https://vulnerability.circl.lu/sightings/feed 2026-06-10T10:09:00.968760+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/77919c55-ac5e-4ced-a803-6bfeb818f50d/export 2026-06-10T10:09:01.473217+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "77919c55-ac5e-4ced-a803-6bfeb818f50d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38336", "type": "seen", "source": "https://t.me/cibsecurity/28683", "content": "\u203c CVE-2021-38336 \u203c\n\nThe Edit Comments XT WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[\"PHP_SELF\"] value in the ~/edit-comments-xt.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-10T18:31:42.000000Z"} 2021-09-10T18:31:42+00:00 https://vulnerability.circl.lu/sighting/0c18090b-1544-4f82-9bf6-570f5e661e35/export 2026-06-10T10:09:01.473068+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "0c18090b-1544-4f82-9bf6-570f5e661e35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3833", "type": "seen", "source": "https://t.me/cibsecurity/30193", "content": "\u203c CVE-2021-3833 \u203c\n\nIntegria IMS login check uses a loose comparator (\"==\") to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. An attacker with a specific formatted password could exploit this vulnerability in order to login in the system with different passwords.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-07T20:34:17.000000Z"} 2021-10-07T20:34:17+00:00 https://vulnerability.circl.lu/sighting/4c28bb32-21b3-484d-8ded-0718de7f6888/export 2026-06-10T10:09:01.472925+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "4c28bb32-21b3-484d-8ded-0718de7f6888", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38334", "type": "seen", "source": "https://t.me/arpsyndicate/169", "content": "#ExploitObserverAlert\n\nCVE-2021-38334\n\nDESCRIPTION: Exploit Observer has 2 entries related to CVE-2021-38334. The WP Design Maps", "creation_timestamp": "2023-11-13T20:06:33.000000Z"} 2023-11-13T20:06:33+00:00 https://vulnerability.circl.lu/sighting/4197bce6-430b-41f8-91b4-272e12a40de4/export 2026-06-10T10:09:01.472780+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "4197bce6-430b-41f8-91b4-272e12a40de4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38334", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14588", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-38334\n\ud83d\udd25 CVSS Score: 6.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The WP Design Maps & Places WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the filename parameter found in the ~/wpdmp-admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.\n\ud83d\udccf Published: 2021-09-10T13:32:16.386Z\n\ud83d\udccf Modified: 2025-05-02T19:49:14.651Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38334\n2. https://plugins.trac.wordpress.org/browser/wp-design-maps-places/tags/1.2/wpdmp-admin.php#L192", "creation_timestamp": "2025-05-02T20:16:36.000000Z"} 2025-05-02T20:16:36+00:00 https://vulnerability.circl.lu/sighting/d87006b4-bd54-4ac7-ba02-9c1c204dbfad/export 2026-06-10T10:09:01.472639+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "d87006b4-bd54-4ac7-ba02-9c1c204dbfad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38330", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14589", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-38330\n\ud83d\udd25 CVSS Score: 6.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The Yet Another bol.com Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[\"PHP_SELF\"] value in the ~/yabp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4.\n\ud83d\udccf Published: 2021-09-10T13:32:21.877Z\n\ud83d\udccf Modified: 2025-05-02T19:48:58.949Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38330\n2. https://plugins.trac.wordpress.org/browser/yabp/tags/1.4/yabp.php#L454", "creation_timestamp": "2025-05-02T20:16:37.000000Z"} 2025-05-02T20:16:37+00:00 https://vulnerability.circl.lu/sighting/82ef5a83-c03c-4183-bfb8-9291aff5e083/export 2026-06-10T10:09:01.472486+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "82ef5a83-c03c-4183-bfb8-9291aff5e083", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38337", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14590", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-38337\n\ud83d\udd25 CVSS Score: 6.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The RSVPMaker Excel WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[\"PHP_SELF\"] value in the ~/phpexcel/PHPExcel/Shared/JAMA/docs/download.