admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 11:06:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-10-20 16:00:39 +00:00
parent 880063b31e
commit 11655e5a9f
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
46 changed files with 2333 additions and 2381 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

110
2022/0xxx/CVE-2022-0750.json
View File

@ -1,15 +1,37 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-0750",
"STATE": "PUBLIC",
"TITLE": "Photoswipe Masonry Gallery <= 1.2.14 Stored Cross-Site Scripting"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Photoswipe Masonry Gallery WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the thumbnail_width, thumbnail_height, max_image_width, and max_image_height parameters found in the ~/photoswipe-masonry.php file which allows authenticated attackers to inject arbitrary web scripts into galleries created by the plugin and on the PhotoSwipe Options page. This affects versions up to and including 1.2.14."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "deanoakley",
"product": {
"product_data": [
{
@ -18,83 +40,51 @@
"version_data": [
{
"version_affected": "<=",
"version_name": "1.2.14",
"version_name": "*",
"version_value": "1.2.14"
}
]
}
}
]
},
"vendor_name": "Web Design Gold Coast"
}
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Chloe Chamberland, Wordfence"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Photoswipe Masonry Gallery WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the thumbnail_width, thumbnail_height, max_image_width, and max_image_height parameters found in the ~/photoswipe-masonry.php file which allows authenticated attackers to inject arbitrary web scripts into galleries created by the plugin and on the PhotoSwipe Options page. This affects versions up to and including 1.2.14."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/64624d4c-3ffb-4516-a938-0accde24c79f?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/64624d4c-3ffb-4516-a938-0accde24c79f?source=cve"
},
{
"url": "https://wordpress.org/plugins/photoswipe-masonry/",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/photoswipe-masonry/"
},
{
"url": "https://www.wordfence.com/blog/2022/02/stored-cross-site-scripting-vulnerability-patched-in-a-wordpress-photo-gallery-plugin/",
"refsource": "MISC",
"name": "https://www.wordfence.com/blog/2022/02/stored-cross-site-scripting-vulnerability-patched-in-a-wordpress-photo-gallery-plugin/"
}
]
},
"solution": [
"credits": [
{
"lang": "eng",
"value": "Update to version 1.2.15, or newer. "
"lang": "en",
"value": "Chloe Chamberland"
}
],
"source": {
"discovery": "UNKNOWN"
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
}
]
}
}

115
2022/0xxx/CVE-2022-0992.json
View File

@ -1,45 +1,12 @@
{
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-0992",
"STATE": "PUBLIC",
"TITLE": "SiteGround Security <= 1.2.5 - Authentication Bypass via 2FA Setup"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SiteGround Security ",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.2.5",
"version_value": "1.2.5"
}
]
}
}
]
},
"vendor_name": "SiteGround"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Chloe Chamberland, Wordfence"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-0992",
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
@ -48,25 +15,6 @@
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
@ -79,27 +27,64 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "siteground",
"product": {
"product_data": [
{
"product_name": "Security Optimizer \u2013 The All-In-One WordPress Protection Plugin",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.2.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6e5c6bf7-a653-4571-9566-574d2bb35c4f?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6e5c6bf7-a653-4571-9566-574d2bb35c4f?source=cve"
},
{
"url": "https://www.wordfence.com/blog/2022/04/critical-authentication-bypass-vulnerability-patched-in-siteground-security-plugin/",
"refsource": "MISC",
"name": "https://www.wordfence.com/blog/2022/04/critical-authentication-bypass-vulnerability-patched-in-siteground-security-plugin/"
},
{
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/changeset/2706302",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/2706302"
}
]
},
"solution": [
"credits": [
{
"lang": "eng",
"value": "Update to version 1.2.6, or newer. "
"lang": "en",
"value": "Chloe Chamberland"
}
],
"source": {
"discovery": "INTERNAL"
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
}
]
}
}

116
2022/1xxx/CVE-2022-1186.json
View File

@ -1,45 +1,12 @@
{
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-1186",
"STATE": "PUBLIC",
"TITLE": "Be POPIA Compliant <= 1.1.5 - Sensitive Information Exposure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Be POPIA Compliant",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.1.5",
"version_value": "1.1.5"
}
]
}
}
]
},
"vendor_name": "bepopiacompliant"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Chris Meistre"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-1186",
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
@ -48,25 +15,6 @@
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
@ -79,27 +27,59 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "bepopiacompliant",
"product": {
"product_data": [
{
"product_name": "Be POPIA Compliant",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.1.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0fcdd6b5-a273-4916-a894-a753be0a7921?source=cve",
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2701343%40be-popia-compliant&new=2701343%40be-popia-compliant&sfp_email=&sfph_mail=",
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2701343%40be-popia-compliant&new=2701343%40be-popia-compliant&sfp_email=&sfph_mail="
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0fcdd6b5-a273-4916-a894-a753be0a7921?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2701343%40be-popia-compliant&new=2701343%40be-popia-compliant&sfp_email=&sfph_mail=",
"refsource": "MISC",
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1186",
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1186"
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2701343%40be-popia-compliant&new=2701343%40be-popia-compliant&sfp_email=&sfph_mail="
}
]
},
"solution": [
"credits": [
{
"lang": "eng",
"value": "Update to version 1.1.5, or newer. "
"lang": "en",
"value": "Chris Meistre"
}
],
"source": {
"discovery": "EXTERNAL"
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
]
}
}

