{"vulnerability": "CVE-2021-3834", "sightings": [{"uuid": "3d17a41d-b05f-4d11-a28d-07f9e0422595", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-38340", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14586", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-38340\n\ud83d\udd25 CVSS Score: 6.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The Wordpress Simple Shop WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the update_row parameter found in the ~/includes/add_product.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.\n\ud83d\udccf Published: 2021-09-10T13:33:02.073Z\n\ud83d\udccf Modified: 2025-05-02T19:51:27.692Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38340\n2. https://plugins.trac.wordpress.org/browser/webful-simple-grocery-shop/trunk/includes/add_product.php#L80", "creation_timestamp": "2025-05-02T20:16:34.000000Z"}, {"uuid": "1ee94a14-84f0-4ac1-b5b3-6372d482339a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-38341", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14587", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-38341\n\ud83d\udd25 CVSS Score: 6.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The WooCommerce Payment Gateway Per Category WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[\"PHP_SELF\"] value in the ~/includes/plugin_settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.10.\n\ud83d\udccf Published: 2021-09-10T13:33:07.295Z\n\ud83d\udccf Modified: 2025-05-02T19:50:21.274Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38341\n2. https://plugins.trac.wordpress.org/browser/wc-payment-gateway-per-category/tags/2.0.10/includes/plugin_settings.php#L31", "creation_timestamp": "2025-05-02T20:16:35.000000Z"}, {"uuid": "656f90c2-f22f-4e6d-93b5-99521caf7b1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-38346", "type": "seen", "source": "https://t.me/cibsecurity/30582", "content": "\u203c CVE-2021-38346 \u203c\n\nThe Brizy Page Builder plugin <= 2.3.11 for WordPress allowed authenticated users to upload executable files to a location of their choice using the brizy_create_block_screenshot AJAX action. The file would be named using the id parameter, which could be prepended with \"../\" to perform directory traversal, and the file contents were populated via the ibsf parameter, which would be base64-decoded and written to the file. While the plugin added a .jpg extension to all uploaded filenames, a double extension attack was still possible, e.g. a file named shell.php would be saved as shell.php.jpg, and would be executable on a number of common configurations.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-14T20:27:46.000000Z"}, {"uuid": "eb2f3ea1-559b-4635-b455-189e617afa57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-38345", "type": "seen", "source": "https://t.me/cibsecurity/30578", "content": "\u203c CVE-2021-38345 \u203c\n\nThe Brizy Page Builder plugin <= 2.3.11 for WordPress used an incorrect authorization check that allowed any logged-in user accessing any endpoint in the wp-admin directory to modify the content of any existing post or page created with the Brizy editor. An identical issue was found by another researcher in Brizy <= 1.0.125 and fixed in version 1.0.126, but the vulnerability was reintroduced in version 1.0.127.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-14T20:27:42.000000Z"}, {"uuid": "5fafc83d-4708-46e7-ad7b-4ff66840e995", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-38344", "type": "seen", "source": "https://t.me/cibsecurity/30584", "content": "\u203c CVE-2021-38344 \u203c\n\nThe Brizy Page Builder plugin <= 2.3.11 for WordPress was vulnerable to stored XSS by lower-privileged users such as a subscribers. It was possible to add malicious JavaScript to a page by modifying the request sent to update the page via the brizy_update_item AJAX action and adding JavaScript to the data parameter, which would be executed in the session of any visitor viewing or previewing the post or page.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-14T20:27:51.000000Z"}, {"uuid": "49192fa4-b0f7-44f5-9be1-40ef4e12a3ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-38347", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14596", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-38347\n\ud83d\udd25 CVSS Score: 6.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The Custom Website Data WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter found in the ~/views/edit.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.2.\n\ud83d\udccf Published: 2021-09-10T13:34:24.436Z\n\ud83d\udccf Modified: 2025-05-02T19:46:21.170Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38347\n2. https://plugins.trac.wordpress.org/browser/simple-custom-website-data/tags/2.2/views/edit.php#L30", "creation_timestamp": "2025-05-02T20:16:50.000000Z"}, {"uuid": "352f5aef-1555-4fe1-8427-d0488473e18c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-38348", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14581", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-38348\n\ud83d\udd25 CVSS Score: 6.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The Advance Search WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the wpas_id parameter found in the ~/inc/admin/views/html-advance-search-admin-options.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.1.2.\n\ud83d\udccf Published: 2021-09-10T13:32:38.774Z\n\ud83d\udccf Modified: 2025-05-02T19:53:39.565Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38348\n2. https://plugins.trac.wordpress.org/browser/advance-search/trunk/inc/admin/views/html-advance-search-admin-options.php#L88", "creation_timestamp": "2025-05-02T20:16:27.000000Z"}, {"uuid": "8de82749-a35a-4d2d-a6fb-00bb194e8a5d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-38349", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14585", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-38349\n\ud83d\udd25 CVSS Score: 6.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The Integration of Moneybird for WooCommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the error_description parameter found in the ~/templates/wcmb-admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.1.\n\ud83d\udccf Published: 2021-09-10T13:32:55.483Z\n\ud83d\udccf Modified: 2025-05-02T19:51:43.212Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38349\n2. https://plugins.trac.wordpress.org/browser/woo-moneybird/tags/2.1.1/templates/wcmb-admin.php#L8", "creation_timestamp": "2025-05-02T20:16:33.000000Z"}, {"uuid": "b31aef28-6304-4110-b23b-ede9a6a3a6e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-38340", "type": "seen", "source": "https://t.me/cibsecurity/28676", "content": "\u203c CVE-2021-38340 \u203c\n\nThe Wordpress Simple Shop WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the update_row parameter found in the ~/includes/add_product.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-10T18:31:17.000000Z"}, {"uuid": "73160384-c313-43e9-95d4-845bea162700", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-38349", "type": "seen", "source": "https://t.me/cibsecurity/28673", "content": "\u203c CVE-2021-38349 \u203c\n\nThe Integration of Moneybird for WooCommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the error_description parameter found in the ~/templates/wcmb-admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.1.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-10T18:31:07.000000Z"}, {"uuid": "898e74f6-7005-4cd8-9249-801ffa062811", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-38341", "type": "seen", "source": "https://t.me/cibsecurity/28664", "content": "\u203c CVE-2021-38341 \u203c\n\nThe WooCommerce Payment Gateway Per Category WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[\"PHP_SELF\"] value in the ~/includes/plugin_settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.10.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-10T18:30:44.000000Z"}, {"uuid": "dda43bbb-1ba7-40b2-828e-0a57fa65772d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-38343", "type": "seen", "source": "https://t.me/cibsecurity/28041", "content": "\u203c CVE-2021-38343 \u203c\n\nThe Nested Pages WordPress plugin <= 3.1.15 was vulnerable to an Open Redirect via the `page` POST parameter in the `npBulkActions`, `npBulkEdit`, `npListingSort`, and `npCategoryFilter` `admin_post` actions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-30T22:38:42.000000Z"}]}