CVE-2021-34629

Name of the Vulnerable Software and Affected Versions: SendGrid WordPress plugin versions up to and including 1.11.8

Description: The issue allows authenticated users to bypass authorization and export statistics for a WordPress multi-site main site. This is possible due to a vulnerability in the get ajax statistics function found in the ~/lib/class-sendgrid-statistics.php file.

Recommendations: For SendGrid WordPress plugin versions up to and including 1.11.8, update to a version later than 1.11.8 to resolve the issue. As a temporary workaround, consider restricting access to the get ajax statistics function to prevent unauthorized statistic exports.