{"vulnerability": "CVE-2021-3933", "sightings": [{"uuid": "fae35cb0-218b-4617-b59f-98c6c1f1921b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39339", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9732", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-39339\n\ud83d\udd25 CVSS Score: 5.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L)\n\ud83d\udd39 Description: The Telefication WordPress plugin is vulnerable to Open Proxy and Server-Side Request Forgery via the ~/bypass.php file due to a user-supplied URL request value that gets called by a curl requests. This affects versions up to, and including, 1.8.0.\n\ud83d\udccf Published: 2021-09-22T10:38:17.540Z\n\ud83d\udccf Modified: 2025-03-31T18:20:31.937Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39339\n2. https://plugins.trac.wordpress.org/browser/telefication/tags/1.8.0/bypass.php", "creation_timestamp": "2025-03-31T18:32:10.000000Z"}, {"uuid": "f76a9bd5-3906-45ca-9dde-08ea9a1e8025", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3933", "type": "seen", "source": "https://gist.github.com/YellowOnion/8bd069ee35a6398aaa85d6abb27a1c9d", "content": "", "creation_timestamp": "2026-02-20T12:23:58.000000Z"}, {"uuid": "da1f7ed6-0f7b-440f-bfea-3aba3c18a93d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39333", "type": "seen", "source": "https://t.me/cibsecurity/31580", "content": "\u203c CVE-2021-39333 \u203c\n\nThe Hashthemes Demo Importer Plugin &lt;= 1.1.1 for WordPress contained several AJAX functions which relied on a nonce which was visible to all logged-in users for access control, allowing them to execute a function that truncated nearly all database tables and removed the contents of wp-content/uploads.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-01T23:21:39.000000Z"}, {"uuid": "6a8ad50e-a3e6-44d9-a797-2ee21c252963", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3933", "type": "seen", "source": "https://t.me/cibsecurity/39555", "content": "\u203c CVE-2021-3933 \u203c\n\nAn integer overflow could occur when OpenEXR processes a crafted file on systems where size_t &lt; 64 bits. This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with application stability or lead to other attack paths.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-25T21:30:58.000000Z"}, {"uuid": "7e375a80-327b-41af-9305-1e81109f62ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39339", "type": "seen", "source": "https://t.me/cibsecurity/29217", "content": "\u203c CVE-2021-39339 \u203c\n\nThe Telefication WordPress plugin is vulnerable to Open Proxy and Server-Side Request Forgery via the ~/bypass.php file due to a user-supplied URL request value that gets called by a curl requests. This affects versions up to, and including, 1.8.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-22T14:28:44.000000Z"}, {"uuid": "e2778292-f198-4cbd-a19f-1bfc497dbde0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39335", "type": "seen", "source": "https://t.me/cibsecurity/30611", "content": "\u203c CVE-2021-39335 \u203c\n\nThe WpGenius Job Listing WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/src/admin/class/class-wpgenious-job-listing-options.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.0.2. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-15T16:28:42.000000Z"}, {"uuid": "aa2c71a5-0eb7-4f87-850b-785ffcb4ab28", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39332", "type": "seen", "source": "https://t.me/cibsecurity/30607", "content": "\u203c CVE-2021-39332 \u203c\n\nThe Business Manager WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization found throughout the plugin which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.4.5. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-15T16:28:36.000000Z"}, {"uuid": "c1ac0c90-4b89-4cdd-a450-948abefe3710", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39334", "type": "seen", "source": "https://t.me/cibsecurity/30619", "content": "\u203c CVE-2021-39334 \u203c\n\nThe Job Board Vanila WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via the psjb_exp_in and the psjb_curr_in parameters found in the ~/job-settings.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.0. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-15T16:28:52.000000Z"}, {"uuid": "1e8bf23e-9c2b-4869-ad7a-9e1ed351e642", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39338", "type": "seen", "source": "https://t.me/cibsecurity/30617", "content": "\u203c CVE-2021-39338 \u203c\n\nThe MyBB Cross-Poster WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/classes/MyBBXPSettings.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.0. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-15T16:28:50.000000Z"}, {"uuid": "8e360bdf-be03-48ca-9dc1-fe7d9ab02cd6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39330", "type": "seen", "source": "https://t.me/cibsecurity/30583", "content": "\u203c CVE-2021-39330 \u203c\n\nThe Formidable Form Builder WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization found in the ~/classes/helpers/FrmAppHelper.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 5.0.06. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-14T20:27:50.000000Z"}, {"uuid": "de0969eb-e43f-4714-86dd-b68874202dbb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39336", "type": "seen", "source": "https://t.me/cibsecurity/30621", "content": "\u203c CVE-2021-39336 \u203c\n\nThe Job Manager WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/admin-jobs.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 0.7.25. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-15T16:28:55.000000Z"}]}