Security Vulnerabilities - CVEs Published In July 2021
Usage of hard-coded cryptographic keys to encrypt configuration files and debug logs in FortiAuthenticator versions before 6.3.0 may allow an attacker with access to the files or the CLI configuration to decrypt the sensitive data, via knowledge of the hard-coded key.
CVSS Score
4.0
EPSS Score
0.001
Published
2021-07-06
Lack of authentication or validation in motor_load_more, motor_gallery_load_more, motor_quick_view and motor_project_quick_view AJAX handlers of the Motor WordPress theme before 3.1.0 allows an unauthenticated attacker access to arbitrary files in the server file system, and to execute arbitrary php scripts found on the server file system. We found no vulnerability for uploading files with this theme, so any scripts to be executed must already be on the server file system.
CVSS Score
9.8
EPSS Score
0.028
Published
2021-07-06
The joomsport_md_load AJAX action of the JoomSport WordPress plugin before 5.1.8, registered for both unauthenticated and unauthenticated users, unserialised user input from the shattr POST parameter, leading to a PHP Object Injection issue. Even though the plugin does not have a suitable gadget chain to exploit this, other installed plugins could, which might lead to more severe issues such as RCE
CVSS Score
9.8
EPSS Score
0.041
Published
2021-07-06
The WP SVG images WordPress plugin before 3.4 did not sanitise the SVG files uploaded, which could allow low privilege users such as author+ to upload a malicious SVG and then perform XSS attacks by inducing another user to access the file directly. In v3.4, the plugin restricted such upload to editors and admin, with an option to also allow author to do so. The description of the plugin has also been updated with a security warning as upload of such content is intended.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-07-06
The WP Pro Real Estate 7 WordPress theme before 3.1.1 did not properly sanitise the ct_community parameter in its search listing page before outputting it back in it, leading to a reflected Cross-Site Scripting which can be triggered in both unauthenticated or authenticated user context
CVSS Score
6.1
EPSS Score
0.422
Published
2021-07-06
In the VikRentCar Car Rental Management System WordPress plugin before 1.1.7, there is a custom filed option by which we can manage all the fields that the users will have to fill in before saving the order. However, the field name is not sanitised or escaped before being output back in the page, leading to a stored Cross-Site Scripting issue. There is also no CSRF check done before saving the setting, allowing attackers to make a logged in admin set arbitrary Custom Fields, including one with XSS payload in it.
CVSS Score
5.4
EPSS Score
0.001
Published
2021-07-06
SmarterTools SmarterMail before Build 7776 allows XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-07-06
In the xrdp package (in branches through 3.14) for Alpine Linux, RDP sessions are vulnerable to man-in-the-middle attacks because pre-generated RSA certificates and private keys are used.
CVSS Score
5.9
EPSS Score
0.001
Published
2021-07-05
The Rocket.Chat desktop application 2.17.11 opens external links without user interaction.
CVSS Score
7.5
EPSS Score
0.002
Published
2021-07-05
In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parties dispute the significance of this finding
CVSS Score
7.8
EPSS Score
0.008
Published
2021-07-05