{"vulnerability": "CVE-2021-2441", "sightings": [{"uuid": "84c1ccbb-478d-4b7d-a897-af8d642120f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-2441", "type": "seen", "source": "https://t.me/cibsecurity/26345", "content": "\u203c CVE-2021-2441 \u203c\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-21T18:48:36.000000Z"}, {"uuid": "bb4b4048-38b8-4056-81be-ffc44fbdfe3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24413", "type": "seen", "source": "https://t.me/cibsecurity/30710", "content": "\u203c CVE-2021-24413 \u203c\n\nThe Easy Twitter Feed WordPress plugin before 1.2 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-18T18:32:14.000000Z"}, {"uuid": "331f01d7-3957-490b-8668-3dabb8fb7abe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24411", "type": "seen", "source": "https://t.me/cibsecurity/27363", "content": "\u203c CVE-2021-24411 \u203c\n\nThe Social Tape WordPress plugin through 1.0 does not have CSRF checks in place when saving its settings, and do not sanitise or escape them before outputting them back in the page, leading to a stored Cross-Site Scripting issue via a CSRF attack\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-16T14:14:45.000000Z"}, {"uuid": "0fb0558f-72a2-419a-bbdb-a571b51e3015", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24410", "type": "seen", "source": "https://t.me/cibsecurity/27360", "content": "\u203c CVE-2021-24410 \u203c\n\nThe \u00c3\u00a0\u00c2\u00b0\u00c2\u00a4\u00c3\u00a0\u00c2\u00b1\u00e2\u20ac\u00a0\u00c3\u00a0\u00c2\u00b0\u00c2\u00b2\u00c3\u00a0\u00c2\u00b1?\u00c3\u00a0\u00c2\u00b0\u00e2\u20ac\u201d\u00c3\u00a0\u00c2\u00b1? \u00c3\u00a0\u00c2\u00b0\u00c2\u00ac\u00c3\u00a0\u00c2\u00b1\u00cb\u2020\u00c3\u00a0\u00c2\u00b0\u00c2\u00ac\u00c3\u00a0\u00c2\u00b0\u00c2\u00bf\u00c3\u00a0\u00c2\u00b0\u00c2\u00b2\u00c3\u00a0\u00c2\u00b1? \u00c3\u00a0\u00c2\u00b0\u00c2\u00b5\u00c3\u00a0\u00c2\u00b0\u00c5\u00a1\u00c3\u00a0\u00c2\u00b0\u00c2\u00a8\u00c3\u00a0\u00c2\u00b0\u00c2\u00ae\u00c3\u00a0\u00c2\u00b1?\u00c3\u00a0\u00c2\u00b0\u00c2\u00b2\u00c3\u00a0\u00c2\u00b1? WordPress plugin through 1.0 is lacking any CSRF check when saving its settings and verses, and do not sanitise or escape them when outputting them back in the page. This could allow attackers to make a logged in admin change the settings, as well as add malicious verses containing JavaScript code in them, leading to Stored XSS issues\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-16T14:14:39.000000Z"}, {"uuid": "54aeea8a-6e0d-45fb-8bd7-8168fb75e888", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24414", "type": "seen", "source": "https://t.me/cibsecurity/31143", "content": "\u203c CVE-2021-24414 \u203c\n\nThe Video Player for YouTube WordPress plugin before 1.4 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-25T18:23:31.000000Z"}, {"uuid": "65c0ef12-8944-401b-bbd9-6ae58fd86ae8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24415", "type": "seen", "source": "https://t.me/cibsecurity/30697", "content": "\u203c CVE-2021-24415 \u203c\n\nThe Polo Video Gallery \u00c3\u00a2\u00e2\u201a\u00ac\u00e2\u20ac\u0153 Best wordpress video gallery plugin WordPress plugin through 1.2 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-18T18:31:57.000000Z"}]}