{"vulnerability": "cve-2021-3463", "sightings": [{"uuid": "35d11140-c4fc-43f4-85dd-6b3d81e83092", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-34630", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-34630.yaml", "content": "", "creation_timestamp": "2024-12-02T11:23:41.000000Z"}, {"uuid": "34efe033-ab1e-4458-a25d-70ed733cb139", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-34636", "type": "seen", "source": "https://t.me/cibsecurity/29568", "content": "\u203c CVE-2021-34636 \u203c\n\nThe Countdown and CountUp, WooCommerce Sales Timers WordPress plugin is vulnerable to Cross-Site Request Forgery via the save_theme function found in the ~/includes/admin/coundown_theme_page.php file due to a missing nonce check which allows attackers to inject arbitrary web scripts, in versions up to and including 1.5.7.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-28T18:35:57.000000Z"}, {"uuid": "54e2a819-1813-479a-8495-e410fb3f31cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-34639", "type": "seen", "source": "https://t.me/NeKaspersky/1100", "content": "\u0412 \u043f\u043b\u0430\u0433\u0438\u043d\u0435 Wordpress \u043d\u0430\u0448\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0443\u0433\u0440\u043e\u0436\u0430\u0435\u0442 \u0432\u0435\u0431-\u0441\u0430\u0439\u0442\u0430\u043c \n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0438\u0437 Wordfence \u0432\u044b\u044f\u0432\u0438\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u043f\u043b\u0430\u0433\u0438\u043d\u0435 Wordpress Download Manager. \u0415\u0435 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 CVE-2021-34639. \u041f\u043e \u0448\u043a\u0430\u043b\u0435 CVSS \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 7,5 \u0431\u0430\u043b\u043b\u043e\u0432. \u042d\u0442\u043e \u0441\u0447\u0438\u0442\u0430\u0435\u0442\u0441\u044f \u0432\u044b\u0441\u043e\u043a\u0438\u043c \u0443\u0440\u043e\u0432\u043d\u0435\u043c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438. \u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 \u0433\u043e\u0432\u043e\u0440\u044f\u0442, \u0447\u0442\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0438 \u0434\u044b\u0440\u0443 \u0435\u0449\u0451 \u0432 \u043c\u0430\u0435.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0433\u043e\u0432\u043e\u0440\u044f\u0442, \u0447\u0442\u043e \u043f\u0430\u0442\u0447 \u043d\u0435 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u0438 \u0434\u044b\u0440\u0443 \u0432\u0441\u0435 \u0440\u0430\u0432\u043d\u043e \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u043f\u0440\u0438 \u0440\u0430\u0431\u043e\u0442\u0435 \u0434\u0432\u043e\u0439\u043d\u043e\u0433\u043e \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u044f.", "creation_timestamp": "2021-08-02T15:57:09.000000Z"}, {"uuid": "26fe9193-2589-494b-9fd0-b0b1caa596c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-34639", "type": "seen", "source": "https://t.me/cibsecurity/26910", "content": "\u203c CVE-2021-34639 \u203c\n\nAuthenticated File Upload in WordPress Download Manager &lt;= 3.1.24 allows authenticated (Author+) users to upload files with a double extension, e.g. \"payload.php.png\" which is executable in some configurations. This issue affects: WordPress Download Manager version 3.1.24 and prior versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-06T00:31:56.000000Z"}, {"uuid": "44524ae8-a22d-4228-a5ce-5ccc5158a9e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-34631", "type": "seen", "source": "https://t.me/cibsecurity/26897", "content": "\u203c CVE-2021-34631 \u203c\n\nThe NewsPlugin WordPress plugin is vulnerable to Cross-Site Request Forgery via the handle_save_style function found in the ~/news-plugin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.18.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-06T00:31:37.000000Z"}, {"uuid": "344eb8f4-9806-4728-9764-74e29c6703bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-34638", "type": "seen", "source": "https://t.me/cibsecurity/26896", "content": "\u203c CVE-2021-34638 \u203c\n\nAuthenticated Directory Traversal in WordPress Download Manager &lt;= 3.1.24 allows authenticated (Contributor+) users to obtain sensitive configuration file information, as well as allowing Author+ users to perform XSS attacks, by setting Download template to a file containing configuration information or an uploaded JavaScript with an image extension This issue affects: WordPress Download Manager version 3.1.24 and prior versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-06T00:31:36.000000Z"}, {"uuid": "ea014c56-5877-405d-a520-b03a650c9b64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-34635", "type": "seen", "source": "https://t.me/cibsecurity/26707", "content": "\u203c CVE-2021-34635 \u203c\n\nThe Poll Maker WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the mcount parameter found in the ~/admin/partials/settings/poll-maker-settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.2.8.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-03T00:27:52.000000Z"}, {"uuid": "548ec034-bf18-4ddb-8921-2973fcd36186", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-34632", "type": "seen", "source": "https://t.me/cibsecurity/26709", "content": "\u203c CVE-2021-34632 \u203c\n\nThe SEO Backlinks WordPress plugin is vulnerable to Cross-Site Request Forgery via the loc_config function found in the ~/seo-backlinks.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.0.1.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-03T00:27:54.000000Z"}, {"uuid": "3a943830-1977-4d5a-be7f-c5f6fe7e387a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-34637", "type": "seen", "source": "https://t.me/cibsecurity/26703", "content": "\u203c CVE-2021-34637 \u203c\n\nThe Post Index WordPress plugin is vulnerable to Cross-Site Request Forgery via the OptionsPage function found in the ~/php/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.7.5.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-03T00:27:45.000000Z"}]}