123
2022/1xxx/CVE-2022-1187.json
View File

@ -1,45 +1,12 @@
{
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-1187",
"STATE": "PUBLIC",
"TITLE": "WP YouTube Live <= 1.7.21 - Reflected Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WP YouTube Live",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.7.21",
"version_value": "1.7.21"
}
]
}
}
]
},
"vendor_name": "macbookandrew"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "p7e4"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-1187",
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
@ -48,58 +15,76 @@
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "macbookandrew",
"product": {
"product_data": [
{
"product_name": "WP YouTube Live",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.7.21"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2d540b53-5c39-43d5-a055-cc5eccfa65b8?source=cve",
"refsource": "MISC",
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1187",
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1187"
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2d540b53-5c39-43d5-a055-cc5eccfa65b8?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-youtube-live/trunk/inc/admin.php#L355",
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2702715%40wp-youtube-live&new=2702715%40wp-youtube-live&sfp_email=&sfph_mail=",
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2702715%40wp-youtube-live&new=2702715%40wp-youtube-live&sfp_email=&sfph_mail="
"name": "https://plugins.trac.wordpress.org/browser/wp-youtube-live/trunk/inc/admin.php#L355"
},
{
"url": "https://github.com/macbookandrew/wp-youtube-live/commit/2d8ccb7b12742bf16b5a6068f9fdeeac69bc11b1",
"refsource": "MISC",
"name": "https://github.com/macbookandrew/wp-youtube-live/commit/2d8ccb7b12742bf16b5a6068f9fdeeac69bc11b1"
}
]
},
"solution": [
"credits": [
{
"lang": "eng",
"value": "Update to version 1.7.22, or newer. "
"lang": "en",
"value": "p7e4"
}
],
"source": {
"discovery": "EXTERNAL"
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
}
]
}
}

120
2022/1xxx/CVE-2022-1442.json
View File

@ -1,45 +1,12 @@
{
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-1442",
"STATE": "PUBLIC",
"TITLE": "Metform Elementor Contact Form Builder <= 2.1.3 - Sensitive Information Disclosure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Metform Elementor Contact Form Builder ",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "2.1.3",
"version_value": "2.1.3"
}
]
}
}
]
},
"vendor_name": "wpmet"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Muhammad Zeeshan (Xib3rR4dAr)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-1442",
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
@ -48,25 +15,6 @@
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
@ -79,32 +27,64 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "xpeedstudio",
"product": {
"product_data": [
{
"product_name": "Metform Elementor Contact Form Builder",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "2.1.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/04a46249-b5b2-4082-b520-cdc4a1370bb1?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/04a46249-b5b2-4082-b520-cdc4a1370bb1?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2711944/metform/trunk/core/forms/action.php",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/2711944/metform/trunk/core/forms/action.php"
},
{
"refsource": "MISC",
"url": "https://gist.github.com/Xib3rR4dAr/6e6c6e5fa1f8818058c7f03de1eda6bf",
"name": "https://gist.github.com/Xib3rR4dAr/6e6c6e5fa1f8818058c7f03de1eda6bf"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1442",
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1442"
"name": "https://gist.github.com/Xib3rR4dAr/6e6c6e5fa1f8818058c7f03de1eda6bf"
}
]
},
"solution": [
"credits": [
{
"lang": "eng",
"value": "Update to version 2.1.4, or newer. "
"lang": "en",
"value": "Muhammad Zeeshan"
}
],
"source": {
"discovery": "UNKNOWN"
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH"
}
]
}
}