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.1.\n\ud83d\udccf Published: 2021-09-10T13:32:28.038Z\n\ud83d\udccf Modified: 2025-05-02T19:48:43.630Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38337\n2. https://plugins.trac.wordpress.org/browser/rsvpmaker-excel/tags/1.2/phpexcel/PHPExcel/Shared/JAMA/docs/download.php#L61", "creation_timestamp": "2025-05-02T20:16:41.000000Z"} 2025-05-02T20:16:41+00:00 https://vulnerability.circl.lu/sighting/aa76bfa4-c985-43cb-b533-e1a40b0844eb/export 2026-06-10T10:09:01.472359+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "aa76bfa4-c985-43cb-b533-e1a40b0844eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38332", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14591", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-38332\n\ud83d\udd25 CVSS Score: 6.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The On Page SEO + Whatsapp Chat Button Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[\"PHP_SELF\"] value in the ~/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.1.\n\ud83d\udccf Published: 2021-09-10T13:32:33.564Z\n\ud83d\udccf Modified: 2025-05-02T19:48:22.176Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38332\n2. https://plugins.trac.wordpress.org/browser/ops-robots-txt/tags/1.0.0/settings.php#L175", "creation_timestamp": "2025-05-02T20:16:42.000000Z"} 2025-05-02T20:16:42+00:00 https://vulnerability.circl.lu/sighting/afb0214a-ab8b-4033-a43d-048b79253174/export 2026-06-10T10:09:01.472219+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "afb0214a-ab8b-4033-a43d-048b79253174", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38335", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14592", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-38335\n\ud83d\udd25 CVSS Score: 6.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The Wise Agent Capture Forms WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[\"PHP_SELF\"] value in the ~/WiseAgentCaptureForm.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.\n\ud83d\udccf Published: 2021-09-10T13:33:48.365Z\n\ud83d\udccf Modified: 2025-05-02T19:48:04.823Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38335\n2. https://plugins.trac.wordpress.org/browser/wiseagentleadform/tags/2.0/WiseAgentCaptureForm.php#L44", "creation_timestamp": "2025-05-02T20:16:43.000000Z"} 2025-05-02T20:16:43+00:00 https://vulnerability.circl.lu/sighting/0e8f7870-0fe3-4573-bc80-0cbc5e135bdc/export 2026-06-10T10:09:01.472011+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "0e8f7870-0fe3-4573-bc80-0cbc5e135bdc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38336", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14593", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-38336\n\ud83d\udd25 CVSS Score: 6.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The Edit Comments XT WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[\"PHP_SELF\"] value in the ~/edit-comments-xt.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.\n\ud83d\udccf Published: 2021-09-10T13:34:12.235Z\n\ud83d\udccf Modified: 2025-05-02T19:47:39.221Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38336\n2. https://plugins.trac.wordpress.org/browser/edit-comments-xt/tags/1.0/edit-comments-xt.php#L249", "creation_timestamp": "2025-05-02T20:16:44.000000Z"} 2025-05-02T20:16:44+00:00 https://vulnerability.circl.lu/sighting/942df594-f7c6-4064-8f42-48ea028ce1f8/export 2026-06-10T10:09:01.469631+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "942df594-f7c6-4064-8f42-48ea028ce1f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38339", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14597", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-38339\n\ud83d\udd25 CVSS Score: 6.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The Simple Matted Thumbnails WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[\"PHP_SELF\"] value in the ~/simple-matted-thumbnail.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.01.\n\ud83d\udccf Published: 2021-09-10T13:34:31.309Z\n\ud83d\udccf Modified: 2025-05-02T19:46:00.526Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38339\n2. https://plugins.trac.wordpress.org/browser/simple-matted-thumbnails/tags/1.01/simple-matted-thumbnail.php#L122", "creation_timestamp": "2025-05-02T20:16:50.000000Z"} 2025-05-02T20:16:50+00:00