Most recent sightings.

Most recent sightings. https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Mon, 04 May 2026 21:47:39 +0000 75b2ee92-fd23-4278-b440-2bf7044f1a0d https://vulnerability.circl.lu/sighting/75b2ee92-fd23-4278-b440-2bf7044f1a0d/export {"uuid": "75b2ee92-fd23-4278-b440-2bf7044f1a0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39348", "type": "seen", "source": "https://t.me/cibsecurity/30995", "content": "\u203c CVE-2021-39348 \u203c\n\nThe LearnPress WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping on the $custom_profile parameter found in the ~/inc/admin/views/backend-user-profile.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 4.1.3.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. Please note that this is seperate from CVE-2021-24702.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-22T00:37:32.000000Z"} {"uuid": "75b2ee92-fd23-4278-b440-2bf7044f1a0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39348", "type": "seen", "source": "https://t.me/cibsecurity/30995", "content": "\u203c CVE-2021-39348 \u203c\n\nThe LearnPress WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping on the $custom_profile parameter found in the ~/inc/admin/views/backend-user-profile.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 4.1.3.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. Please note that this is seperate from CVE-2021-24702.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-22T00:37:32.000000Z"} https://vulnerability.circl.lu/sighting/75b2ee92-fd23-4278-b440-2bf7044f1a0d/export Fri, 22 Oct 2021 00:37:32 +0000 eac03836-c67f-4bde-8578-d4312b795274 https://vulnerability.circl.lu/sighting/eac03836-c67f-4bde-8578-d4312b795274/export {"uuid": "eac03836-c67f-4bde-8578-d4312b795274", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39341", "type": "seen", "source": "https://t.me/true_secator/2269", "content": "\u041e\u0434\u0438\u043d \u0438\u0437 \u0441\u0430\u043c\u044b\u0445 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0445 \u043f\u043b\u0430\u0433\u0438\u043d\u043e\u0432 WordPress, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u0444\u043e\u0440\u043c \u043f\u043e\u0434\u043f\u0438\u0441\u043a\u0438 \u0438 \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0430\u0446\u0438\u0438 \u043f\u043e\u0441\u0442\u043e\u044f\u043d\u043d\u044b\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439, \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0431\u043e\u043b\u0435\u0435 1 \u043c\u043b\u043d. \u0441\u0430\u0439\u0442\u043e\u0432, \u0434\u043e\u043f\u0443\u0441\u043a\u0430\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u043f\u0435\u0440\u0435\u043d\u0430\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f.\n \n\u041f\u043b\u0430\u0433\u0438\u043d OptinMonster, \u043f\u043e \u0441\u0443\u0442\u0438, \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u043c \u0434\u043b\u044f \u0433\u0435\u043d\u0435\u0440\u0430\u0446\u0438\u0438 \u043b\u0438\u0434\u043e\u0432 \u0438 \u043c\u043e\u043d\u0435\u0442\u0438\u0437\u0430\u0446\u0438\u0438. \u041e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u0430\u044f \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c \u0425\u043b\u043e\u0435\u0439 \u0427\u0435\u043c\u0431\u0435\u0440\u043b\u0435\u043d\u0434 28 \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u044f \u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0430\u044f 7 \u043e\u043a\u0442\u044f\u0431\u0440\u044f \u044d\u0442\u043e\u0433\u043e \u0433\u043e\u0434\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2021-39341 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u043d\u0435\u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a API \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u0441\u0442\u0432\u0443\u0435\u0442 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044e \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043d\u0430 \u0441\u0430\u0439\u0442\u0430\u0445 WordPress.