123
2022/1xxx/CVE-2022-1453.json
View File

@ -1,45 +1,12 @@
{
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-1453",
"STATE": "PUBLIC",
"TITLE": "RSVPMaker <= 9.2.5 - Unauthenticated SQL Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RSVPMaker",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "9.2.5",
"version_value": "9.2.5"
}
]
}
}
]
},
"vendor_name": "davidfcarr"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Tobias Kay Dal\u00e5 (oxnan)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-1453",
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
@ -48,63 +15,81 @@
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "davidfcarr",
"product": {
"product_data": [
{
"product_name": "RSVPMaker",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "9.2.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6031edec-4274-4e42-9e3a-ce0c94958b17?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6031edec-4274-4e42-9e3a-ce0c94958b17?source=cve"
},
{
"url": "https://github.com/davidfcarr/rsvpmaker/commit/bfb189f49af7ab0d34499a2da772e3266f72167d",
"refsource": "MISC",
"name": "https://github.com/davidfcarr/rsvpmaker/commit/bfb189f49af7ab0d34499a2da772e3266f72167d"
},
{
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1453",
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2714389%40rsvpmaker&new=2714389%40rsvpmaker&sfp_email=&sfph_mail=",
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2714389%40rsvpmaker&new=2714389%40rsvpmaker&sfp_email=&sfph_mail="
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1453"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2714389%40rsvpmaker&new=2714389%40rsvpmaker&sfp_email=&sfph_mail=",
"refsource": "MISC",
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1453",
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1453"
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2714389%40rsvpmaker&new=2714389%40rsvpmaker&sfp_email=&sfph_mail="
}
]
},
"solution": [
"credits": [
{
"lang": "eng",
"value": "Update to version 9.2.6, or newer."
"lang": "en",
"value": "Tobias Kay Dal\u00e5 (oxnan)"
}
],
"source": {
"discovery": "UNKNOWN"
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
}
]
}
}

117
2022/1xxx/CVE-2022-1505.json
View File

@ -1,45 +1,12 @@
{
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-1505",
"STATE": "PUBLIC",
"TITLE": "RSVPMaker <= 9.2.6 - Unauthenticated SQL Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RSVPMaker",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "9.2.6",
"version_value": "9.2.6"
}
]
}
}
]
},
"vendor_name": "davidfcarr"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Tobias Kay Dal\u00e5 (oxnan)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-1505",
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
@ -48,58 +15,76 @@
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "davidfcarr",
"product": {
"product_data": [
{
"product_name": "RSVPMaker",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "9.2.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6837b91d-b3ba-435a-965b-fa18d9b9b9c8?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6837b91d-b3ba-435a-965b-fa18d9b9b9c8?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2715095%40rsvpmaker&new=2715095%40rsvpmaker&sfp_email=&sfph_mail=",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2715095%40rsvpmaker&new=2715095%40rsvpmaker&sfp_email=&sfph_mail="
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1505",
"refsource": "MISC",
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1505"
}
]
},
"solution": [
"credits": [
{
"lang": "eng",
"value": "Update to version 9.2.7, or newer."
"lang": "en",
"value": "Tobias Kay Dal\u00e5 (oxnan)"
}
],
"source": {
"discovery": "UNKNOWN"
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
}
]
}
}

120
2022/1xxx/CVE-2022-1565.json
View File

@ -1,45 +1,12 @@
{
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-1565",
"STATE": "PUBLIC",
"TITLE": "Import any XML or CSV File to WordPress <= 3.6.7 - Admin+ Malicious File Upload"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Import any XML or CSV File to WordPress",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "3.6.7",
"version_value": "3.6.7"
}
]
}
}
]
},
"vendor_name": "wpallimport"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "yangkang"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-1565",
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
@ -48,25 +15,6 @@
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
@ -79,26 +27,64 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "wpallimport",
"product": {
"product_data": [
{
"product_name": "Import any XML or CSV File to WordPress",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "3.6.7"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5d281333-d9af-4eb7-bc5c-ea7ceeddac03?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5d281333-d9af-4eb7-bc5c-ea7ceeddac03?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2749264/wp-all-import/trunk?contextall=1&old=2737093&old_path=%2Fwp-all-import%2Ftrunk",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/2749264/wp-all-import/trunk?contextall=1&old=2737093&old_path=%2Fwp-all-import%2Ftrunk"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1565",
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1565"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/171578/WordPress-WP-All-Import-3.6.7-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/171578/WordPress-WP-All-Import-3.6.7-Remote-Code-Execution.html"
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1565"
}
]
},
"source": {
"discovery": "UNKNOWN"
"credits": [
{
"lang": "en",
"value": "yangkang"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.2,
"baseSeverity": "HIGH"
}
]
}
}

