https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Mon, 15 Jun 2026 11:02:29 +0000 https://vulnerability.circl.lu/sighting/b7aa5d34-a88b-445e-b2aa-b89929557e8c/export {"uuid": "b7aa5d34-a88b-445e-b2aa-b89929557e8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39328", "type": "seen", "source": "https://t.me/cibsecurity/30990", "content": "\u203c CVE-2021-39328 \u203c\n\nThe Simple Job Board WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping on the $job_board_privacy_policy_label variable echo'd out via the ~/admin/settings/class-simple-job-board-settings-privacy.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 2.9.4. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-22T00:37:24.000000Z"} {"uuid": "b7aa5d34-a88b-445e-b2aa-b89929557e8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39328", "type": "seen", "source": "https://t.me/cibsecurity/30990", "content": "\u203c CVE-2021-39328 \u203c\n\nThe Simple Job Board WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping on the $job_board_privacy_policy_label variable echo'd out via the ~/admin/settings/class-simple-job-board-settings-privacy.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 2.9.4. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-22T00:37:24.000000Z"} https://vulnerability.circl.lu/sighting/b7aa5d34-a88b-445e-b2aa-b89929557e8c/export Fri, 22 Oct 2021 00:37:24 +0000 https://vulnerability.circl.lu/sighting/54b94ea6-96b5-4250-8604-5ef3cb983a32/export {"uuid": "54b94ea6-96b5-4250-8604-5ef3cb983a32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39327", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/wp_bulletproofsecurity_backups.rb", "content": "", "creation_timestamp": "2021-10-29T16:53:01.000000Z"} {"uuid": "54b94ea6-96b5-4250-8604-5ef3cb983a32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39327", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/wp_bulletproofsecurity_backups.rb", "content": "", "creation_timestamp": "2021-10-29T16:53:01.000000Z"} https://vulnerability.circl.lu/sighting/54b94ea6-96b5-4250-8604-5ef3cb983a32/export Fri, 29 Oct 2021 16:53:01 +0000 https://vulnerability.circl.lu/sighting/0e7317f1-7cbc-4a03-94b3-860978a6cae1/export {"uuid": "0e7317f1-7cbc-4a03-94b3-860978a6cae1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3932", "type": "seen", "source": "https://t.me/cibsecurity/32371", "content": "\u203c CVE-2021-3932 \u203c\n\ntwill is vulnerable to Cross-Site Request Forgery (CSRF)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-13T12:39:56.000000Z"} {"uuid": "0e7317f1-7cbc-4a03-94b3-860978a6cae1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3932", "type": "seen", "source": "https://t.me/cibsecurity/32371", "content": "\u203c CVE-2021-3932 \u203c\n\ntwill is vulnerable to Cross-Site Request Forgery (CSRF)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-13T12:39:56.000000Z"} https://vulnerability.circl.lu/sighting/0e7317f1-7cbc-4a03-94b3-860978a6cae1/export Sat, 13 Nov 2021 12:39:56 +0000 https://vulnerability.circl.lu/sighting/97f5469a-01a2-4d10-b768-5d908232684d/export {"uuid": "97f5469a-01a2-4d10-b768-5d908232684d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39322", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-39322.yaml", "content": "", "creation_timestamp": "2023-04-27T09:58:59.000000Z"} {"uuid": "97f5469a-01a2-4d10-b768-5d908232684d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39322", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-39322.yaml", "content": "", "creation_timestamp": "2023-04-27T09:58:59.000000Z"} https://vulnerability.circl.lu/sighting/97f5469a-01a2-4d10-b768-5d908232684d/export Thu, 27 Apr 2023 09:58:59 +0000 https://vulnerability.circl.lu/sighting/63c94509-43f5-4473-b213-f52f129b7cbd/export {"uuid": "63c94509-43f5-4473-b213-f52f129b7cbd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39327", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-39327.yaml", "content": "", "creation_timestamp": "2023-04-27T09:58:59.000000Z"} {"uuid": "63c94509-43f5-4473-b213-f52f129b7cbd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39327", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-39327.yaml", "content": "", "creation_timestamp": "2023-04-27T09:58:59.000000Z"} https://vulnerability.circl.lu/sighting/63c94509-43f5-4473-b213-f52f129b7cbd/export Thu, 27 Apr 2023 09:58:59 +0000 https://vulnerability.circl.lu/sighting/e8304a5d-3dd5-44d5-b3b1-62588b479cfb/export {"uuid": "e8304a5d-3dd5-44d5-b3b1-62588b479cfb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39320", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-39320.yaml", "content": "", "creation_timestamp": "2023-04-27T09:58:59.000000Z"} {"uuid": "e8304a5d-3dd5-44d5-b3b1-62588b479cfb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39320", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-39320.yaml", "content": "", "creation_timestamp": "2023-04-27T09:58:59.000000Z"} https://vulnerability.circl.lu/sighting/e8304a5d-3dd5-44d5-b3b1-62588b479cfb/export Thu, 