{"vulnerability": "cve-2021-4332", "sightings": [{"uuid": "9963a792-d426-46a1-a7cd-453ac5350a67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-4332", "type": "seen", "source": "https://t.me/cibsecurity/59573", "content": "\u203c CVE-2021-4332 \u203c\n\nThe Plus Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in versions up to, and including 4.1.9 (pro) and 2.0.6 (free). The plugin has a feature to add an \"Info Box\" to an Elementor created page. This Info Box can include an SVG image for the box. Unfortunately, the plugin used file_get_contents with no verification that the file being supplied was an SVG file, so any user with access to the Elementor page builder, such as contributors, could read arbitrary files on the WordPress installation.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-07T18:13:40.000000Z"}, {"uuid": "a12016f6-522b-45f0-9e00-fe922f460a4d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43323", "type": "seen", "source": "https://t.me/cibsecurity/36753", "content": "\u203c CVE-2021-43323 \u203c\n\nAn issue was discovered in UsbCoreDxe in Insyde InsydeH2O with kernel 5.5 before 05.51.45, 5.4 before 05.43.45, 5.3 before 05.35.45, 5.2 before 05.26.45, 5.1 before 05.16.45, and 5.0 before 05.08.45. An SMM callout vulnerability allows an attacker to hijack execution flow of code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-03T07:29:51.000000Z"}, {"uuid": "4ec29908-ed60-4edc-9188-ad6ce7010b8d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43326", "type": "published-proof-of-concept", "source": "Telegram/K3Kp9Hir3gswT1YotrnFfmg0fZ1q2J07Nr4nYp6V3IaTA8nx", "content": "", "creation_timestamp": "2021-12-13T20:24:54.000000Z"}, {"uuid": "84e37784-dd7f-4aa5-ab4f-bbf7f2a479ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43327", "type": "seen", "source": "https://t.me/cibsecurity/33284", "content": "\u203c CVE-2021-43327 \u203c\n\nAn issue was discovered on Renesas RX65 and RX65N devices. With a VCC glitch, an attacker can extract the security ID key from the device. Then, the protected firmware can be extracted.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-02T22:36:56.000000Z"}, {"uuid": "ac01f6ab-81cc-447d-882c-0522e3c1b70e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43324", "type": "seen", "source": "https://t.me/cibsecurity/31724", "content": "\u203c CVE-2021-43324 \u203c\n\nLibreNMS through 21.10.2 allows XSS via a widget title.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-03T17:23:24.000000Z"}]}