https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Tue, 16 Jun 2026 08:48:58 +0000 https://vulnerability.circl.lu/sighting/e3d01a0a-8cde-4459-a2d1-c704c0b6d379/export {"uuid": "e3d01a0a-8cde-4459-a2d1-c704c0b6d379", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42360", "type": "seen", "source": "https://t.me/cibsecurity/32532", "content": "\u203c CVE-2021-42360 \u203c\n\nOn sites that also had the Elementor plugin for WordPress installed, it was possible for users with the edit_posts capability, which includes Contributor-level users, to import blocks onto any page using the astra-page-elementor-batch-process AJAX action. An attacker could craft and host a block containing malicious JavaScript on a server they controlled, and then use it to overwrite any post or page by sending an AJAX request with the action set to astra-page-elementor-batch-process and the url parameter pointed to their remotely-hosted malicious block, as well as an id parameter containing the post or page to overwrite. Any post or page that had been built with Elementor, including published pages, could be overwritten by the imported block, and the malicious JavaScript in the imported block would then be executed in the browser of any visitors to that page.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-17T20:14:40.000000Z"} {"uuid": "e3d01a0a-8cde-4459-a2d1-c704c0b6d379", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42360", "type": "seen", "source": "https://t.me/cibsecurity/32532", "content": "\u203c CVE-2021-42360 \u203c\n\nOn sites that also had the Elementor plugin for WordPress installed, it was possible for users with the edit_posts capability, which includes Contributor-level users, to import blocks onto any page using the astra-page-elementor-batch-process AJAX action. An attacker could craft and host a block containing malicious JavaScript on a server they controlled, and then use it to overwrite any post or page by sending an AJAX request with the action set to astra-page-elementor-batch-process and the url parameter pointed to their remotely-hosted malicious block, as well as an id parameter containing the post or page to overwrite. Any post or page that had been built with Elementor, including published pages, could be overwritten by the imported block, and the malicious JavaScript in the imported block would then be executed in the browser of any visitors to that page.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-17T20:14:40.000000Z"} https://vulnerability.circl.lu/sighting/e3d01a0a-8cde-4459-a2d1-c704c0b6d379/export Wed, 17 Nov 2021 20:14:40 +0000 https://vulnerability.circl.lu/sighting/98db6a7b-bd7e-4fe5-aad1-92a1fe841272/export {"uuid": "98db6a7b-bd7e-4fe5-aad1-92a1fe841272", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42363", "type": "seen", "source": "https://t.me/cibsecurity/32699", "content": "\u203c CVE-2021-42363 \u203c\n\nThe Preview E-Mails for WooCommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the search_order parameter found in the ~/views/form.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.6.8.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-19T18:23:20.000000Z"} {"uuid": "98db6a7b-bd7e-4fe5-aad1-92a1fe841272", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42363", "type": "seen", "source": "https://t.me/cibsecurity/32699", "content": "\u203c CVE-2021-42363 \u203c\n\nThe Preview E-Mails for WooCommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the search_order parameter found in the ~/views/form.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.6.8.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-19T18:23:20.000000Z"} https://vulnerability.circl.lu/sighting/98db6a7b-bd7e-4fe5-aad1-92a1fe841272/export Fri, 19 Nov 2021 18:23:20 +0000 https://vulnerability.circl.lu/sighting/b4ed6276-5417-4e17-a17e-056133b57ab1/export {"uuid": "b4ed6276-5417-4e17-a17e-056133b57ab1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42365", "type": "seen", "source": "https://t.me/cibsecurity/33061", "content": "\u203c CVE-2021-42365 \u203c\n\nThe Asgaros Forums WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the name parameter found in the ~/admin/tables/admin-structure-table.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.15.13. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-29T22:33:39.000000Z"} {"uuid": "b4ed6276-5417-4e17-a17e-056133b57ab1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42365", "type": "seen", "source": "https://t.me/cibsecurity/33061", "content": "\u203c CVE-2021-42365 \u203c\n\nThe Asgaros Forums WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the name parameter found in the ~/admin/tables/admin-structure-table.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.15.13. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-29T22:33:39.000000Z"} https://vulnerability.circl.lu/sighting/b4ed6276-5417-4e17-a17e-056133b57ab1/export Mon, 29 Nov 2021 22:33:39 +0000 https://vulnerability.circl.lu/sighting/c6c99b28-5d3b-4060-8d53-0ff9d3d89840/export {"uuid": "c6c99b28-5d3b-4060-8d53-0ff9d3d89840", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42364", "type": "seen", "source": "https://t.me/cibsecurity/33065", "content": "\u203c CVE-2021-42364 \u203c\n\nThe Stetic WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the stats_page function found in the ~/stetic.php file, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 1.0.6.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-29T22:33:44.000000Z"} {"uuid": "c6c99b28-5d3b-4060-8d53-0ff9d3d89840", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42364", "type": "seen", "source": "https://t.me/cibsecurity/33065", "content": "\u203c CVE-2021-42364 \u203c\n\nThe Stetic WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the stats_page function found in the ~/stetic.php file, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 1.0.6.