CVE-2021-34629
published 2021-07-30CVE-2021-34629: The SendGrid WordPress plugin is vulnerable to authorization bypass via the get_ajax_statistics function found in the ~/lib/class-sendgrid-statistics.php file…
PriorityP278medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.70%
48.4th percentile
The SendGrid WordPress plugin is vulnerable to authorization bypass via the get_ajax_statistics function found in the ~/lib/class-sendgrid-statistics.php file which allows authenticated users to export statistic for a WordPress multi-site main site, in versions up to and including 1.11.8.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sendgrid | sendgrid | <= 1.11.8 | — |
| sendgrid | sendgrid | 1.11.8 – 1.11.8 | — |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
vulncheck4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qrv5-mq63-4m4p: The SendGrid WordPress plugin is vulnerable to authorization bypass via the get_ajax_statistics function found in the ~/lib/class-sendgrid-statistics
ghsa_unreviewed·2022-05-24
CVE-2021-34629 [MEDIUM] CWE-862 GHSA-qrv5-mq63-4m4p: The SendGrid WordPress plugin is vulnerable to authorization bypass via the get_ajax_statistics function found in the ~/lib/class-sendgrid-statistics
The SendGrid WordPress plugin is vulnerable to authorization bypass via the get_ajax_statistics function found in the ~/lib/class-sendgrid-statistics.php file which allows authenticated users to export statistic for a WordPress multi-site main site, in versions up to and including 1.11.8.
VulnCheck
SendGrid WordPress Plugin get_ajax_statistics Authorization Bypass
vulncheck·2021·CVSS 4.3
CVE-2021-34629 [MEDIUM] SendGrid WordPress Plugin get_ajax_statistics Authorization Bypass
SendGrid WordPress Plugin get_ajax_statistics Authorization Bypass
The SendGrid WordPress plugin is vulnerable to authorization bypass via the get_ajax_statistics function found in the ~/lib/class-sendgrid-statistics.php file which allows authenticated users to export statistic for a WordPress multi-site main site, in versions up to and including 1.11.8.
Affected: sendgrid sendgrid
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://patchstack.com/database/vulnerability/sendgrid-email-delivery-simplified/wordpress-sendgrid-plugin-1-11-8-authenticated-authorization-bypass-vulnerability
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-07-30
Published
Exploited in the wild