βΌ CVE-2021-24663 βΌ
π Read
via "National Vulnerability Database".
The Simple Schools Staff Directory WordPress plugin through 1.1 does not validate uploaded logo pictures to ensure that are indeed images, allowing high privilege users such as admin to upload arbitrary file like PHP, leading to RCEπ Read
via "National Vulnerability Database".
βΌ CVE-2021-24401 βΌ
π Read
via "National Vulnerability Database".
The Edit domain functionality in the WP Domain Redirect WordPress plugin through 1.0 has an `editid` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24604 βΌ
π Read
via "National Vulnerability Database".
The Availability Calendar WordPress plugin before 1.2.2 does not sanitise or escape its Category Names before outputting them in page/post where the associated shortcode is embed, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowedπ Read
via "National Vulnerability Database".
βΌ CVE-2021-24638 βΌ
π Read
via "National Vulnerability Database".
The OMGF WordPress plugin before 4.5.4 does not escape or validate the handle parameter of the REST API, which allows unauthenticated users to perform path traversal and overwrite arbitrary CSS file with Google Fonts CSS, or download fonts uploaded on Google Fonts website.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24600 βΌ
π Read
via "National Vulnerability Database".
The WP Dialog WordPress plugin through 1.2.5.5 does not sanitise and escape some of its settings before outputting them in pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24618 βΌ
π Read
via "National Vulnerability Database".
The Donate With QRCode WordPress plugin before 1.4.5 does not sanitise or escape its QRCode Image setting, which result into a Stored Cross-Site Scripting (XSS). Furthermore, the plugin also does not have any CSRF and capability checks in place when saving such setting, allowing any authenticated user (as low as subscriber), or unauthenticated user via a CSRF vector to update them and perform such attack.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24585 βΌ
π Read
via "National Vulnerability Database".
The Timetable and Event Schedule WordPress plugin before 2.4.0 outputs the Hashed Password, Username and Email Address (along other less sensitive data) of the user related to the Even Head of the Timeslot in the response when requesting the event Timeslot data with a user with the edit_posts capability. Combined with the other Unauthorised Event Timeslot Modification issue (https://wpscan.com/reports/submissions/4699/) where an arbitrary user ID can be set, this could allow low privilege users with the edit_posts capability (such as author) to retrieve sensitive User data by iterating over the user_idπ Read
via "National Vulnerability Database".
βΌ CVE-2021-24398 βΌ
π Read
via "National Vulnerability Database".
The Add new scene functionality in the Responsive 3D Slider WordPress plugin through 1.2 uses an id parameter which is not sanitised, escaped or validated before being inserted to a SQL statement, leading to SQL injection. This is a time based SQLI and in the same function vulnerable parameter is passed twice so if we pass time as 5 seconds it takes 10 seconds to return since the query is ran twice.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24402 βΌ
π Read
via "National Vulnerability Database".
The Orders functionality in the WP iCommerce WordPress plugin through 1.1.1 has an `order_id` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. The feature is available to low privilege users such as contributorsπ Read
via "National Vulnerability Database".
βΌ CVE-2021-24606 βΌ
π Read
via "National Vulnerability Database".
The Availability Calendar WordPress plugin before 1.2.1 does not escape the category attribute from its shortcode before using it in a SQL statement, leading to a SQL Injection issue, which can be exploited by any user able to add shortcode to posts/pages, such as contributor+π Read
via "National Vulnerability Database".
βΌ CVE-2021-24657 βΌ
π Read
via "National Vulnerability Database".
The Limit Login Attempts WordPress plugin before 4.0.50 does not escape the IP addresses (which can be controlled by attacker via headers such as X-Forwarded-For) of attempted logins before outputting them in the reports table, leading to an Unauthenticated Stored Cross-Site Scripting issue.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24597 βΌ
π Read
via "National Vulnerability Database".
The You Shang WordPress plugin through 1.0.1 does not escape its qrcode links settings, which result into Stored Cross-Site Scripting issues in frontend posts and the plugins settings page depending on the payload usedπ Read
via "National Vulnerability Database".
βΌ CVE-2021-24639 βΌ
π Read
via "National Vulnerability Database".
The OMGF WordPress plugin before 4.5.4 does not enforce path validation, authorisation and CSRF checks in the omgf_ajax_empty_dir AJAX action, which allows any authenticated users to delete arbitrary files or folders on the server.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24525 βΌ
π Read
via "National Vulnerability Database".
The Shortcodes Ultimate WordPress plugin before 5.10.2 allows users with Contributor roles to perform stored XSS via shortcode attributes. Note: the plugin is inconsistent in its handling of shortcode attributes; some do escape, most don't, and there are even some attributes that are insecure by design (like [su_button]'s onclick attribute).π Read
via "National Vulnerability Database".
βΌ CVE-2021-24613 βΌ
π Read
via "National Vulnerability Database".
The Post Views Counter WordPress plugin before 1.3.5 does not sanitise or escape its Post Views Label settings, which could allow high privilege users to perform Cross-Site Scripting attacks in the frontend even when the unfiltered_html capability is disallowedπ Read
via "National Vulnerability Database".
βΌ CVE-2021-24511 βΌ
π Read
via "National Vulnerability Database".
The fetch_product_ajax functionality in the Product Feed on WooCommerce WordPress plugin before 3.3.1.0 uses a `product_id` POST parameter which is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24636 βΌ
π Read
via "National Vulnerability Database".
The Print My Blog WordPress Plugin before 3.4.2 does not enforce nonce (CSRF) checks, which allows attackers to make logged in administrators deactivate the Print My Blog plugin and delete all saved data for that plugin by tricking them to open a malicious linkπ Read
via "National Vulnerability Database".
βΌ CVE-2021-24399 βΌ
π Read
via "National Vulnerability Database".
The check_order function of The Sorter WordPress plugin through 1.0 uses an `area_id` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24587 βΌ
π Read
via "National Vulnerability Database".
The Splash Header WordPress plugin before 1.20.8 doesn't sanitise and escape some of its settings while outputting them in the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue.π Read
via "National Vulnerability Database".
ποΈ EventBuilder misconfiguration exposes personal details of 100K event registrants ποΈ
π Read
via "The Daily Swig".
Vulnerability has now been addressed in the Microsoft Teams add-onπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
EventBuilder misconfiguration exposes personal details of 100,000 event registrants
Vulnerability has now been addressed in the Microsoft Teams add-on
β Bring Your APIs Out of the Shadows to Protect Your Business β
π Read
via "Threat Post".
APIs are immensely more complex to secure. Shadow APIsβthose unknown or forgotten API endpoints that escape the attention and protection of ITΒ¬βpresent a real risk to your business. Learn how to identify shadow APIs and take control of them before attackers do.π Read
via "Threat Post".
Threat Post
Bring Your APIs Out of the Shadows to Protect Your Business
Shadow APIs are a serious security risk for your business. Learn how to identify and secure unknown and forgotten APIs before attackers exploit them.