{"vulnerability": "CVE-2021-2446", "sightings": [{"uuid": "1531c380-ca57-4359-abca-fbbe3802481c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24465", "type": "seen", "source": "https://t.me/cibsecurity/29862", "content": "\u203c CVE-2021-24465 \u203c\n\nThe Meow Gallery WordPress plugin before 4.1.9 does not sanitise, validate or escape the ids attribute of its gallery shortcode (available for users as low as Contributor) before using it in an SQL statement, leading to an authenticated SQL Injection issue. The injection also allows the returned values to be manipulated in a way that could lead to data disclosure and arbitrary objects to be deserialized.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-04T16:23:18.000000Z"}, {"uuid": "b7073e5b-087c-43bc-a4c3-9a71c9464707", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-2446", "type": "seen", "source": "https://t.me/cibsecurity/26351", "content": "\u203c CVE-2021-2446 \u203c\n\nVulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Client). The supported version that is affected is 5.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Secure Global Desktop. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Secure Global Desktop, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Secure Global Desktop. CVSS 3.1 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-21T18:51:18.000000Z"}, {"uuid": "2303984d-9f8c-4a21-a281-85c5dd47117d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24460", "type": "seen", "source": "https://t.me/cibsecurity/26652", "content": "\u203c CVE-2021-24460 \u203c\n\nThe get_fb_likeboxes() function in the Popup Like box \u00c3\u00a2\u00e2\u201a\u00ac\u00e2\u20ac\u0153 Page Plugin WordPress plugin before 3.5.3 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-02T14:27:17.000000Z"}, {"uuid": "2b2a1de2-6691-44ec-b72c-bbf44dd3e831", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24461", "type": "seen", "source": "https://t.me/cibsecurity/26654", "content": "\u203c CVE-2021-24461 \u203c\n\nThe get_faqs() function in the FAQ Builder AYS WordPress plugin before 1.3.6 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-02T14:27:18.000000Z"}, {"uuid": "3aa167e8-cc55-4e22-9d55-9ce3efb0245b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24466", "type": "seen", "source": "https://t.me/cibsecurity/27359", "content": "\u203c CVE-2021-24466 \u203c\n\nThe Verse-O-Matic WordPress plugin through 4.1.1 does not have any CSRF checks in place, allowing attackers to make logged in administrators do unwanted actions, such as add/edit/delete arbitrary verses and change the settings. Due to the lack of sanitisation in the settings and verses, this could also lead to Stored Cross-Site Scripting issues\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-16T14:14:38.000000Z"}]}