SendGrid <= 1.11.8 – Authenticated Authorization Bypass | CVE 2021-34629

Description

The plugin is vulnerable to authorization bypass via the get_ajax_statistics function found in the ~/lib/class-sendgrid-statistics.php file which allows authenticated users to export statistics for a WordPress multi-site main site in versions up to 1.11.8. This vulnerability only affects the main site of WordPress multi-site installations.

Proof of Concept

The PoC will be displayed once the issue has been remediated.

Affects Plugins

sendgrid-email-delivery-simplified

No known fix

References

CVE

CVE-2021-34629

URL

https://www.wordfence.com/vulnerability-advisories/#CVE-2021-34629

Classification

Type

AUTHBYPASS

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CWE-287

CVSS

4.3 (medium)

Miscellaneous

Original Researcher

Prashant Baldha

Submitter

Wordfence

Submitter website

https://wordfence.com

Verified

WPVDB ID

f3d59d5b-3fc8-47da-95fe-e1d46295e5d2

Timeline

Publicly Published

2021-07-21 (about 4 years ago)

Added

2021-07-21 (about 4 years ago)

Last Updated

2022-04-12 (about 3 years ago)

Other

Published

Title

Published

2018-11-27

Title

Woo Confirmation Email < 3.2.0 - Missing Access Controls to View Uploaded files

Published

2019-12-12

Title

Ultimate Addons for Elementor < 1.20.1 - Authentication Bypass

Published

2016-06-21

Title

Advanced Access Manager <= 3.2.1 - Privilege Escalation

Published

2024-10-11

Title

Bot for Telegram on WooCommerce <= 1.2.7 - Subscriber+ Authentication Bypass

Published

2024-12-11

Title

OAuth Single Sign On – SSO (OAuth Client) < 6.26.4 - Authentication Bypass