121
2022/1xxx/CVE-2022-1567.json
View File

@ -1,45 +1,12 @@
{
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-1567",
"STATE": "PUBLIC",
"TITLE": "WP JS <= 2.0.6 - Reflected Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WP JS",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "2.0.6",
"version_value": "2.0.6"
}
]
}
}
]
},
"vendor_name": "halmat"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Marco Wotschka"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-1567",
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
@ -48,58 +15,76 @@
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "halmat",
"product": {
"product_data": [
{
"product_name": "WP JS",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "2.0.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0ab82117-73dd-4257-8dfc-01dadcc3a83f?source=cve",
"refsource": "MISC",
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1567",
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1567"
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0ab82117-73dd-4257-8dfc-01dadcc3a83f?source=cve"
},
{
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/browser/wp-js/trunk/wp-js.php?rev=100281#L140",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/wp-js/trunk/wp-js.php?rev=100281#L140"
},
{
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1567",
"refsource": "MISC",
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1567"
}
]
},
"solution": [
"credits": [
{
"lang": "eng",
"value": "Uninstall plugin from site. "
"lang": "en",
"value": "Marco Wotschka"
}
],
"source": {
"discovery": "INTERNAL"
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
}
]
}
}

129
2022/1xxx/CVE-2022-1707.json
View File

@ -1,49 +1,12 @@
{
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-1707",
"STATE": "PUBLIC",
"TITLE": "Google Tag Manager for WordPress (GTM4WP) <= 1.15 - Reflected Cross-Site Scripting via site search"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Google Tag Manager for WordPress (GTM4WP)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.15",
"version_value": "1.15"
}
]
}
}
]
},
"vendor_name": "duracelltomi"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Cory Buecker\t"
},
{
"lang": "eng",
"value": "not_stoppable"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-1707",
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
@ -52,62 +15,90 @@
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "duracelltomi",
"product": {
"product_data": [
{
"product_name": "GTM4WP",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.15"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0435ae14-c1fd-4611-acbe-5f3bafd4bb6a?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0435ae14-c1fd-4611-acbe-5f3bafd4bb6a?source=cve"
},
{
"url": "https://github.com/duracelltomi/gtm4wp/issues/224",
"refsource": "MISC",
"name": "https://github.com/duracelltomi/gtm4wp/issues/224"
},
{
"refsource": "MISC",
"url": "https://github.com/duracelltomi/gtm4wp/blob/1.15/public/frontend.php#L298",
"refsource": "MISC",
"name": "https://github.com/duracelltomi/gtm4wp/blob/1.15/public/frontend.php#L298"
},
{
"refsource": "MISC",
"url": "https://github.com/duracelltomi/gtm4wp/blob/1.15/public/frontend.php#L782",
"refsource": "MISC",
"name": "https://github.com/duracelltomi/gtm4wp/blob/1.15/public/frontend.php#L782"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1707",
"refsource": "MISC",
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1707"
}
]
},
"source": {
"discovery": "EXTERNAL"
"credits": [
{
"lang": "en",
"value": "Cory Buecker"
},
{
"lang": "en",
"value": "not_stoppable"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
}
]
}
}

121
2022/1xxx/CVE-2022-1749.json
View File

@ -1,72 +1,20 @@
{
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-1749",
"STATE": "PUBLIC",
"TITLE": "WPMK Ajax Finder <= 1.0.1 - Cross-Site Request Forgery to Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WPMK Ajax Finder",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.0.1",
"version_value": "1.0.1"
}
]
}
}
]
},
"vendor_name": "createplugin"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Tsubasa Imaizumi, Cryptography Laboratory in Tokyo Denki University"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-1749",
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WPMK Ajax Finder WordPress plugin is vulnerable to Cross-Site Request Forgery via the createplugin_atf_admin_setting_page() function found in the ~/inc/config/create-plugin-config.php file due to a missing nonce check which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.1."
"value": "The WPMK Ajax Finder WordPress plugin is vulnerable to Cross-Site Request Forgery via the\u00a0createplugin_atf_admin_setting_page()\u00a0function found in the ~/inc/config/create-plugin-config.php file due to a missing nonce check which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.1."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
@ -79,21 +27,64 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "createplugin",
"product": {
"product_data": [
{
"product_name": "WPMK Ajax Finder",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.0.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1d063d01-5f67-4c7f-ab71-01708456e82b?source=cve",
"refsource": "MISC",
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1749",
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1749"
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1d063d01-5f67-4c7f-ab71-01708456e82b?source=cve"
},
{
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/browser/find-any-think/trunk/inc/config/create-plugin-admin.php",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/find-any-think/trunk/inc/config/create-plugin-admin.php"
},
{
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1749",
"refsource": "MISC",
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1749"
}
]
},
"source": {
"discovery": "EXTERNAL"
"credits": [
{
"lang": "en",
"value": "Tsutomu Aramaki"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}
}

