How can we help?

The latest application delivery knowledge and expertise at your fingertips.

Weekly CVE Bulletin

CVEs list

CVE-2021-41616 LOW #sqli #apache lists.apache.org
CVE-2021-39342 MEDIUM #wordpress #wp-plugin plugins.trac.wordpress.org, www.wordfence.com
CVE-2021-34636 HIGH #csrf #php #wordpress #wp-plugin #woocommerce plugins.trac.wordpress.org, www.wordfence.com
CVE-2021-36880 CRITICAL #sqli #wordpress #wp-plugin patchstack.com, wordpress.org
CVE-2021-36879 CRITICAL #wordpress #wp-plugin patchstack.com, wordpress.org
CVE-2021-36877 MEDIUM #csrf #wordpress #wp-plugin patchstack.com, wordpress.org
CVE-2021-36876 HIGH #csrf #wordpress #wp-plugin patchstack.com, wordpress.org
CVE-2021-36875 MEDIUM #xss #wordpress #wp-plugin patchstack.com, wordpress.org
CVE-2021-36874 HIGH #wordpress #wp-plugin patchstack.com, wordpress.org
CVE-2021-36845 LOW #xss #wordpress #wp-plugin patchstack.com, wordpress.org
CVE-2021-36841 MEDIUM #xss #wordpress #wp-plugin patchstack.com, wordpress.org
CVE-2021-24671 LOW #xss #wordpress #wp-plugin wpscan.com
CVE-2021-24670 MEDIUM #xss #wordpress #wp-plugin wpscan.com
CVE-2021-24666 LOW #sqli #wordpress #wp-plugin github.com, wpscan.com
CVE-2021-24661 MEDIUM #wordpress #wp-plugin wpscan.com
CVE-2021-24660 MEDIUM #xss #wordpress #wp-plugin wpscan.com
CVE-2021-24659 MEDIUM #xss #wordpress #wp-plugin wpscan.com
CVE-2021-24652 MEDIUM #wordpress #wp-plugin wpscan.com
CVE-2021-24643 LOW #xss #wordpress #wp-plugin wpscan.com
CVE-2021-24634 LOW #xss #wordpress #wp-plugin wpscan.com
CVE-2021-24633 LOW #wordpress #wp-plugin wpscan.com
CVE-2021-24632 LOW #xss #wordpress #wp-plugin wpscan.com
CVE-2021-24610 LOW #xss #wordpress #wp-plugin wpscan.com, packetstormsecurity.com
CVE-2021-24569 LOW #xss #wordpress #wp-plugin wpscan.com
CVE-2021-36878 LOW #csrf #wordpress #wp-plugin patchstack.com, wordpress.org

 

CVEs details

CVE-2021-41616 LOW Apache DB DdlUtils 1.0 included a BinaryObjectsHelper that was intended for use when migrating database data with a SQL data type of BINARY, VARBINARY, LONGVARBINARY, or BLOB between databases using the ddlutils features. The BinaryObjectsHelper class was insecure and used ObjectInputStream.readObject without validating that the input data was safe to deserialize. Please note that DdlUtils is no longer being actively developed. To address the insecurity of the BinaryObjectHelper class, the following changes to DdlUtils have been made: (1) BinaryObjectsHelper.java has been deleted from the DdlUtils source repository and the DdlUtils feature of propagating data of SQL binary types is therefore no longer present in DdlUtils; (2) The ddlutils-1.0 release has been removed from the Apache Release Distribution Infrastructure; (3) The DdlUtils web site has been updated to indicate that DdlUtils is now available only as source code, not as a packaged release. #sqli #apache References: lists.apache.org

CVE-2021-39342 MEDIUM The Credova_Financial WordPress plugin discloses a site's associated Credova API account username and password in plaintext via an AJAX action whenever a site user goes to checkout on a page that has the Credova Financing option enabled. This affects versions up to, and including, 1.4.8. #wordpress #wp-plugin References: plugins.trac.wordpress.org, www.wordfence.com

CVE-2021-34636 HIGH The Countdown and CountUp, WooCommerce Sales Timers WordPress plugin is vulnerable to Cross-Site Request Forgery via the save_theme function found in the ~/includes/admin/coundown_theme_page.php file due to a missing nonce check which allows attackers to inject arbitrary web scripts, in versions up to and including 1.5.7. #csrf #php #wordpress #wp-plugin #woocommerce References: plugins.trac.wordpress.org, www.wordfence.com