\n \n\u041a\u0430\u043a \u043e\u0431\u044a\u044f\u0441\u043d\u044f\u0435\u0442 \u0427\u0435\u043c\u0431\u0435\u0440\u043b\u0435\u043d\u0434, OptinMonster \u0437\u0430\u0432\u0438\u0441\u0438\u0442 \u043e\u0442 \u043a\u043e\u043d\u0435\u0447\u043d\u044b\u0445 \u0442\u043e\u0447\u0435\u043a API, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u044e\u0442 \u043f\u043e\u043b\u043d\u0443\u044e \u0438\u043d\u0442\u0435\u0433\u0440\u0430\u0446\u0438\u044e \u0438 \u0443\u043f\u0440\u043e\u0449\u0435\u043d\u043d\u044b\u0439 \u043f\u0440\u043e\u0446\u0435\u0441\u0441 \u043f\u0440\u043e\u0435\u043a\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f. \u041e\u0434\u043d\u0430\u043a\u043e \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044f \u044d\u0442\u0438\u0445 \u043a\u043e\u043d\u0435\u0447\u043d\u044b\u0445 \u0442\u043e\u0447\u0435\u043a \u043d\u0435 \u0432\u0441\u0435\u0433\u0434\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u0430, \u043a\u0430\u043a \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, \u0441 \u043a\u043e\u043d\u0435\u0447\u043d\u043e\u0439 \u0442\u043e\u0447\u043a\u043e\u0439 /wp-json/omapp/v1/support, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u0440\u0430\u0441\u043a\u0440\u044b\u0432\u0430\u0442\u044c \u0442\u0430\u043a\u0438\u0435 \u0434\u0430\u043d\u043d\u044b\u0435, \u043a\u0430\u043a \u043f\u043e\u043b\u043d\u044b\u0439 \u043f\u0443\u0442\u044c \u043a \u0441\u0430\u0439\u0442\u0443 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435, \u043a\u043b\u044e\u0447\u0438 API, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0435 \u0434\u043b\u044f \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u043d\u0430 \u0441\u0430\u0439\u0442\u0435, \u0438 \u043c\u043d\u043e\u0433\u043e\u0435 \u0434\u0440\u0443\u0433\u043e\u0435.\n \n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a, \u0432\u043b\u0430\u0434\u0435\u044e\u0449\u0438\u0439 \u043a\u043b\u044e\u0447\u043e\u043c API, \u043c\u043e\u0436\u0435\u0442 \u0432\u043d\u0435\u0441\u0442\u0438 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u0432 \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0437\u0430\u043f\u0438\u0441\u0438 OptinMonster \u0438\u043b\u0438 \u0434\u0430\u0436\u0435 \u0440\u0430\u0437\u043c\u0435\u0441\u0442\u0438\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u0444\u0440\u0430\u0433\u043c\u0435\u043d\u0442\u044b \u043a\u043e\u0434\u0430 JavaScript \u043d\u0430 \u0441\u0430\u0439\u0442\u0435. \u0421\u0430\u0439\u0442 \u0431\u0443\u0434\u0435\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u044d\u0442\u043e\u0442 \u043a\u043e\u0434 \u043a\u0430\u0436\u0434\u044b\u0439 \u0440\u0430\u0437 \u043f\u0440\u0438 \u0430\u043a\u0442\u0438\u0432\u0430\u0446\u0438\u0438 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u0430 OptinMonster.\n \n\u0427\u0442\u043e \u0435\u0449\u0435 \u0445\u0443\u0436\u0435, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0434\u0430\u0436\u0435 \u043d\u0435 \u043f\u0440\u0438\u0448\u043b\u043e\u0441\u044c \u0431\u044b \u043f\u0440\u043e\u0445\u043e\u0434\u0438\u0442\u044c \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e \u043d\u0430 \u0446\u0435\u043b\u0435\u0432\u043e\u043c \u0441\u0430\u0439\u0442\u0435 \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043a\u043e\u043d\u0435\u0447\u043d\u043e\u0439 \u0442\u043e\u0447\u043a\u0435 API, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 HTTP-\u0437\u0430\u043f\u0440\u043e\u0441 \u043e\u0431\u0445\u043e\u0434\u0438\u0442 \u0432\u0441\u0435 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043f\u0440\u0438 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u0445, \u043b\u0435\u0433\u043a\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u043c\u044b\u0445 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445.\n \n\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u0432\u0441\u0435 \u043a\u043b\u044e\u0447\u0438 API, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u043b\u0438 \u0431\u044b\u0442\u044c \u0443\u043a\u0440\u0430\u0434\u0435\u043d\u044b, \u0430\u043d\u043d\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u044b \u0438 \u0441\u0433\u0435\u043d\u0435\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u044b \u043d\u043e\u0432\u044b\u0435, \u0432\u0441\u0435\u043c \u0432\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u0430\u043c \u0441\u0430\u0439\u0442\u043e\u0432 \u0441 OptinMonster \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043f\u043e\u0441\u043a\u043e\u0440\u0435\u0435 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.6.5 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439, \u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u044f\u0442\u044c\u0441\u044f \u0435\u0449\u0435 \u0432 \u0442\u0435\u0447\u0435\u043d\u0438\u0438 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 \u043f\u043e\u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0445 \u0440\u0430\u0437, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u0433\u043e \u043f\u043b\u0430\u0433\u0438\u043d\u0430 WordPress \u0431\u0443\u0434\u0443\u0442 \u043f\u0435\u0440\u0435\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u0442\u044c \u0432\u0435\u0441\u044c API.", "creation_timestamp": "2021-10-29T18:01:00.000000Z"} {"uuid": "eac03836-c67f-4bde-8578-d4312b795274", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39341", "type": "seen", "source": "https://t.me/true_secator/2269", "content": "\u041e\u0434\u0438\u043d \u0438\u0437 \u0441\u0430\u043c\u044b\u0445 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0445 \u043f\u043b\u0430\u0433\u0438\u043d\u043e\u0432 WordPress, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u0444\u043e\u0440\u043c \u043f\u043e\u0434\u043f\u0438\u0441\u043a\u0438 \u0438 \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0430\u0446\u0438\u0438 \u043f\u043e\u0441\u0442\u043e\u044f\u043d\u043d\u044b\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439, \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0431\u043e\u043b\u0435\u0435 1 \u043c\u043b\u043d. \u0441\u0430\u0439\u0442\u043e\u0432, \u0434\u043e\u043f\u0443\u0441\u043a\u0430\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u043f\u0435\u0440\u0435\u043d\u0430\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f.\n \n\u041f\u043b\u0430\u0433\u0438\u043d OptinMonster, \u043f\u043e \u0441\u0443\u0442\u0438, \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u043c \u0434\u043b\u044f \u0433\u0435\u043d\u0435\u0440\u0430\u0446\u0438\u0438 \u043b\u0438\u0434\u043e\u0432 \u0438 \u043c\u043e\u043d\u0435\u0442\u0438\u0437\u0430\u0446\u0438\u0438. \u041e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u0430\u044f \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c \u0425\u043b\u043e\u0435\u0439 \u0427\u0435\u043c\u0431\u0435\u0440\u043b\u0435\u043d\u0434 28 \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u044f \u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0430\u044f 7 \u043e\u043a\u0442\u044f\u0431\u0440\u044f \u044d\u0442\u043e\u0433\u043e \u0433\u043e\u0434\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2021-39341 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u043d\u0435\u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a API \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u0441\u0442\u0432\u0443\u0435\u0442 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044e \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043d\u0430 \u0441\u0430\u0439\u0442\u0430\u0445 WordPress.\n \n\u041a\u0430\u043a \u043e\u0431\u044a\u044f\u0441\u043d\u044f\u0435\u0442 \u0427\u0435\u043c\u0431\u0435\u0440\u043b\u0435\u043d\u0434, OptinMonster \u0437\u0430\u0432\u0438\u0441\u0438\u0442 \u043e\u0442 \u043a\u043e\u043d\u0435\u0447\u043d\u044b\u0445 \u0442\u043e\u0447\u0435\u043a API, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u044e\u0442 \u043f\u043e\u043b\u043d\u0443\u044e \u0438\u043d\u0442\u0435\u0433\u0440\u0430\u0446\u0438\u044e \u0438 \u0443\u043f\u0440\u043e\u0449\u0435\u043d\u043d\u044b\u0439 \u043f\u0440\u043e\u0446\u0435\u0441\u0441 \u043f\u0440\u043e\u0435\u043a\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f. \u041e\u0434\u043d\u0430\u043a\u043e \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044f \u044d\u0442\u0438\u0445 \u043a\u043e\u043d\u0435\u0447\u043d\u044b\u0445 \u0442\u043e\u0447\u0435\u043a \u043d\u0435 \u0432\u0441\u0435\u0433\u0434\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u0430, \u043a\u0430\u043a \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, \u0441 \u043a\u043e\u043d\u0435\u0447\u043d\u043e\u0439 \u0442\u043e\u0447\u043a\u043e\u0439 /wp-json/omapp/v1/support, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u0440\u0430\u0441\u043a\u0440\u044b\u0432\u0430\u0442\u044c \u0442\u0430\u043a\u0438\u0435 \u0434\u0430\u043d\u043d\u044b\u0435, \u043a\u0430\u043a \u043f\u043e\u043b\u043d\u044b\u0439 \u043f\u0443\u0442\u044c \u043a \u0441\u0430\u0439\u0442\u0443 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435, \u043a\u043b\u044e\u0447\u0438 API, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0435 \u0434\u043b\u044f \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u043d\u0430 \u0441\u0430\u0439\u0442\u0435, \u0438 \u043c\u043d\u043e\u0433\u043e\u0435 \u0434\u0440\u0443\u0433\u043e\u0435.