https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Wed, 10 Jun 2026 10:09:01 +0000 https://vulnerability.circl.lu/sighting/77919c55-ac5e-4ced-a803-6bfeb818f50d/export {"uuid": "77919c55-ac5e-4ced-a803-6bfeb818f50d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38336", "type": "seen", "source": "https://t.me/cibsecurity/28683", "content": "\u203c CVE-2021-38336 \u203c\n\nThe Edit Comments XT WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[\"PHP_SELF\"] value in the ~/edit-comments-xt.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-10T18:31:42.000000Z"} {"uuid": "77919c55-ac5e-4ced-a803-6bfeb818f50d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38336", "type": "seen", "source": "https://t.me/cibsecurity/28683", "content": "\u203c CVE-2021-38336 \u203c\n\nThe Edit Comments XT WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[\"PHP_SELF\"] value in the ~/edit-comments-xt.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-10T18:31:42.000000Z"} https://vulnerability.circl.lu/sighting/77919c55-ac5e-4ced-a803-6bfeb818f50d/export Fri, 10 Sep 2021 18:31:42 +0000 https://vulnerability.circl.lu/sighting/0c18090b-1544-4f82-9bf6-570f5e661e35/export {"uuid": "0c18090b-1544-4f82-9bf6-570f5e661e35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3833", "type": "seen", "source": "https://t.me/cibsecurity/30193", "content": "\u203c CVE-2021-3833 \u203c\n\nIntegria IMS login check uses a loose comparator (\"==\") to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. An attacker with a specific formatted password could exploit this vulnerability in order to login in the system with different passwords.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-07T20:34:17.000000Z"} {"uuid": "0c18090b-1544-4f82-9bf6-570f5e661e35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3833", "type": "seen", "source": "https://t.me/cibsecurity/30193", "content": "\u203c CVE-2021-3833 \u203c\n\nIntegria IMS login check uses a loose comparator (\"==\") to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. An attacker with a specific formatted password could exploit this vulnerability in order to login in the system with different passwords.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-07T20:34:17.000000Z"} https://vulnerability.circl.lu/sighting/0c18090b-1544-4f82-9bf6-570f5e661e35/export Thu, 07 Oct 2021 20:34:17 +0000 https://vulnerability.circl.lu/sighting/4c28bb32-21b3-484d-8ded-0718de7f6888/export {"uuid": "4c28bb32-21b3-484d-8ded-0718de7f6888", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38334", "type": "seen", "source": "https://t.me/arpsyndicate/169", "content": "#ExploitObserverAlert\n\nCVE-2021-38334\n\nDESCRIPTION: Exploit Observer has 2 entries related to CVE-2021-38334. The WP Design Maps", "creation_timestamp": "2023-11-13T20:06:33.000000Z"} {"uuid": "4c28bb32-21b3-484d-8ded-0718de7f6888", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38334", "type": "seen", "source": "https://t.me/arpsyndicate/169", "content": "#ExploitObserverAlert\n\nCVE-2021-38334\n\nDESCRIPTION: Exploit Observer has 2 entries related to CVE-2021-38334. The WP Design Maps", "creation_timestamp": "2023-11-13T20:06:33.000000Z"} https://vulnerability.circl.lu/sighting/4c28bb32-21b3-484d-8ded-0718de7f6888/export Mon, 13 Nov 2023 20:06:33 +0000 https://vulnerability.circl.lu/sighting/4197bce6-430b-41f8-91b4-272e12a40de4/export {"uuid": "4197bce6-430b-41f8-91b4-272e12a40de4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38334", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14588", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-38334\n\ud83d\udd25 CVSS Score: 6.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The WP Design Maps & Places WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the filename parameter found in the ~/wpdmp-admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.\n\ud83d\udccf Published: 2021-09-10T13:32:16.386Z\n\ud83d\udccf Modified: 2025-05-02T19:49:14.651Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38334\n2. https://plugins.trac.wordpress.org/browser/wp-design-maps-places/tags/1.2/wpdmp-admin.php#L192", "creation_timestamp": "2025-05-02T20:16:36.000000Z"} {"uuid": "4197bce6-430b-41f8-91b4-272e12a40de4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38334", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14588", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-38334\n\ud83d\udd25 CVSS Score: 6.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The WP Design Maps & Places WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the filename parameter found in the ~/wpdmp-admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.\n\ud83d\udccf Published: 2021-09-10T13:32:16.386Z\n\ud83d\udccf Modified: 2025-05-02T19:49:14.651Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38334\n2. https://plugins.trac.wordpress.org/browser/wp-design-maps-places/tags/1.2/wpdmp-admin.php#L192", "creation_timestamp": "2025-05-02T20:16:36.000000Z"} https://vulnerability.circl.lu/sighting/4197bce6-430b-41f8-91b4-272e12a40de4/export Fri, 02 May 2025 20:16:36 +0000 https://vulnerability.circl.lu/sighting/d87006b4-bd54-4ac7-ba02-9c1c204dbfad/export {"uuid": "d87006b4-bd54-4ac7-ba02-9c1c204dbfad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38330", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14589", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-38330\n\ud83d\udd25 CVSS Score: 6.