105
2022/1xxx/CVE-2022-1750.json
View File

@ -1,15 +1,37 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-1750",
"STATE": "PUBLIC",
"TITLE": "Sticky Popup <= 1.2 - Admin+ Stored Cross-Site Scripting"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Sticky Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018 popup_title' parameter in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with admin level capabilities and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\u00a0This issue mostly affects sites where unfiltered_html has been disabled for administrators and on multi-site installations where unfiltered_html is disabled for administrators."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "numixtech",
"product": {
"product_data": [
{
@ -18,77 +40,46 @@
"version_data": [
{
"version_affected": "<=",
"version_name": "1.2",
"version_name": "*",
"version_value": "1.2"
}
]
}
}
]
},
"vendor_name": "numixtech"
}
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Saeed Alzahrani"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Sticky Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018 popup_title' parameter in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with admin level capabilities and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This issue mostly affects sites where unfiltered_html has been disabled for administrators and on multi-site installations where unfiltered_html is disabled for administrators."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4a5262d8-d9cd-4bd9-a95e-f60782095173?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4a5262d8-d9cd-4bd9-a95e-f60782095173?source=cve"
},
{
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1750",
"refsource": "MISC",
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1750"
}
]
},
"source": {
"discovery": "EXTERNAL"
"credits": [
{
"lang": "en",
"value": "Saeed Alzahrani"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
}
]
}
}

126
2022/1xxx/CVE-2022-1822.json
View File

@ -1,45 +1,12 @@
{
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-1822",
"STATE": "PUBLIC",
"TITLE": "Zephyr Project Manager <= 3.2.40 - Reflected Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Zephyr Project Manager",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "3.2.40",
"version_value": "3.2.40"
}
]
}
}
]
},
"vendor_name": "dylanjkotze"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Eduardo Estevao de Oliveira Azevedo\t"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-1822",
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
@ -48,52 +15,85 @@
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "dylanjkotze",
"product": {
"product_data": [
{
"product_name": "Zephyr Project Manager",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "3.2.4"
},
{
"version_affected": "=",
"version_value": "3.2.40"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/22d50526-e21f-412d-9eed-b9b1f48c3358?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/22d50526-e21f-412d-9eed-b9b1f48c3358?source=cve"
},
{
"url": "https://wordpress.org/plugins/zephyr-project-manager/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/zephyr-project-manager/#developers"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2727947%40zephyr-project-manager&new=2727947%40zephyr-project-manager&sfp_email=&sfph_mail=",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2727947%40zephyr-project-manager&new=2727947%40zephyr-project-manager&sfp_email=&sfph_mail="
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1822",
"refsource": "MISC",
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1822"
}
]
},
"source": {
"discovery": "EXTERNAL"
"credits": [
{
"lang": "en",
"value": "Eduardo Estevao de Oliveira Azevedo"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
}
]
}
}

113
2022/1xxx/CVE-2022-1900.json
View File

@ -1,45 +1,12 @@
{
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-1900",
"STATE": "PUBLIC",
"TITLE": "Copify <= 1.3.0 - Cross-Site Request Forgery to Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Copify",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.3.0",
"version_value": "1.3.0"
}
]
}
}
]
},
"vendor_name": "robmcvey"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Yuki Hoshi"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-1900",
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
@ -48,25 +15,6 @@
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
@ -79,16 +27,59 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "robmcvey",
"product": {
"product_data": [
{
"product_name": "Copify",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.3.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e92c6374-d11d-458c-b089-0ee79c33e4a6?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e92c6374-d11d-458c-b089-0ee79c33e4a6?source=cve"
},
{
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1900",
"refsource": "MISC",
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1900"
}
]
},
"source": {
"discovery": "EXTERNAL"
"credits": [
{
"lang": "en",
"value": "Yuki Hoshi"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}
}

115
2022/1xxx/CVE-2022-1912.json
View File

@ -1,45 +1,12 @@
{
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-1912",
"STATE": "PUBLIC",
"TITLE": "Button Widget Smartsoft <= 1.0.1 - Cross-Site Request Forgery to Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Button Widget Smartsoft",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.0.1",
"version_value": "1.0.1"
}
]
}
}
]
},
"vendor_name": "smartsoftbuttonwidget"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Ryo Onodera, Cryptography Laboratory in Tokyo Denki University\t"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-1912",
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
@ -48,25 +15,6 @@
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
@ -79,21 +27,64 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "smartsoftbuttonwidget",
"product": {
"product_data": [
{
"product_name": "Button Widget Smartsoft",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.0.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/53757567-5024-46cc-b2ae-04b5fc55a35c?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/53757567-5024-46cc-b2ae-04b5fc55a35c?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/smartsoftbutton-widget-de-botones-de-chat/trunk/admin/pages/settings.php#L60",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/smartsoftbutton-widget-de-botones-de-chat/trunk/admin/pages/settings.php#L60"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1912",
"refsource": "MISC",
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1912"
}
]
},
"source": {
"discovery": "EXTERNAL"
"credits": [
{
"lang": "en",
"value": "Ryo Onodera , a member of Cryptography Laboratory in Tokyo Denki University."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}
}