\n \n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a, \u0432\u043b\u0430\u0434\u0435\u044e\u0449\u0438\u0439 \u043a\u043b\u044e\u0447\u043e\u043c API, \u043c\u043e\u0436\u0435\u0442 \u0432\u043d\u0435\u0441\u0442\u0438 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u0432 \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0437\u0430\u043f\u0438\u0441\u0438 OptinMonster \u0438\u043b\u0438 \u0434\u0430\u0436\u0435 \u0440\u0430\u0437\u043c\u0435\u0441\u0442\u0438\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u0444\u0440\u0430\u0433\u043c\u0435\u043d\u0442\u044b \u043a\u043e\u0434\u0430 JavaScript \u043d\u0430 \u0441\u0430\u0439\u0442\u0435. \u0421\u0430\u0439\u0442 \u0431\u0443\u0434\u0435\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u044d\u0442\u043e\u0442 \u043a\u043e\u0434 \u043a\u0430\u0436\u0434\u044b\u0439 \u0440\u0430\u0437 \u043f\u0440\u0438 \u0430\u043a\u0442\u0438\u0432\u0430\u0446\u0438\u0438 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u0430 OptinMonster.\n \n\u0427\u0442\u043e \u0435\u0449\u0435 \u0445\u0443\u0436\u0435, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0434\u0430\u0436\u0435 \u043d\u0435 \u043f\u0440\u0438\u0448\u043b\u043e\u0441\u044c \u0431\u044b \u043f\u0440\u043e\u0445\u043e\u0434\u0438\u0442\u044c \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e \u043d\u0430 \u0446\u0435\u043b\u0435\u0432\u043e\u043c \u0441\u0430\u0439\u0442\u0435 \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043a\u043e\u043d\u0435\u0447\u043d\u043e\u0439 \u0442\u043e\u0447\u043a\u0435 API, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 HTTP-\u0437\u0430\u043f\u0440\u043e\u0441 \u043e\u0431\u0445\u043e\u0434\u0438\u0442 \u0432\u0441\u0435 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043f\u0440\u0438 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u0445, \u043b\u0435\u0433\u043a\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u043c\u044b\u0445 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445.\n \n\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u0432\u0441\u0435 \u043a\u043b\u044e\u0447\u0438 API, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u043b\u0438 \u0431\u044b\u0442\u044c \u0443\u043a\u0440\u0430\u0434\u0435\u043d\u044b, \u0430\u043d\u043d\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u044b \u0438 \u0441\u0433\u0435\u043d\u0435\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u044b \u043d\u043e\u0432\u044b\u0435, \u0432\u0441\u0435\u043c \u0432\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u0430\u043c \u0441\u0430\u0439\u0442\u043e\u0432 \u0441 OptinMonster \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043f\u043e\u0441\u043a\u043e\u0440\u0435\u0435 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.6.5 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439, \u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u044f\u0442\u044c\u0441\u044f \u0435\u0449\u0435 \u0432 \u0442\u0435\u0447\u0435\u043d\u0438\u0438 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 \u043f\u043e\u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0445 \u0440\u0430\u0437, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u0433\u043e \u043f\u043b\u0430\u0433\u0438\u043d\u0430 WordPress \u0431\u0443\u0434\u0443\u0442 \u043f\u0435\u0440\u0435\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u0442\u044c \u0432\u0435\u0441\u044c API.", "creation_timestamp": "2021-10-29T18:01:00.000000Z"} https://vulnerability.circl.lu/sighting/eac03836-c67f-4bde-8578-d4312b795274/export Fri, 29 Oct 2021 18:01:00 +0000 2b288674-7693-4200-9403-451cd93ea097 https://vulnerability.circl.lu/sighting/2b288674-7693-4200-9403-451cd93ea097/export {"uuid": "2b288674-7693-4200-9403-451cd93ea097", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39341", "type": "exploited", "source": "https://t.me/CyberSecurityTechnologies/4637", "content": "#Threat_Research\n1. Apache HTTP Server CVE-2021-42013, CVE-2021-41773 Exploited in the Wild\nhttps://blogs.juniper.net/en-us/threat-research/apache-http-server-cve-2021-42013-and-cve-2021-41773-exploited\n2. CVE-2021-39341:\nA