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The Yet Another bol.com Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[\"PHP_SELF\"] value in the ~/yabp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4.\n\ud83d\udccf Published: 2021-09-10T13:32:21.877Z\n\ud83d\udccf Modified: 2025-05-02T19:48:58.949Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38330\n2. https://plugins.trac.wordpress.org/browser/yabp/tags/1.4/yabp.php#L454", "creation_timestamp": "2025-05-02T20:16:37.000000Z"} {"uuid": "d87006b4-bd54-4ac7-ba02-9c1c204dbfad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38330", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14589", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-38330\n\ud83d\udd25 CVSS Score: 6.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The Yet Another bol.com Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[\"PHP_SELF\"] value in the ~/yabp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4.\n\ud83d\udccf Published: 2021-09-10T13:32:21.877Z\n\ud83d\udccf Modified: 2025-05-02T19:48:58.949Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38330\n2. https://plugins.trac.wordpress.org/browser/yabp/tags/1.4/yabp.php#L454", "creation_timestamp": "2025-05-02T20:16:37.000000Z"} https://vulnerability.circl.lu/sighting/d87006b4-bd54-4ac7-ba02-9c1c204dbfad/export Fri, 02 May 2025 20:16:37 +0000 https://vulnerability.circl.lu/sighting/82ef5a83-c03c-4183-bfb8-9291aff5e083/export {"uuid": "82ef5a83-c03c-4183-bfb8-9291aff5e083", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38337", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14590", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-38337\n\ud83d\udd25 CVSS Score: 6.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The RSVPMaker Excel WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[\"PHP_SELF\"] value in the ~/phpexcel/PHPExcel/Shared/JAMA/docs/download.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.1.\n\ud83d\udccf Published: 2021-09-10T13:32:28.038Z\n\ud83d\udccf Modified: 2025-05-02T19:48:43.630Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38337\n2. https://plugins.trac.wordpress.org/browser/rsvpmaker-excel/tags/1.2/phpexcel/PHPExcel/Shared/JAMA/docs/download.php#L61", "creation_timestamp": "2025-05-02T20:16:41.000000Z"} {"uuid": "82ef5a83-c03c-4183-bfb8-9291aff5e083", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38337", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14590", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-38337\n\ud83d\udd25 CVSS Score: 6.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The RSVPMaker Excel WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[\"PHP_SELF\"] value in the ~/phpexcel/PHPExcel/Shared/JAMA/docs/download.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.1.\n\ud83d\udccf Published: 2021-09-10T13:32:28.038Z\n\ud83d\udccf Modified: 2025-05-02T19:48:43.630Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38337\n2. https://plugins.trac.wordpress.org/browser/rsvpmaker-excel/tags/1.2/phpexcel/PHPExcel/Shared/JAMA/docs/download.php#L61", "creation_timestamp": "2025-05-02T20:16:41.000000Z"} https://vulnerability.circl.lu/sighting/82ef5a83-c03c-4183-bfb8-9291aff5e083/export Fri, 02 May 2025 20:16:41 +0000 https://vulnerability.circl.lu/sighting/aa76bfa4-c985-43cb-b533-e1a40b0844eb/export {"uuid": "aa76bfa4-c985-43cb-b533-e1a40b0844eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38332", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14591", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-38332\n\ud83d\udd25 CVSS Score: 6.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The On Page SEO + Whatsapp Chat Button Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[\"PHP_SELF\"] value in the ~/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.1.\n\ud83d\udccf Published: 2021-09-10T13:32:33.564Z\n\ud83d\udccf Modified: 2025-05-02T19:48:22.176Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38332\n2. https://plugins.trac.wordpress.org/browser/ops-robots-txt/tags/1.0.0/settings.php#L175", "creation_timestamp": "2025-05-02T20:16:42.000000Z"} {"uuid": "aa76bfa4-c985-43cb-b533-e1a40b0844eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38332", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14591", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-38332\n\ud83d\udd25 CVSS Score: 6.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The On Page SEO + Whatsapp Chat Button Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[\"PHP_SELF\"] value in the ~/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.1.\n\ud83d\udccf Published: 2021-09-10T13:32:33.564Z\n\ud83d\udccf Modified: 2025-05-02T19:48:22.176Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38332\n2. https://plugins.trac.wordpress.org/browser/ops-robots-txt/tags/1.0.0/settings.php#L175", "creation_timestamp": "2025-05-02T20:16:42.000000Z"} https://vulnerability.circl.lu/sighting/aa76bfa4-c985-43cb-b533-e1a40b0844eb/export Fri, 02 May 2025 20:16:42 +0000 https://vulnerability.circl.lu/sighting/afb0214a-ab8b-4033-a43d-048b79253174/export {"uuid": "afb0214a-ab8b-4033-a43d-048b79253174", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38335", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14592", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-38335\n\ud83d\udd25 CVSS Score: 6.