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-29T22:33:44.000000Z"} https://vulnerability.circl.lu/sighting/c6c99b28-5d3b-4060-8d53-0ff9d3d89840/export Mon, 29 Nov 2021 22:33:44 +0000 https://vulnerability.circl.lu/sighting/aa036871-e044-4fd7-ae72-abdf678d991b/export {"uuid": "aa036871-e044-4fd7-ae72-abdf678d991b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42367", "type": "seen", "source": "https://t.me/cibsecurity/33941", "content": "\u203c CVE-2021-42367 \u203c\n\nThe Variation Swatches for WooCommerce WordPress plugin is vulnerable to Stored Cross-Site Scripting via several parameters found in the ~/includes/class-menu-page.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.1. Due to missing authorization checks on the tawcvs_save_settings function, low-level authenticated users such as subscribers can exploit this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-14T18:15:31.000000Z"} {"uuid": "aa036871-e044-4fd7-ae72-abdf678d991b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42367", "type": "seen", "source": "https://t.me/cibsecurity/33941", "content": "\u203c CVE-2021-42367 \u203c\n\nThe Variation Swatches for WooCommerce WordPress plugin is vulnerable to Stored Cross-Site Scripting via several parameters found in the ~/includes/class-menu-page.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.1. Due to missing authorization checks on the tawcvs_save_settings function, low-level authenticated users such as subscribers can exploit this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-14T18:15:31.000000Z"} https://vulnerability.circl.lu/sighting/aa036871-e044-4fd7-ae72-abdf678d991b/export Tue, 14 Dec 2021 18:15:31 +0000 https://vulnerability.circl.lu/sighting/afae9d25-cc72-4b8e-bd01-4b42b76481c0/export {"uuid": "afae9d25-cc72-4b8e-bd01-4b42b76481c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42362", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/wp_popular_posts_rce.rb", "content": "", "creation_timestamp": "2021-12-20T15:49:01.000000Z"} {"uuid": "afae9d25-cc72-4b8e-bd01-4b42b76481c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42362", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/wp_popular_posts_rce.rb", "content": "", "creation_timestamp": "2021-12-20T15:49:01.000000Z"} https://vulnerability.circl.lu/sighting/afae9d25-cc72-4b8e-bd01-4b42b76481c0/export Mon, 20 Dec 2021 15:49:01 +0000 https://vulnerability.circl.lu/sighting/efafca6b-df0f-4942-9ebe-8601cbe1546f/export {"uuid": "efafca6b-df0f-4942-9ebe-8601cbe1546f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-4236", "type": "seen", "source": "https://t.me/cibsecurity/55460", "content": "\u203c CVE-2021-4236 \u203c\n\nWeb Sockets do not execute any AuthenticateMethod methods which may be set, leading to a nil pointer dereference if the returned UserData pointer is assumed to be non-nil, or authentication bypass. This issue only affects WebSockets with an AuthenticateMethod hook. Request handlers that do not explicitly use WebSockets are not vulnerable.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-28T00:12:15.000000Z"} {"uuid": "efafca6b-df0f-4942-9ebe-8601cbe1546f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-4236", "type": "seen", "source": "https://t.me/cibsecurity/55460", "content": "\u203c CVE-2021-4236 \u203c\n\nWeb Sockets do not execute any AuthenticateMethod methods which may be set, leading to a nil pointer dereference if the returned UserData pointer is assumed to be non-nil, or authentication bypass. This issue only affects WebSockets with an AuthenticateMethod hook. Request handlers that do not explicitly use WebSockets are not vulnerable.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-28T00:12:15.000000Z"} https://vulnerability.circl.lu/sighting/efafca6b-df0f-4942-9ebe-8601cbe1546f/export Wed, 28 Dec 2022 00:12:15 +0000 https://vulnerability.circl.lu/sighting/66e5691d-8a11-4600-bfef-6175ab9da679/export {"uuid": "66e5691d-8a11-4600-bfef-6175ab9da679", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42362", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:45.000000Z"} {"uuid": "66e5691d-8a11-4600-bfef-6175ab9da679", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42362", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:45.000000Z"} https://vulnerability.circl.lu/sighting/66e5691d-8a11-4600-bfef-6175ab9da679/export Thu, 06 Feb 2025 03:13:45 +0000 https://vulnerability.circl.lu/sighting/c2424c9f-bb2b-4d0a-bc05-d232c1f33d99/export {"uuid": "c2424c9f-bb2b-4d0a-bc05-d232c1f33d99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42362", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:40.000000Z"} {"uuid": "c2424c9f-bb2b-4d0a-bc05-d232c1f33d99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42362", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:40.000000Z"} https://vulnerability.circl.lu/sighting/c2424c9f-bb2b-4d0a-bc05-d232c1f33d99/export Sun, 23 Feb 2025 04:10:40 +0000 https://vulnerability.circl.lu/sighting/94845aad-277a-463d-a76e-13e2009b4fe2/export {"uuid": "94845aad-277a-463d-a76e-13e2009b4fe2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42362", "type": "published-proof-of-concept", "source": "Telegram/ZJp_VCEhaga9OM9NBvz45K3ssC6nL69JeV_dGqoHwNSpsGU", "content": "", "creation_timestamp": "2025-04-15T05:00:08.000000Z"} {"uuid": "94845aad-277a-463d-a76e-13e2009b4fe2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42362", "type": "published-proof-of-concept", "source": "Telegram/ZJp_VCEhaga9OM9NBvz45K3ssC6nL69JeV_dGqoHwNSpsGU", "content": "", "creation_timestamp": "2025-04-15T05:00:08.000000Z"} https://vulnerability.circl.lu/sighting/94845aad-277a-463d-a76e-13e2009b4fe2/export Tue, 15 Apr 2025 05:00:08 +0000