Vulnerabilities > CVE-2021-34629 - Unspecified vulnerability in Sendgrid 1.11.8

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

sendgrid

NVD

Published: 2021-07-30

Updated: 2024-11-21

Summary

The SendGrid WordPress plugin is vulnerable to authorization bypass via the get_ajax_statistics function found in the ~/lib/class-sendgrid-statistics.php file which allows authenticated users to export statistic for a WordPress multi-site main site, in versions up to and including 1.11.8.

Vulnerable Configurations

Part	Description	Count
Application	Sendgrid Sendgrid Sendgrid - Sendgrid Sendgrid 1.11.8	2

References

https://www.wordfence.com/vulnerability-advisories/#CVE-2021-34629
https://www.wordfence.com/vulnerability-advisories/#CVE-2021-34629