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The Wise Agent Capture Forms WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[\"PHP_SELF\"] value in the ~/WiseAgentCaptureForm.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.\n\ud83d\udccf Published: 2021-09-10T13:33:48.365Z\n\ud83d\udccf Modified: 2025-05-02T19:48:04.823Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38335\n2. https://plugins.trac.wordpress.org/browser/wiseagentleadform/tags/2.0/WiseAgentCaptureForm.php#L44", "creation_timestamp": "2025-05-02T20:16:43.000000Z"} {"uuid": "afb0214a-ab8b-4033-a43d-048b79253174", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38335", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14592", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-38335\n\ud83d\udd25 CVSS Score: 6.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The Wise Agent Capture Forms WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[\"PHP_SELF\"] value in the ~/WiseAgentCaptureForm.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.\n\ud83d\udccf Published: 2021-09-10T13:33:48.365Z\n\ud83d\udccf Modified: 2025-05-02T19:48:04.823Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38335\n2. https://plugins.trac.wordpress.org/browser/wiseagentleadform/tags/2.0/WiseAgentCaptureForm.php#L44", "creation_timestamp": "2025-05-02T20:16:43.000000Z"} https://vulnerability.circl.lu/sighting/afb0214a-ab8b-4033-a43d-048b79253174/export Fri, 02 May 2025 20:16:43 +0000 https://vulnerability.circl.lu/sighting/0e8f7870-0fe3-4573-bc80-0cbc5e135bdc/export {"uuid": "0e8f7870-0fe3-4573-bc80-0cbc5e135bdc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38336", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14593", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-38336\n\ud83d\udd25 CVSS Score: 6.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The Edit Comments XT WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[\"PHP_SELF\"] value in the ~/edit-comments-xt.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.\n\ud83d\udccf Published: 2021-09-10T13:34:12.235Z\n\ud83d\udccf Modified: 2025-05-02T19:47:39.221Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38336\n2. https://plugins.trac.wordpress.org/browser/edit-comments-xt/tags/1.0/edit-comments-xt.php#L249", "creation_timestamp": "2025-05-02T20:16:44.000000Z"} {"uuid": "0e8f7870-0fe3-4573-bc80-0cbc5e135bdc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38336", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14593", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-38336\n\ud83d\udd25 CVSS Score: 6.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The Edit Comments XT WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[\"PHP_SELF\"] value in the ~/edit-comments-xt.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.\n\ud83d\udccf Published: 2021-09-10T13:34:12.235Z\n\ud83d\udccf Modified: 2025-05-02T19:47:39.221Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38336\n2. https://plugins.trac.wordpress.org/browser/edit-comments-xt/tags/1.0/edit-comments-xt.php#L249", "creation_timestamp": "2025-05-02T20:16:44.000000Z"} https://vulnerability.circl.lu/sighting/0e8f7870-0fe3-4573-bc80-0cbc5e135bdc/export Fri, 02 May 2025 20:16:44 +0000 https://vulnerability.circl.lu/sighting/942df594-f7c6-4064-8f42-48ea028ce1f8/export {"uuid": "942df594-f7c6-4064-8f42-48ea028ce1f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38339", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14597", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-38339\n\ud83d\udd25 CVSS Score: 6.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The Simple Matted Thumbnails WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[\"PHP_SELF\"] value in the ~/simple-matted-thumbnail.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.01.\n\ud83d\udccf Published: 2021-09-10T13:34:31.309Z\n\ud83d\udccf Modified: 2025-05-02T19:46:00.526Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38339\n2. https://plugins.trac.wordpress.org/browser/simple-matted-thumbnails/tags/1.01/simple-matted-thumbnail.php#L122", "creation_timestamp": "2025-05-02T20:16:50.000000Z"} {"uuid": "942df594-f7c6-4064-8f42-48ea028ce1f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38339", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14597", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-38339\n\ud83d\udd25 CVSS Score: 6.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The Simple Matted Thumbnails WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[\"PHP_SELF\"] value in the ~/simple-matted-thumbnail.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.01.\n\ud83d\udccf Published: 2021-09-10T13:34:31.309Z\n\ud83d\udccf Modified: 2025-05-02T19:46:00.526Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38339\n2. https://plugins.trac.wordpress.org/browser/simple-matted-thumbnails/tags/1.01/simple-matted-thumbnail.php#L122", "creation_timestamp": "2025-05-02T20:16:50.000000Z"} https://vulnerability.circl.lu/sighting/942df594-f7c6-4064-8f42-48ea028ce1f8/export Fri, 02 May 2025 20:16:50 +0000