{"vulnerability": "CVE-2021-2437", "sightings": [{"uuid": "f796587d-d7dd-4a7a-acf8-90834b00eb9c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-24372", "type": "seen", "source": "https://t.me/cibsecurity/25588", "content": "\u203c CVE-2021-24372 \u203c\n\nThe WP Hardening \u00c3\u00a2\u00e2\u201a\u00ac\u00e2\u20ac\u0153 Fix Your WordPress Security WordPress plugin before 1.2.2 did not sanitise or escape the $_SERVER['REQUEST_URI'] before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-06-22T00:15:28.000000Z"}, {"uuid": "fb3253f2-5df4-411d-9e3e-f6d4b3431f17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-24377", "type": "seen", "source": "https://t.me/cibsecurity/25587", "content": "\u203c CVE-2021-24377 \u203c\n\nThe Autoptimize WordPress plugin before 2.7.8 attempts to remove potential malicious files from the extracted archive uploaded via the 'Import Settings' feature, however this is not sufficient to protect against RCE as a race condition can be achieved in between the moment the file is extracted on the disk but not yet removed. It is a bypass of CVE-2020-24948.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-06-22T00:15:27.000000Z"}, {"uuid": "5855f1b2-0795-47a2-9be5-2573dfe5d2ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-24377", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-424ebad0-6bee0cbd5f75d218", "content": "", "creation_timestamp": "2025-03-03T06:58:05.086846Z"}, {"uuid": "4189603f-f638-4945-8867-b7d26167c774", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-24379", "type": "seen", "source": "https://t.me/arpsyndicate/2720", "content": "#ExploitObserverAlert\n\nCVE-2021-24379\n\nDESCRIPTION: Exploit Observer has 3 entries related to CVE-2021-24379. The Comments Like Dislike WordPress plugin before 1.1.4 allows users to like/dislike posted comments, however does not prevent them from replaying the AJAX request to add a like. This allows any user (even unauthenticated) to add unlimited like/dislike to any comment. The plugin appears to have some Restriction modes, such as Cookie Restriction, IP Restrictions, Logged In User Restriction, however, they do not prevent such attack as they only check client side\n\nFIRST-EPSS: 0.001090000\nNVD-IS: 1.4\nNVD-ES: 3.9", "creation_timestamp": "2024-01-09T06:45:13.000000Z"}]}