CVE-2021-36880 CRITICAL Unauthenticated SQL Injection (SQLi) vulnerability in WordPress uListing plugin (versions <= 2.0.3), vulnerable parameter: custom. #sqli #wordpress #wp-plugin References: patchstack.com, wordpress.org

CVE-2021-36879 CRITICAL Unauthenticated Privilege Escalation vulnerability in WordPress uListing plugin (versions <= 2.0.5). Possible if WordPress configuration allows user registration. #wordpress #wp-plugin References: patchstack.com, wordpress.org

CVE-2021-36877 MEDIUM Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for attackers to modify user roles. #csrf #wordpress #wp-plugin References: patchstack.com, wordpress.org

CVE-2021-36876 HIGH Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in WordPress uListing plugin (versions <= 2.0.5) as it lacks CSRF checks on plugin administration pages. #csrf #wordpress #wp-plugin References: patchstack.com, wordpress.org

CVE-2021-36875 MEDIUM Authenticated Reflected Cross-Site Scripting (XSS) vulnerability in WordPress uListing plugin (versions <= 2.0.5). Vulnerable parameters: &filter[id], &filter[user], &filter[expired_date], &filter[created_date], &filter[updated_date]. #xss #wordpress #wp-plugin References: patchstack.com, wordpress.org

CVE-2021-36874 HIGH Authenticated Insecure Direct Object References (IDOR) vulnerability in WordPress uListing plugin (versions <= 2.0.5). #wordpress #wp-plugin References: patchstack.com, wordpress.org

CVE-2021-36845 LOW Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in YITH Maintenance Mode (WordPress plugin) versions <= 1.3.8, there are 46 vulnerable parameters that were missed by the vendor while patching the 1.3.7 version to 1.3.8. Vulnerable parameters: 1 - "Newsletter" tab, &yith_maintenance_newsletter_submit_label parameter: payload should start with a single quote (') symbol to break the context, i.e.: NOTIFY ME' autofocus onfocus=alert(/Visse/);// v=' - this payload will be auto triggered while admin visits this page/tab. 2 - "General" tab issues, vulnerable parameters: &yith_maintenance_message, &yith_maintenance_custom_style, &yith_maintenance_mascotte, &yith_maintenance_title_font[size], &yith_maintenance_title_font[family], &yith_maintenance_title_font[color], &yith_maintenance_paragraph_font[size], &yith_maintenance_paragraph_font[family], &yith_maintenance_paragraph_font[color], &yith_maintenance_border_top. 3 - "Background" tab issues, vulnerable parameters: &yith_maintenance_background_image, &yith_maintenance_background_color. 4 - "Logo" tab issues, vulnerable parameters: &yith_maintenance_logo_image, &yith_maintenance_logo_tagline, &yith_maintenance_logo_tagline_font[size], &yith_maintenance_logo_tagline_font[family], &yith_maintenance_logo_tagline_font[color]. 5 - "Newsletter" tab issues, vulnerable parameters: &yith_maintenance_newsletter_email_font[size], &yith_maintenance_newsletter_email_font[family], &yith_maintenance_newsletter_email_font[color], &yith_maintenance_newsletter_submit_font[size], &yith_maintenance_newsletter_submit_font[family], &yith_maintenance_newsletter_submit_font[color], &yith_maintenance_newsletter_submit_background, &yith_maintenance_newsletter_submit_background_hover, &yith_maintenance_newsletter_title, &yith_maintenance_newsletter_action, &yith_maintenance_newsletter_email_label, &yith_maintenance_newsletter_email_name, &yith_maintenance_newsletter_submit_label, &yith_maintenance_newsletter_hidden_fields. 6 - "Socials" tab issues, vulnerable parameters: &yith_maintenance_socials_facebook, &yith_maintenance_socials_twitter, &yith_maintenance_socials_gplus, &yith_maintenance_socials_youtube, &yith_maintenance_socials_rss, &yith_maintenance_socials_skype, &yith_maintenance_socials_email, &yith_maintenance_socials_behance, &yith_maintenance_socials_dribble, &yith_maintenance_socials_flickr, &yith_maintenance_socials_instagram, &yith_maintenance_socials_pinterest, &yith_maintenance_socials_tumblr, &yith_maintenance_socials_linkedin. #xss #wordpress #wp-plugin References: patchstack.com, wordpress.org

