» 2021 » 7월

CVE-2021-36212

Posted on 2021년 7월 7일2021년 7월 7일 by admin

CVE-2021-36212

app/View/SharingGroups/view.ctp in MISP before 2.4.146 allows stored XSS in the sharing groups view.

Source: CVE-2021-36212

CVE-2021-34627

Posted on 2021년 7월 7일2021년 7월 7일 by admin

CVE-2021-34627

A vulnerability in the getSelectedMimeTypesByRole function of the WP Upload Restriction WordPress plugin allows low-level authenticated users to view custom extensions added by administrators. This issue affects versions 2.2.3 and prior.

Source: CVE-2021-34627

CVE-2021-34626

Posted on 2021년 7월 7일2021년 7월 7일 by admin

CVE-2021-34626

A vulnerability in the deleteCustomType function of the WP Upload Restriction WordPress plugin allows low-level authenticated users to delete custom extensions added by administrators. This issue affects versions 2.2.3 and prior.

Source: CVE-2021-34626

CVE-2021-34625

Posted on 2021년 7월 7일2021년 7월 7일 by admin

CVE-2021-34625

A vulnerability in the saveCustomType function of the WP Upload Restriction WordPress plugin allows low-level authenticated users to inject arbitrary web scripts. This issue affects versions 2.2.3 and prior.

Source: CVE-2021-34625

CVE-2021-34623

Posted on 2021년 7월 7일2021년 7월 7일 by admin

CVE-2021-34623

A vulnerability in the image uploader component found in the ~/src/Classes/ImageUploader.php file of the ProfilePress WordPress plugin made it possible for users to upload arbitrary files during user registration or during profile updates. This issue affects versions 3.0.0 – 3.1.3. .

Source: CVE-2021-34623

CVE-2021-34624

Posted on 2021년 7월 7일2021년 7월 7일 by admin

CVE-2021-34624

A vulnerability in the file uploader component found in the ~/src/Classes/FileUploader.php file of the ProfilePress WordPress plugin made it possible for users to upload arbitrary files during user registration or during profile updates. This issue affects versions 3.0.0 – 3.1.3. .

Source: CVE-2021-34624

CVE-2021-34621

Posted on 2021년 7월 7일2021년 7월 7일 by admin

CVE-2021-34621

A vulnerability in the user registration component found in the ~/src/Classes/RegistrationAuth.php file of the ProfilePress WordPress plugin made it possible for users to register on sites as an administrator. This issue affects versions 3.0.0 – 3.1.3. .

Source: CVE-2021-34621

CVE-2021-34622

Posted on 2021년 7월 7일2021년 7월 7일 by admin

CVE-2021-34622

A vulnerability in the user profile update component found in the ~/src/Classes/EditUserProfile.php file of the ProfilePress WordPress plugin made it possible for users to escalate their privileges to that of an administrator while editing their profile. This issue affects versions 3.0.0 – 3.1.3. .

Source: CVE-2021-34622

CVE-2021-34620

Posted on 2021년 7월 7일2021년 7월 7일 by admin

CVE-2021-34620

The WP Fluent Forms plugin < 3.6.67 for WordPress is vulnerable to Cross-Site Request Forgery leading to stored Cross-Site Scripting and limited Privilege Escalation due to a missing nonce check in the access control function for administrative AJAX actions

Source: CVE-2021-34620

CVE-2021-22224

Posted on 2021년 7월 7일2021년 7월 7일 by admin

CVE-2021-22224

A cross-site request forgery vulnerability in the GraphQL API in GitLab since version 13.12 and before versions 13.12.6 and 14.0.2 allowed an attacker to call mutations as the victim

Source: CVE-2021-22224