vulnerability in the the OptinMonster plugin\nhttps://www.wordfence.com/blog/2021/10/1000000-sites-affected-by-optinmonster-vulnerabilities", "creation_timestamp": "2021-10-31T16:24:28.000000Z"} {"uuid": "2b288674-7693-4200-9403-451cd93ea097", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39341", "type": "exploited", "source": "https://t.me/CyberSecurityTechnologies/4637", "content": "#Threat_Research\n1. Apache HTTP Server CVE-2021-42013, CVE-2021-41773 Exploited in the Wild\nhttps://blogs.juniper.net/en-us/threat-research/apache-http-server-cve-2021-42013-and-cve-2021-41773-exploited\n2. CVE-2021-39341:\nA vulnerability in the the OptinMonster plugin\nhttps://www.wordfence.com/blog/2021/10/1000000-sites-affected-by-optinmonster-vulnerabilities", "creation_timestamp": "2021-10-31T16:24:28.000000Z"} https://vulnerability.circl.lu/sighting/2b288674-7693-4200-9403-451cd93ea097/export Sun, 31 Oct 2021 16:24:28 +0000 9c1e0ebb-e898-4354-999c-00a9a368094c https://vulnerability.circl.lu/sighting/9c1e0ebb-e898-4354-999c-00a9a368094c/export {"uuid": "9c1e0ebb-e898-4354-999c-00a9a368094c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39341", "type": "seen", "source": "https://t.me/cibsecurity/31573", "content": "\u203c CVE-2021-39341 \u203c\n\nThe OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and unauthorized setting updates due to insufficient authorization validation via the logged_in_or_has_api_key function in the ~/OMAPI/RestApi.php file that can used to exploit inject malicious web scripts on sites with the plugin installed. This affects versions up to, and including, 2.6.4.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-01T23:21:31.000000Z"} {"uuid": "9c1e0ebb-e898-4354-999c-00a9a368094c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39341", "type": "seen", "source": "https://t.me/cibsecurity/31573", "content": "\u203c CVE-2021-39341 \u203c\n\nThe OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and unauthorized setting updates due to insufficient authorization validation via the logged_in_or_has_api_key function in the ~/OMAPI/RestApi.php file that can used to exploit inject malicious web scripts on sites with the plugin installed. This affects versions up to, and including, 2.6.4.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-01T23:21:31.000000Z"} https://vulnerability.circl.lu/sighting/9c1e0ebb-e898-4354-999c-00a9a368094c/export Mon, 01 Nov 2021 23:21:31 +0000 e247269e-65db-414e-b17f-e7e5e9f86b82 https://vulnerability.circl.lu/sighting/e247269e-65db-414e-b17f-e7e5e9f86b82/export {"uuid": "e247269e-65db-414e-b17f-e7e5e9f86b82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39340", "type": "seen", "source": "https://t.me/cibsecurity/31576", "content": "\u203c CVE-2021-39340 \u203c\n\nThe Notification WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/src/classes/Utils/Settings.php file which made it possible for attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 7.2.4. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-01T23:21:34.000000Z"} {"uuid": "e247269e-65db-414e-b17f-e7e5e9f86b82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39340", "type": "seen", "source": "https://t.me/cibsecurity/31576", "content": "\u203c CVE-2021-39340 \u203c\n\nThe Notification WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/src/classes/Utils/Settings.php file which made it possible for attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 7.2.4. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-01T23:21:34.000000Z"} https://vulnerability.circl.lu/sighting/e247269e-65db-414e-b17f-e7e5e9f86b82/export Mon, 01 Nov 2021 23:21:34 +0000 f355c90c-00d1-4528-80fa-37ad5a193e0c https://vulnerability.circl.lu/sighting/f355c90c-00d1-4528-80fa-37ad5a193e0c/export {"uuid": "f355c90c-00d1-4528-80fa-37ad5a193e0c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39346", "type": "seen", "source": "https://t.me/cibsecurity/31579", "content": "\u203c CVE-2021-39346 \u203c\n\nThe Google Maps Easy WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/modules/marker_groups/views/tpl/mgrEditMarkerGroup.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.9.33. