‼ CVE-2021-25035 ‼
📖 Read
via "National Vulnerability Database".
The Backup and Staging by WP Time Capsule WordPress plugin before 1.22.7 does not sanitise and escape the error parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25045 ‼
📖 Read
via "National Vulnerability Database".
The Asgaros Forum WordPress plugin before 1.15.15 does not validate or escape the forum_id parameter before using it in a SQL statement when editing a forum, leading to an SQL injection issue📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24858 ‼
📖 Read
via "National Vulnerability Database".
The Cookie Notification Plugin for WordPress plugin before 1.0.9 does not sanitise or escape the id GET parameter before using it in a SQL statement, when retrieving the setting to edit in the admin dashboard, leading to an authenticated SQL Injection📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25083 ‼
📖 Read
via "National Vulnerability Database".
The Registrations for the Events Calendar WordPress plugin before 2.7.10 does not escape the qtype parameter before outputting it back in an attribute in the settings page, leading to a Reflected Cross-Site Scripting📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25076 ‼
📖 Read
via "National Vulnerability Database".
The WP User Frontend WordPress plugin before 3.5.26 does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due to the lack of sanitisation and escaping, this could also lead to Reflected Cross-Site Scripting📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24694 ‼
📖 Read
via "National Vulnerability Database".
The Simple Download Monitor WordPress plugin before 3.9.11 could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attack via 1) "color" or "css_class" argument of sdm_download shortcode, 2) "class" or "placeholder" argument of sdm_search_form shortcode.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24696 ‼
📖 Read
via "National Vulnerability Database".
The Simple Download Monitor WordPress plugin before 3.9.9 does not enforce nonce checks, which could allow attackers to perform CSRF attacks to 1) make admins export logs to exploit a separate log disclosure vulnerability (fixed in 3.9.6), 2) delete logs (fixed in 3.9.9), 3) remove thumbnail image from downloads📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25079 ‼
📖 Read
via "National Vulnerability Database".
The Contact Form Entries WordPress plugin before 1.2.4 does not sanitise and escape various parameters, such as form_id, status, end_date, order, orderby and search before outputting them back in the admin page📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25015 ‼
📖 Read
via "National Vulnerability Database".
The myCred WordPress plugin before 2.4 does not sanitise and escape the search query before outputting it back in the history dashboard page, leading to a Reflected Cross-Site Scripting issue📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25013 ‼
📖 Read
via "National Vulnerability Database".
The Qubely WordPress plugin before 1.7.8 does not have authorisation and CSRF check on the qubely_delete_saved_block AJAX action, and does not ensure that the block to be deleted belong to the plugin, as a result, any authenticated users, such as subscriber can delete arbitrary posts📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25080 ‼
📖 Read
via "National Vulnerability Database".
The Contact Form Entries WordPress plugin before 1.1.7 does not validate, sanitise and escape the IP address retrieved via headers such as CLIENT-IP and X-FORWARDED-FOR, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against logged in admins viewing the created entry📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24968 ‼
📖 Read
via "National Vulnerability Database".
The Ultimate FAQ WordPress plugin before 2.1.2 does not have capability and CSRF checks in the ewd_ufaq_welcome_add_faq and ewd_ufaq_welcome_add_faq_page AJAX actions, available to any authenticated users. As a result, any users, with a role as low as Subscriber could create FAQ and FAQ questions📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24985 ‼
📖 Read
via "National Vulnerability Database".
The Easy Forms for Mailchimp WordPress plugin before 6.8.6 does not sanitise and escape the field_name and field_type parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25074 ‼
📖 Read
via "National Vulnerability Database".
The WebP Converter for Media WordPress plugin before 4.0.3 contains a file (passthru.php) which does not validate the src parameter before redirecting the user to it, leading to an Open Redirect issue📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24974 ‼
📖 Read
via "National Vulnerability Database".
The Product Feed PRO for WooCommerce WordPress plugin before 11.0.7 does not have authorisation and CSRF check in some of its AJAX actions, allowing any authenticated users to call then, which could lead to Stored Cross-Site Scripting issue (which will be triggered in the admin dashboard) due to the lack of escaping.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24865 ‼
📖 Read
via "National Vulnerability Database".
The Advanced Custom Fields: Extended WordPress plugin before 0.8.8.7 does not validate the order and orderby parameters before using them in a SQL statement, leading to a SQL Injection issue📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25062 ‼
📖 Read
via "National Vulnerability Database".
The Orders Tracking for WooCommerce WordPress plugin before 1.1.10 does not sanitise and escape the file_url before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24965 ‼
📖 Read
via "National Vulnerability Database".
The Five Star Restaurant Reservations WordPress plugin before 2.4.8 does not have capability and CSRF checks in the rtb_welcome_set_schedule AJAX action, allowing any authenticated users to call it. Due to the lack of sanitisation and escaping, users with a role as low as subscriber could perform Cross-Site Scripting attacks against logged in admins📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24733 ‼
📖 Read
via "National Vulnerability Database".
The WP Post Page Clone WordPress plugin before 1.2 allows users with a role as low as Contributor to clone and view other users' draft and password-protected posts which they cannot view normally.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25031 ‼
📖 Read
via "National Vulnerability Database".
The Image Hover Effects Ultimate (Image Gallery, Effects, Lightbox, Comparison or Magnifier) WordPress plugin before 9.7.1 does not escape the effects parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting📖 Read
via "National Vulnerability Database".
🗓️ Chain of vulnerabilities led to RCE on Cisco Prime servers 🗓️
📖 Read
via "The Daily Swig".
Full chain exploit ready for Prime time📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Chain of vulnerabilities led to RCE on Cisco Prime servers
Full chain exploit ready for Prime time