CVE-2021-36841 MEDIUM Authenticated Stored Cross-Site Scripting (XSS) vulnerability in YITH Maintenance Mode (WordPress plugin) versions <= 1.3.7, vulnerable parameter &yith_maintenance_newsletter_submit_label. Possible even when unfiltered HTML is disallowed by WordPress configuration. #xss #wordpress #wp-plugin References: patchstack.com, wordpress.org

CVE-2021-24671 LOW The MX Time Zone Clocks WordPress plugin before 3.4.1 does not escape the time_zone attribute of the mxmtzc_time_zone_clocks shortcode, allowing users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks #xss #wordpress #wp-plugin References: wpscan.com

CVE-2021-24670 MEDIUM The CoolClock WordPress plugin before 4.3.5 does not escape some shortcode attributes, allowing users with a role as low as Contributor toperform Stored Cross-Site Scripting attacks #xss #wordpress #wp-plugin References: wpscan.com

CVE-2021-24666 LOW The Podlove Podcast Publisher WordPress plugin before 3.5.6 contains a 'Social & Donations' module (not activated by default), which adds the rest route '/services/contributor/(?P[\d]+), takes an 'id' and 'category' parameters as arguments. Both parameters can be used for the SQLi. #sqli #wordpress #wp-plugin References: github.com, wpscan.com

CVE-2021-24661 MEDIUM The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with Contributor roles or higher to read password-protected or private post contents the user is otherwise unable to read, given the post ID. #wordpress #wp-plugin References: wpscan.com

CVE-2021-24660 MEDIUM The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the plugin's shortcode. #xss #wordpress #wp-plugin References: wpscan.com

CVE-2021-24659 MEDIUM The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the plugin's block. #xss #wordpress #wp-plugin References: wpscan.com

CVE-2021-24652 MEDIUM The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 performs incorrect checks before allowing any logged in user to perform some ajax based requests, allowing any user to modify, delete or add ultp_options values. #wordpress #wp-plugin References: wpscan.com

CVE-2021-24643 LOW The WP Map Block WordPress plugin before 1.2.3 does not escape some attributes of the WP Map Block, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks #xss #wordpress #wp-plugin References: wpscan.com

CVE-2021-24634 LOW The Recipe Card Blocks by WPZOOM WordPress plugin before 2.8.3 does not properly sanitise or escape some of the properties of the Recipe Card Block (such as ingredientsLayout, iconSet, steps, ingredients, recipeTitle, or settings), which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks. #xss #wordpress #wp-plugin References: wpscan.com

CVE-2021-24633 LOW The Countdown Block WordPress plugin before 1.1.2 does not have authorisation in the eb_write_block_css AJAX action, which allows any authenticated user, such as Subscriber, to modify post contents displayed to users. #wordpress #wp-plugin References: wpscan.com

CVE-2021-24632 LOW The Recipe Card Blocks by WPZOOM WordPress plugin before 2.8.1 does not escape the message parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting issue #xss #wordpress #wp-plugin References: wpscan.com

CVE-2021-24610 LOW The TranslatePress WordPress plugin before 2.0.9 does not implement a proper sanitisation on the translated strings. The 'trp_sanitize_string' function only removes script tag with a regex, still allowing other HTML tags and attributes to execute javascript, which could lead to authenticated Stored Cross-Site Scripting issues. #xss #wordpress #wp-plugin References: wpscan.com, packetstormsecurity.com

CVE-2021-24569 LOW The Cookie Notice & Compliance for GDPR / CCPA WordPress plugin before 2.1.2 does not escape the value of its Button Text setting when outputting it in an attribute in the frontend, allowing high privilege users such as admin to perform Cross-Site Scripting even when the unfiltered_html capability is disallowed. #xss #wordpress #wp-plugin References: wpscan.com

CVE-2021-36878 LOW Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for attackers to update settings. #csrf #wordpress #wp-plugin References: patchstack.com, wordpress.org


Comments