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-01T23:21:38.000000Z"} {"uuid": "f355c90c-00d1-4528-80fa-37ad5a193e0c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39346", "type": "seen", "source": "https://t.me/cibsecurity/31579", "content": "\u203c CVE-2021-39346 \u203c\n\nThe Google Maps Easy WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/modules/marker_groups/views/tpl/mgrEditMarkerGroup.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.9.33. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-01T23:21:38.000000Z"} https://vulnerability.circl.lu/sighting/f355c90c-00d1-4528-80fa-37ad5a193e0c/export Mon, 01 Nov 2021 23:21:38 +0000 9a950960-b8d6-44cd-8b1c-f46c7f76f335 https://vulnerability.circl.lu/sighting/9a950960-b8d6-44cd-8b1c-f46c7f76f335/export {"uuid": "9a950960-b8d6-44cd-8b1c-f46c7f76f335", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3934", "type": "seen", "source": "https://t.me/cibsecurity/32294", "content": "\u203c CVE-2021-3934 \u203c\n\nohmyzsh is vulnerable to Improper Neutralization of Special Elements used in an OS Command\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-12T14:38:45.000000Z"} {"uuid": "9a950960-b8d6-44cd-8b1c-f46c7f76f335", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3934", "type": "seen", "source": "https://t.me/cibsecurity/32294", "content": "\u203c CVE-2021-3934 \u203c\n\nohmyzsh is vulnerable to Improper Neutralization of Special Elements used in an OS Command\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-12T14:38:45.000000Z"} https://vulnerability.circl.lu/sighting/9a950960-b8d6-44cd-8b1c-f46c7f76f335/export Fri, 12 Nov 2021 14:38:45 +0000 0087441d-3c46-4ccc-8078-d441945f7ceb https://vulnerability.circl.lu/sighting/0087441d-3c46-4ccc-8078-d441945f7ceb/export {"uuid": "0087441d-3c46-4ccc-8078-d441945f7ceb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39345", "type": "seen", "source": "https://t.me/arpsyndicate/1712", "content": "#ExploitObserverAlert\n\nCVE-2021-39345\n\nDESCRIPTION: Exploit Observer has 4 entries related to CVE-2021-39345. The HAL WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/wp-hal.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 2.1.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.\n\nFIRST-EPSS: 0.000620000\nNVD-IS: 2.7\nNVD-ES: 1.7", "creation_timestamp": "2023-12-11T07:09:31.000000Z"} {"uuid": "0087441d-3c46-4ccc-8078-d441945f7ceb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39345", "type": "seen", "source": "https://t.me/arpsyndicate/1712", "content": "#ExploitObserverAlert\n\nCVE-2021-39345\n\nDESCRIPTION: Exploit Observer has 4 entries related to CVE-2021-39345. The HAL WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/wp-hal.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 2.1.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.\n\nFIRST-EPSS: 0.000620000\nNVD-IS: 2.7\nNVD-ES: 1.7", "creation_timestamp": "2023-12-11T07:09:31.000000Z"} https://vulnerability.circl.lu/sighting/0087441d-3c46-4ccc-8078-d441945f7ceb/export Mon, 11 Dec 2023 07:09:31 +0000 a0e03515-fa05-4b10-8bcf-7d3e30cc6a99 https://vulnerability.circl.lu/sighting/a0e03515-fa05-4b10-8bcf-7d3e30cc6a99/export {"uuid": "a0e03515-fa05-4b10-8bcf-7d3e30cc6a99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39341", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-39341.yaml", "content": "", "creation_timestamp": "2025-06-09T13:12:57.000000Z"} {"uuid": "a0e03515-fa05-4b10-8bcf-7d3e30cc6a99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39341", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-39341.yaml", "content": "", "creation_timestamp": "2025-06-09T13:12:57.000000Z"} https://vulnerability.circl.lu/sighting/a0e03515-fa05-4b10-8bcf-7d3e30cc6a99/export Mon, 09 Jun 2025 13:12:57 +0000 edfc6189-87b3-4b1a-973c-6c9f7a90dc1e https://vulnerability.circl.lu/sighting/edfc6189-87b3-4b1a-973c-6c9f7a90dc1e/export {"uuid": "edfc6189-87b3-4b1a-973c-6c9f7a90dc1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39341", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lrgszicsbq24", "content": "", "creation_timestamp": "2025-06-12T21:02:24.675762Z"} {"uuid": "edfc6189-87b3-4b1a-973c-6c9f7a90dc1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39341", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lrgszicsbq24", "content": "", "creation_timestamp": "2025-06-12T21:02:24.675762Z"} https://vulnerability.circl.lu/sighting/edfc6189-87b3-4b1a-973c-6c9f7a90dc1e/export Thu, 12 Jun 2025 21:02:24 +0000