122
2022/1xxx/CVE-2022-1961.json
View File

@ -1,45 +1,12 @@
{
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-1961",
"STATE": "PUBLIC",
"TITLE": "Google Tag Manager for WordPress (GTM4WP) <= 1.15.1 - Stored Cross-Site Scripting via Content Element ID"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Google Tag Manager for WordPress (GTM4WP) ",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.15.1",
"version_value": "1.15.1"
}
]
}
}
]
},
"vendor_name": "duracelltomi"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Muhammad Zeeshan (Xib3rR4dAr)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-1961",
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
@ -48,57 +15,86 @@
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "duracelltomi",
"product": {
"product_data": [
{
"product_name": "GTM4WP",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.15.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/202c14d0-9207-47cb-9410-ca4c70d7b6d2?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/202c14d0-9207-47cb-9410-ca4c70d7b6d2?source=cve"
},
{
"url": "https://gist.github.com/Xib3rR4dAr/02a21cd0ea0b7bf586131c5eebb69f1d",
"refsource": "MISC",
"name": "https://gist.github.com/Xib3rR4dAr/02a21cd0ea0b7bf586131c5eebb69f1d"
},
{
"url": "https://wordpress.org/plugins/duracelltomi-google-tag-manager/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/duracelltomi-google-tag-manager/#developers"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2732977%40duracelltomi-google-tag-manager&new=2732977%40duracelltomi-google-tag-manager&sfp_email=&sfph_mail=",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2732977%40duracelltomi-google-tag-manager&new=2732977%40duracelltomi-google-tag-manager&sfp_email=&sfph_mail="
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1961",
"refsource": "MISC",
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1961"
}
]
},
"source": {
"discovery": "EXTERNAL"
"credits": [
{
"lang": "en",
"value": "Muhammad Zeeshan"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
}
]
}
}

119
2022/1xxx/CVE-2022-1969.json
View File

@ -1,45 +1,12 @@
{
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-1969",
"STATE": "PUBLIC",
"TITLE": "Mobile browser color select <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mobile browser color select",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.0.1",
"version_value": "1.0.1"
}
]
}
}
]
},
"vendor_name": "scriptcoil"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Tsubasa Imaizumi, Cryptography Laboratory in Tokyo Denki University"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-1969",
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
@ -48,25 +15,6 @@
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
@ -79,21 +27,64 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "scriptcoil",
"product": {
"product_data": [
{
"product_name": "Mobile browser color select",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.0.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/687cd0ac-5f78-4429-b6b5-dd1113143a4d?source=cve",
"refsource": "MISC",
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1969",
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1969"
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/687cd0ac-5f78-4429-b6b5-dd1113143a4d?source=cve"
},
{
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/browser/mobile-browser-color-select/trunk/mobile-browser-color-select.php#L62",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/mobile-browser-color-select/trunk/mobile-browser-color-select.php#L62"
},
{
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1969",
"refsource": "MISC",
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1969"
}
]
},
"source": {
"discovery": "EXTERNAL"
"credits": [
{
"lang": "en",
"value": "Tsutomu Aramaki"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}
}

127
2022/2xxx/CVE-2022-2001.json
View File

@ -1,45 +1,12 @@
{
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-2001",
"STATE": "PUBLIC",
"TITLE": "DX Share Selection <= 1.4 - Cross-Site Request Forgery to Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DX Share Selection",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.4",
"version_value": "1.4"
}
]
}
}
]
},
"vendor_name": "nofearinc"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Sho Sakata"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-2001",
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
@ -48,25 +15,6 @@
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
@ -79,21 +27,74 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "nofearinc",
"product": {
"product_data": [
{
"product_name": "DX Share Selection",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6a85fe7f-2d28-4509-99f2-875cb63c6500?source=cve",
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/changeset/2747572/dx-share-selection/trunk?contextall=1&old=2384535&old_path=%2Fdx-share-selection%2Ftrunk",
"name": "https://plugins.trac.wordpress.org/changeset/2747572/dx-share-selection/trunk?contextall=1&old=2384535&old_path=%2Fdx-share-selection%2Ftrunk"
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6a85fe7f-2d28-4509-99f2-875cb63c6500?source=cve"
},
{
"url": "https://wordpress.org/plugins/dx-share-selection/",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/dx-share-selection/"
},
{
"url": "https://plugins.trac.wordpress.org/browser/dx-share-selection/trunk/dx-share-selection.php#L284",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/dx-share-selection/trunk/dx-share-selection.php#L284"
},
{
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2001",
"refsource": "MISC",
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2001"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2747572/dx-share-selection/trunk?contextall=1&old=2384535&old_path=%2Fdx-share-selection%2Ftrunk",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/2747572/dx-share-selection/trunk?contextall=1&old=2384535&old_path=%2Fdx-share-selection%2Ftrunk"
}
]
},
"source": {
"discovery": "UNKNOWN"
"credits": [
{
"lang": "en",
"value": "Sho Sakata"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}
}

