diff --git a/2022/1xxx/CVE-2022-1843.json b/2022/1xxx/CVE-2022-1843.json index 8e7b41e1009..9aa6da2f0b5 100644 --- a/2022/1xxx/CVE-2022-1843.json +++ b/2022/1xxx/CVE-2022-1843.json @@ -1,75 +1,75 @@ { - "CVE_data_meta": { - "ID": "CVE-2022-1843", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "MailPress <= 7.2.1 - Arbitrary Settings Update & Log Files Purge via CSRF" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Unknown", - "product": { - "product_data": [ - { - "product_name": "MailPress", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "7.2.1", - "version_value": "7.2.1" + "CVE_data_meta": { + "ID": "CVE-2022-1843", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "MailPress <= 7.2.1 - Arbitrary Settings Update & Log Files Purge via CSRF" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "MailPress", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "7.2.1", + "version_value": "7.2.1" + } + ] + } + } + ] } - ] } - } ] - } } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The MailPress WordPress plugin through 7.2.1 does not have CSRF checks in various places, which could allow attackers to make a logged in admin change the settings, purge log files and more via CSRF attacks" - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "url": "https://wpscan.com/vulnerability/aa59f811-2375-4593-93d4-f587f9870ed1", - "name": "https://wpscan.com/vulnerability/aa59f811-2375-4593-93d4-f587f9870ed1" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-352 Cross-Site Request Forgery (CSRF)", - "lang": "eng" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The MailPress WordPress plugin through 7.2.1 does not have CSRF checks in various places, which could allow attackers to make a logged in admin change the settings, purge log files and more via CSRF attacks" + } ] - } - ] - }, - "credit": [ - { - "lang": "eng", - "value": "Daniel Ruf" + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/aa59f811-2375-4593-93d4-f587f9870ed1", + "name": "https://wpscan.com/vulnerability/aa59f811-2375-4593-93d4-f587f9870ed1" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Daniel Ruf" + } + ], + "source": { + "discovery": "EXTERNAL" } - ], - "source": { - "discovery": "EXTERNAL" - } } \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1904.json b/2022/1xxx/CVE-2022-1904.json index 260b9c1bbb6..59e3fc0196a 100644 --- a/2022/1xxx/CVE-2022-1904.json +++ b/2022/1xxx/CVE-2022-1904.json @@ -1,75 +1,75 @@ { - "CVE_data_meta": { - "ID": "CVE-2022-1904", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "Easy Pricing Tables < 3.2.1 - Reflected Cross-Site-Scripting" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Unknown", - "product": { - "product_data": [ - { - "product_name": "Pricing Tables WordPress Plugin – Easy Pricing Tables", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "3.2.1", - "version_value": "3.2.1" + "CVE_data_meta": { + "ID": "CVE-2022-1904", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Easy Pricing Tables < 3.2.1 - Reflected Cross-Site-Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Pricing Tables WordPress Plugin \u2013 Easy Pricing Tables", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.2.1", + "version_value": "3.2.1" + } + ] + } + } + ] } - ] } - } ] - } } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The Pricing Tables WordPress Plugin WordPress plugin before 3.2.1 does not sanitise and escape parameter before outputting it back in a page available to any user (both authenticated and unauthenticated) when a specific setting is enabled, leading to a Reflected Cross-Site Scripting" - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "url": "https://wpscan.com/vulnerability/92215d07-d129-49b4-a838-0de1a944c06b", - "name": "https://wpscan.com/vulnerability/92215d07-d129-49b4-a838-0de1a944c06b" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-79 Cross-site Scripting (XSS)", - "lang": "eng" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Pricing Tables WordPress Plugin WordPress plugin before 3.2.1 does not sanitise and escape parameter before outputting it back in a page available to any user (both authenticated and unauthenticated) when a specific setting is enabled, leading to a Reflected Cross-Site Scripting" + } ] - } - ] - }, - "credit": [ - { - "lang": "eng", - "value": "cydave" + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/92215d07-d129-49b4-a838-0de1a944c06b", + "name": "https://wpscan.com/vulnerability/92215d07-d129-49b4-a838-0de1a944c06b" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "cydave" + } + ], + "source": { + "discovery": "EXTERNAL" } - ], - "source": { - "discovery": "EXTERNAL" - } } \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1916.json b/2022/1xxx/CVE-2022-1916.json index 155a5a56755..926c5a7e66f 100644 --- a/2022/1xxx/CVE-2022-1916.json +++ b/2022/1xxx/CVE-2022-1916.json @@ -1,75 +1,75 @@ { - "CVE_data_meta": { - "ID": "CVE-2022-1916", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "Active Products Tables for WooCommerce < 1.0.5 - Reflected Cross-Site-Scripting" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Unknown", - "product": { - "product_data": [ - { - "product_name": "Active Products Tables for WooCommerce. Professional products tables for WooCommerce store ", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "1.0.5", - "version_value": "1.0.5" + "CVE_data_meta": { + "ID": "CVE-2022-1916", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Active Products Tables for WooCommerce < 1.0.5 - Reflected Cross-Site-Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Active Products Tables for WooCommerce. Professional products tables for WooCommerce store\u00a0", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.0.5", + "version_value": "1.0.5" + } + ] + } + } + ] } - ] } - } ] - } } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store  WordPress plugin before 1.0.5 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected cross-Site Scripting" - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "url": "https://wpscan.com/vulnerability/d16a0c3d-4318-4ecd-9e65-fc4165af8808", - "name": "https://wpscan.com/vulnerability/d16a0c3d-4318-4ecd-9e65-fc4165af8808" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-79 Cross-site Scripting (XSS)", - "lang": "eng" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store WordPress plugin before 1.0.5 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected cross-Site Scripting" + } ] - } - ] - }, - "credit": [ - { - "lang": "eng", - "value": "cydave" + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/d16a0c3d-4318-4ecd-9e65-fc4165af8808", + "name": "https://wpscan.com/vulnerability/d16a0c3d-4318-4ecd-9e65-fc4165af8808" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "cydave" + } + ], + "source": { + "discovery": "EXTERNAL" } - ], - "source": { - "discovery": "EXTERNAL" - } } \ No newline at end of file