27 Apr 2023 09:58:59 +0000 https://vulnerability.circl.lu/sighting/2e5cfce2-b9d2-46ef-bce5-77935449f059/export {"uuid": "2e5cfce2-b9d2-46ef-bce5-77935449f059", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39327", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:45.000000Z"} {"uuid": "2e5cfce2-b9d2-46ef-bce5-77935449f059", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39327", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:45.000000Z"} https://vulnerability.circl.lu/sighting/2e5cfce2-b9d2-46ef-bce5-77935449f059/export Thu, 06 Feb 2025 03:13:45 +0000 https://vulnerability.circl.lu/sighting/087b5e66-2cef-4ea5-aa6d-3ca6d5950488/export {"uuid": "087b5e66-2cef-4ea5-aa6d-3ca6d5950488", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39327", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:39.000000Z"} {"uuid": "087b5e66-2cef-4ea5-aa6d-3ca6d5950488", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39327", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:39.000000Z"} https://vulnerability.circl.lu/sighting/087b5e66-2cef-4ea5-aa6d-3ca6d5950488/export Sun, 23 Feb 2025 04:10:39 +0000 https://vulnerability.circl.lu/sighting/686c33db-5e3b-46d2-bc81-e49531e8a236/export {"uuid": "686c33db-5e3b-46d2-bc81-e49531e8a236", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39327", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9728", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-39327\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up to, and including, 5.1.\n\ud83d\udccf Published: 2021-09-17T10:26:21.264Z\n\ud83d\udccf Modified: 2025-03-31T18:21:46.022Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39327\n2. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2591118%40bulletproof-security&new=2591118%40bulletproof-security&sfp_email=&sfph_mail=\n3. http://packetstormsecurity.com/files/164420/WordPress-BulletProof-Security-5.1-Information-Disclosure.html\n4. https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-39327\n5. https://www.exploit-db.com/exploits/50382", "creation_timestamp": "2025-03-31T18:32:07.000000Z"} {"uuid": "686c33db-5e3b-46d2-bc81-e49531e8a236", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39327", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9728", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-39327\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up to, and including, 5.1.\n\ud83d\udccf Published: 2021-09-17T10:26:21.264Z\n\ud83d\udccf Modified: 2025-03-31T18:21:46.022Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39327\n2. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2591118%40bulletproof-security&new=2591118%40bulletproof-security&sfp_email=&sfph_mail=\n3. http://packetstormsecurity.com/files/164420/WordPress-BulletProof-Security-5.1-Information-Disclosure.html\n4. https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-39327\n5. https://www.exploit-db.com/exploits/50382", "creation_timestamp": "2025-03-31T18:32:07.000000Z"} https://vulnerability.circl.lu/sighting/686c33db-5e3b-46d2-bc81-e49531e8a236/export Mon, 31 Mar 2025 18:32:07 +0000 https://vulnerability.circl.lu/sighting/f4a716d6-a836-4122-90ac-32d26c12d9fa/export {"uuid": "f4a716d6-a836-4122-90ac-32d26c12d9fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39325", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9729", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-39325\n\ud83d\udd25 CVSS Score: 6.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The OptinMonster WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient input validation in the load_previews function found in the ~/OMAPI/Output.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.6.0.\n\ud83d\udccf Published: 2021-09-20T19:59:22.642Z\n\ud83d\udccf Modified: 2025-03-31T18:21:20.678Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39325\n2. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2595758%40optinmonster&new=2595758%40optinmonster&sfp_email=&sfph_mail=#file2", "creation_timestamp": "2025-03-31T18:32:08.000000Z"} {"uuid": "f4a716d6-a836-4122-90ac-32d26c12d9fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39325", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9729", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-39325\n\ud83d\udd25 CVSS Score: 6.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The OptinMonster WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient input validation in the load_previews function found in the ~/OMAPI/Output.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.6.0.\n\ud83d\udccf Published: 2021-09-20T19:59:22.642Z\n\ud83d\udccf Modified: 2025-03-31T18:21:20.678Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39325\n2. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2595758%40optinmonster&new=2595758%40optinmonster&sfp_email=&sfph_mail=#file2", "creation_timestamp": "2025-03-31T18:32:08.000000Z"} https://vulnerability.circl.lu/sighting/f4a716d6-a836-4122-90ac-32d26c12d9fa/export Mon, 31 Mar 2025 18:32:08 +0000