{"vulnerability": "CVE-2021-2477", "sightings": [{"uuid": "e1bc50cc-6290-49f3-93a5-286b7a51f8b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-24772", "type": "seen", "source": "https://t.me/cibsecurity/32498", "content": "\u203c CVE-2021-24772 \u203c\n\nThe Stream WordPress plugin before 3.8.2 does not sanitise and validate the order GET parameter from the Stream Records admin dashboard before using it in a SQL statement, leading to an SQL injection issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-17T16:26:44.000000Z"}, {"uuid": "a15f7034-4acf-497c-8dc6-71a411a3660c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-24775", "type": "seen", "source": "https://t.me/cibsecurity/36634", "content": "\u203c CVE-2021-24775 \u203c\n\nThe Document Embedder WordPress plugin before 1.7.5 contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitrary private and draft posts.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-01T16:26:36.000000Z"}, {"uuid": "4bfb800f-7e59-490a-967e-86ed7038d76a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-24774", "type": "seen", "source": "https://t.me/cibsecurity/31116", "content": "\u203c CVE-2021-24774 \u203c\n\nThe Check & Log Email WordPress plugin before 1.0.3 does not validate and escape the \"order\" and \"orderby\" GET parameters before using them in a SQL statement when viewing logs, leading to SQL injections issues\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-25T18:13:40.000000Z"}, {"uuid": "94d038b0-2407-47ef-9784-16b58f063e65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-24779", "type": "seen", "source": "https://t.me/cibsecurity/31130", "content": "\u203c CVE-2021-24779 \u203c\n\nThe WP Debugging WordPress plugin before 2.11.0 has its update_settings() function hooked to admin_init and is missing any capability and CSRF checks, as a result, the settings can be updated by unauthenticated users.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-25T18:13:55.000000Z"}, {"uuid": "2a8a2502-6cce-43fc-b38c-d264e5d158b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-24773", "type": "seen", "source": "https://t.me/cibsecurity/31532", "content": "\u203c CVE-2021-24773 \u203c\n\nThe WordPress Download Manager WordPress plugin before 3.2.16 does not escape some of the Download settings when outputting them, allowing high privilege users to perform XSS attacks even when the unfiltered_html capability is disallowed\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-01T11:21:15.000000Z"}, {"uuid": "03de7b1d-9f33-49f5-a5ad-1225df2addb0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-24770", "type": "seen", "source": "https://t.me/cibsecurity/31531", "content": "\u203c CVE-2021-24770 \u203c\n\nThe Stylish Price List WordPress plugin before 6.9.1 does not perform capability checks in its spl_upload_ser_img AJAX action (available to authenticated users), which could allow any authenticated users, such as subscriber, to upload arbitrary images.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-01T11:21:14.000000Z"}, {"uuid": "89e78654-e2bb-4622-9ad9-efaee90bedc0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-24771", "type": "seen", "source": "https://t.me/cibsecurity/33806", "content": "\u203c CVE-2021-24771 \u203c\n\nThe Inspirational Quote Rotator WordPress plugin through 1.0.0 does not sanitize and escape some of its quote fields when adding/editing a quote as admin, leading to Stored Cross-Site scripting issues when the quote is output in the \"Quotes list\" even when the unfiltered_html capability is disallowed\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-13T14:23:59.000000Z"}]}