Security Vulnerabilities - CVEs Published In July 2021
In the YOP Poll WordPress plugin before 6.2.8, when a pool is created with the options "Allow other answers", "Display other answers in the result list" and "Show results", it can lead to Stored Cross-Site Scripting issues as the 'Other' answer is not sanitised before being output in the page. The execution of the XSS payload depends on the 'Show results' option selected, which could be before or after sending the vote for example.
CVSS Score
6.1
EPSS Score
0.017
Published
2021-07-12
Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, default share permissions were not being respected for federated reshares of files and folders. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds.
CVSS Score
3.5
EPSS Score
0.003
Published
2021-07-12
SQL Injection in WMS v1.0 allows remote attackers to execute arbitrary code via the "username" parameter in the component "chkuser.php".
CVSS Score
9.8
EPSS Score
0.016
Published
2021-07-12
A command injection vulnerability in the sandcat plugin of Caldera 2.3.1 and earlier allows authenticated attackers to execute any command or service.
CVSS Score
8.8
EPSS Score
0.042
Published
2021-07-12
The Admin Columns WordPress plugin Free before 4.3.2 and Pro before 5.5.2 allowed to configure individual columns for tables. Each column had a type. The type "Custom Field" allowed to choose an arbitrary database column to display in the table. There was no escaping applied to the contents of "Custom Field" columns.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-07-12
The Filebird Plugin 4.7.3 introduced a SQL injection vulnerability as it is making SQL queries without escaping user input data from a HTTP post request. This is a major vulnerability as the user input is not escaped and passed directly to the get_col function and it allows SQL injection. The Rest API endpoint which invokes this function also does not have any required permissions/authentication and can be accessed by an anonymous user.
CVSS Score
9.8
EPSS Score
0.09
Published
2021-07-12
The Prismatic WordPress plugin before 2.8 does not sanitise or validate some of its shortcode parameters, allowing users with a role as low as Contributor to set Cross-Site payload in them. A post made by a contributor would still have to be approved by an admin to have the XSS trigger able in the frontend, however, higher privilege users, such as editor could exploit this without the need of approval, and even when the blog disallows the unfiltered_html capability.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-07-12
The Prismatic WordPress plugin before 2.8 does not escape the 'tab' GET parameter before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator
CVSS Score
6.1
EPSS Score
0.133
Published
2021-07-12
The Smooth Scroll Page Up/Down Buttons WordPress plugin through 1.4 does not properly sanitise and validate its psb_positioning settings, allowing high privilege users such as admin to set an XSS payload in it, which will be executed in all pages of the blog
CVSS Score
4.8
EPSS Score
0.002
Published
2021-07-12
The WP YouTube Lyte WordPress plugin before 1.7.16 did not sanitise or escape its lyte_yt_api_key and lyte_notification settings before outputting them back in the page, allowing high privilege users to set XSS payload on them and leading to stored Cross-Site Scripting issues.
CVSS Score
4.8
EPSS Score
0.002
Published
2021-07-12