122
2022/2xxx/CVE-2022-2108.json
View File

@ -1,45 +1,12 @@
{
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-2108",
"STATE": "PUBLIC",
"TITLE": "Wbcom Designs \u2013 BuddyPress Group Reviews <= 2.8.3 - Unauthorized AJAX Actions due to Nonce Bypass"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Wbcom Designs \u2013 BuddyPress Group Reviews",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "2.9.3",
"version_value": "2.8.3"
}
]
}
}
]
},
"vendor_name": "wbcomdesigns/"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Marco Wotschka\t"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-2108",
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
@ -48,52 +15,81 @@
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization"
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "wbcomdesigns",
"product": {
"product_data": [
{
"product_name": "Wbcom Designs \u2013 BuddyPress Group Reviews",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "2.8.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/397dabc3-5dcf-4d1f-9e24-28af889cb76f?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/397dabc3-5dcf-4d1f-9e24-28af889cb76f?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/review-buddypress-groups/trunk/includes/bgr-ajax.php#L359",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/review-buddypress-groups/trunk/includes/bgr-ajax.php#L359"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2742109",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/2742109"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2108",
"refsource": "MISC",
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2108"
}
]
},
"source": {
"discovery": "UNKNOWN"
"credits": [
{
"lang": "en",
"value": "Marco Wotschka"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
}
]
}
}

119
2022/2xxx/CVE-2022-2223.json
View File

@ -1,45 +1,12 @@
{
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-2223",
"STATE": "PUBLIC",
"TITLE": "Image Slider <= 1.1.121 - Cross-Site Request Forgery to Post Duplication"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "\tImage Slider",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.1.121",
"version_value": "1.1.121"
}
]
}
}
]
},
"vendor_name": "ghozylab"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Marco Wotschka, Wordfence\t"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-2223",
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
@ -48,25 +15,6 @@
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
@ -79,21 +27,64 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ghozylab",
"product": {
"product_data": [
{
"product_name": "Image Slider",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.1.121"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6356e226-a449-4cd0-be60-2a1c9c70aa59?source=cve",
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2749352%40image-slider-widget&new=2749352%40image-slider-widget&sfp_email=&sfph_mail=",
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2749352%40image-slider-widget&new=2749352%40image-slider-widget&sfp_email=&sfph_mail="
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6356e226-a449-4cd0-be60-2a1c9c70aa59?source=cve"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2223",
"refsource": "MISC",
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2223"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2749352%40image-slider-widget&new=2749352%40image-slider-widget&sfp_email=&sfph_mail=",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2749352%40image-slider-widget&new=2749352%40image-slider-widget&sfp_email=&sfph_mail="
}
]
},
"source": {
"discovery": "UNKNOWN"
"credits": [
{
"lang": "en",
"value": "Marco Wotschka"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
}
]
}
}

121
2022/2xxx/CVE-2022-2233.json
View File

@ -1,72 +1,20 @@
{
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-2233",
"STATE": "PUBLIC",
"TITLE": "Banner Cycler <= 1.4 - Cross-Site Request Forgery to Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Banner Cycler",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.4",
"version_value": "1.4"
}
]
}
}
]
},
"vendor_name": "jkriddle"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "MOTEKI TAKERU"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-2233",
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Banner Cycler plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.4. This is due to missing nonce protection on the pabc_admin_slides_postback() function found in the ~/admin/admin.php file. This makes it possible for unauthenticated attackers to inject malicious web scripts into the page, granted they can trick a site\u2019s administrator into performing an action such as clicking on a link."
"value": "The Banner Cycler plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.4. This is due to missing nonce protection on the pabc_admin_slides_postback() function found in the ~/admin/admin.php file. This makes it possible for unauthenticated attackers to inject malicious web scripts into the page, granted they can trick a site\u2019s administrator into performing an action such as clicking on a link"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
@ -79,21 +27,64 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "jkriddle",
"product": {
"product_data": [
{
"product_name": "Banner Cycler",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6cc1d7f2-053d-42d4-afb7-6fb69fd71b91?source=cve",
"refsource": "MISC",
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2233",
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2233"
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6cc1d7f2-053d-42d4-afb7-6fb69fd71b91?source=cve"
},
{
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/browser/banner-cycler/trunk/admin/admin.php#L131",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/banner-cycler/trunk/admin/admin.php#L131"
},
{
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2233",
"refsource": "MISC",
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2233"
}
]
},
"source": {
"discovery": "EXTERNAL"
"credits": [
{
"lang": "en",
"value": "MOTEKI TAKERU"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}
}

