if we pass time as 5 seconds it takes 10 seconds to return since the query is ran twice.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24402 ‼
📖 Read
via "National Vulnerability Database".
The Orders functionality in the WP iCommerce WordPress plugin through 1.1.1 has an `order_id` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. The feature is available to low privilege users such as contributors📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24606 ‼
📖 Read
via "National Vulnerability Database".
The Availability Calendar WordPress plugin before 1.2.1 does not escape the category attribute from its shortcode before using it in a SQL statement, leading to a SQL Injection issue, which can be exploited by any user able to add shortcode to posts/pages, such as contributor+📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24657 ‼
📖 Read
via "National Vulnerability Database".
The Limit Login Attempts WordPress plugin before 4.0.50 does not escape the IP addresses (which can be controlled by attacker via headers such as X-Forwarded-For) of attempted logins before outputting them in the reports table, leading to an Unauthenticated Stored Cross-Site Scripting issue.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24597 ‼
📖 Read
via "National Vulnerability Database".
The You Shang WordPress plugin through 1.0.1 does not escape its qrcode links settings, which result into Stored Cross-Site Scripting issues in frontend posts and the plugins settings page depending on the payload used📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24639 ‼
📖 Read
via "National Vulnerability Database".
The OMGF WordPress plugin before 4.5.4 does not enforce path validation, authorisation and CSRF checks in the omgf_ajax_empty_dir AJAX action, which allows any authenticated users to delete arbitrary files or folders on the server.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24525 ‼
📖 Read
via "National Vulnerability Database".
The Shortcodes Ultimate WordPress plugin before 5.10.2 allows users with Contributor roles to perform stored XSS via shortcode attributes. Note: the plugin is inconsistent in its handling of shortcode attributes; some do escape, most don't, and there are even some attributes that are insecure by design (like [su_button]'s onclick attribute).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24613 ‼
📖 Read
via "National Vulnerability Database".
The Post Views Counter WordPress plugin before 1.3.5 does not sanitise or escape its Post Views Label settings, which could allow high privilege users to perform Cross-Site Scripting attacks in the frontend even when the unfiltered_html capability is disallowed📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24511 ‼
📖 Read
via "National Vulnerability Database".
The fetch_product_ajax functionality in the Product Feed on WooCommerce WordPress plugin before 3.3.1.0 uses a `product_id` POST parameter which is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.📖 Read
via "National Vulnerability Database".