CVE-2021-1594

CVE-2021-1594 affects Cisco Identity Services Engine (ISE). The REST API is vulnerable to a command injection due to insufficient input validation on specific endpoints. An unauthenticated, remote attacker could leverage this by positioning themselves in a Man-in-the-Middle role to intercept and ...

GHSA-M6J4-8R7P-WPP3 BuddyPress privilege escalation via REST API

Impact It's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the BuddyPress REST API members endpoint. Patches The vulnerability has been fixed in BuddyPress 7.2.1. Existing installations of the plugin should be updated to this version to mitiga...

BuddyPress privilege escalation via REST API

Impact It's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the BuddyPress REST API members endpoint. Patches The vulnerability has been fixed in BuddyPress 7.2.1. Existing installations of the plugin should be updated to this version to mitiga...

Cisco Identity Services Engine Privilege Escalation Vulnerability

A vulnerability in the REST API of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to perform a command injection attack and elevate privileges to root. This vulnerability is due to insufficient input validation for specific API endpoints. An attacker in a...

Showmax: Full Path Disclosure in Wordpress Rest API Response

The hacker submitted a full path disclosure vulnerability on our Wordpress site stories.showmax.com. The vulnerability was caused by Yoast SEO plugin and they actually released a fix for the issue today 2021-10-05. Considering the issue was with 3rd party code, the fix for the issue was introduce...

ManageEngine EventLog Analyzer < Build 12201 REST API Restriction Bypass RCE

Binary data manageengineeventloganalyzercve-2021-40539.nbin...

ManageEngine Log360 < Build 5229 REST API Restriction Bypass RCE

Binary data manageenginelog360cve-2021-40539.nbin...

CVE-2021-34648

The Ninja Forms WordPress plugin is vulnerable to arbitrary email sending via the triggeremailaction function found in the /includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to send arbitrary emails from the affected server via the...

Code injection

The Ninja Forms WordPress plugin is vulnerable to arbitrary email sending via the triggeremailaction function found in the /includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to send arbitrary emails from the affected server via the...

Information disclosure

The Ninja Forms WordPress plugin is vulnerable to sensitive information disclosure via the bulkexportsubmissions function found in the /includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to export all Ninja Forms submissions data via t...

CVE-2021-34647 Ninja Forms <= 3.5.7 Sensitive Information Disclosure

The Ninja Forms WordPress plugin is vulnerable to sensitive information disclosure via the bulkexportsubmissions function found in the /includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to export all Ninja Forms submissions data via t...

CVE-2021-34648 Ninja Forms <= 3.5.7 Unprotected REST-API to Email Injection

The Ninja Forms WordPress plugin is vulnerable to arbitrary email sending via the triggeremailaction function found in the /includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to send arbitrary emails from the affected server via the...

CVE-2021-34648

The CVE-2021-34648 issue affects the WordPress Ninja Forms plugin (up to version 3.5.7). The vulnerability arises from an unprotected REST API endpoint, specifically /ninja-forms-submissions/email-action, where the trigger_email_action function in includes/Routes/Submissions.php can be invoked by...

WordPress Ninja Forms Contact Form plugin <= 3.5.7 - Unprotected REST-API to Email Injection vulnerability

Unprotected REST-API to Email Injection vulnerability discovered by Chloe Chamberland WordFence in WordPress Ninja Forms Contact Form plugin versions = 3.5.7. Solution Update the WordPress Ninja Forms Contact Form plugin to the latest available version at least 3.5.8...

WordPress Ninja Forms Contact Form plugin <= 3.5.7 - Unprotected REST-API to Sensitive Information Disclosure vulnerability

Unprotected REST-API to Sensitive Information Disclosure vulnerability discovered by Chloe Chamberland WordFence in WordPress Ninja Forms Contact Form plugin versions = 3.5.7. Solution Update the WordPress Ninja Forms Contact Form plugin to the latest available version at least 3.5.8...

Ninja Forms < 3.5.8 - Unprotected REST-API to Email Injection

The plugin is vulnerable to arbitrary email sending via the triggeremailaction function found in the /includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to send arbitrary emails from the affected server via the...

Ninja Forms < 3.5.8 - Unprotected REST-API to Email Injection

The plugin is vulnerable to arbitrary email sending via the triggeremailaction function found in the /includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to send arbitrary emails from the affected server via the...

Ninja Forms < 3.5.8 - Unprotected REST-API to Sensitive Information Disclosure

The plugin is vulnerable to sensitive information disclosure via the bulkexportsubmissions function found in the /includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to export all Ninja Forms submissions data via the...

PT-2021-20616 · WordPress · Ninja Forms

Name of the Vulnerable Software and Affected Versions: Ninja Forms WordPress plugin versions up to and including 3.5.7 Description: The issue allows authenticated attackers to send arbitrary emails from the affected server via the "/ninja-forms-submissions/email-action" REST API endpoint, utilizi...

Ninja Forms < 3.5.8 - Unprotected REST-API to Sensitive Information Disclosure

The plugin is vulnerable to sensitive information disclosure via the bulkexportsubmissions function found in the /includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to export all Ninja Forms submissions data via the...