119
2022/2xxx/CVE-2022-2433.json
View File

@ -1,45 +1,12 @@
{
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-2433",
"STATE": "PUBLIC",
"TITLE": "WordPress Infinite Scroll \u2013 Ajax Load More <= 5.5.3 - Cross-Site Request Forgery to PHAR Deserialization"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WordPress Infinite Scroll \u2013 Ajax Load More",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "5.5.3",
"version_value": "5.5.3"
}
]
}
}
]
},
"vendor_name": "connekthq"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Rasoul Jahanshahi"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-2433",
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
@ -48,25 +15,6 @@
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
@ -79,21 +27,64 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "connekthq",
"product": {
"product_data": [
{
"product_name": "WordPress Infinite Scroll \u2013 Ajax Load More",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "5.5.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/040ae20d-93e3-4c65-ba74-4ff0b5c1afc7?source=cve",
"refsource": "MISC",
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2433",
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2433"
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/040ae20d-93e3-4c65-ba74-4ff0b5c1afc7?source=cve"
},
{
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/changeset/2772627/ajax-load-more/trunk/admin/admin.php",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/2772627/ajax-load-more/trunk/admin/admin.php"
},
{
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2433",
"refsource": "MISC",
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2433"
}
]
},
"source": {
"discovery": "EXTERNAL"
"credits": [
{
"lang": "en",
"value": "Rasoul Jahanshahi"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}
}

125
2022/2xxx/CVE-2022-2434.json
View File

@ -1,45 +1,12 @@
{
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-2434",
"STATE": "PUBLIC",
"TITLE": "String Locator <= 2.5.0 - Cross-Site Request Forgery to PHAR Deserialization"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "String Locator",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "2.5.0",
"version_value": "2.5.0"
}
]
}
}
]
},
"vendor_name": "instawp"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Rasoul Jahanshahi"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-2434",
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
@ -48,25 +15,6 @@
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
@ -76,37 +24,72 @@
"value": "CWE-502 Deserialization of Untrusted Data"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "instawp",
"product": {
"product_data": [
{
"product_name": "String locator",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "2.5.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/10a36e37-4188-403f-9b17-d7e79b8b8a6d?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/10a36e37-4188-403f-9b17-d7e79b8b8a6d?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/string-locator/trunk/editor.php#L59",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/string-locator/trunk/editor.php#L59"
},
{
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2759486%40string-locator&new=2759486%40string-locator&sfp_email=&sfph_mail=",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2759486%40string-locator&new=2759486%40string-locator&sfp_email=&sfph_mail="
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2434",
"refsource": "MISC",
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2434"
}
]
},
"source": {
"discovery": "EXTERNAL"
"credits": [
{
"lang": "en",
"value": "Rasoul Jahanshahi"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}
}

115
2022/2xxx/CVE-2022-2435.json
View File

@ -1,45 +1,12 @@
{
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-2435",
"STATE": "PUBLIC",
"TITLE": "AnyMind Widget <= 1.1 - Cross-Site Request Forgery to Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AnyMind Widget",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.1",
"version_value": "1.1"
}
]
}
}
]
},
"vendor_name": "mbeltwski"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Sho Sakata"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-2435",
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
@ -48,25 +15,6 @@
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
@ -79,21 +27,64 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "mbeltwski",
"product": {
"product_data": [
{
"product_name": "AnyMind Widget",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/174eae70-15d7-4772-8fcd-dc4c0fca5b7d?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/174eae70-15d7-4772-8fcd-dc4c0fca5b7d?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/anymind-widget/trunk/anymind-widget-id.php",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/anymind-widget/trunk/anymind-widget-id.php"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2435",
"refsource": "MISC",
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2435"
}
]
},
"source": {
"discovery": "UNKNOWN"
"credits": [
{
"lang": "en",
"value": "Sho Sakata"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}
}

125
2022/2xxx/CVE-2022-2436.json
View File

@ -1,45 +1,12 @@
{
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-2436",
"STATE": "PUBLIC",
"TITLE": "Download Manager <= 3.2.49 - Authenticated (Contributor+) PHAR Deserialization"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Download Manager",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "3.2.49",
"version_value": "3.2.49"
}
]
}
}
]
},
"vendor_name": "codename065"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Rasoul Jahanshahi"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-2436",
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
@ -48,25 +15,6 @@
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
@ -79,26 +27,69 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "codename065",
"product": {
"product_data": [
{
"product_name": "Download Manager",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "3.2.49"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/471957f6-54c1-4268-b2e1-8efa391dcaec?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/471957f6-54c1-4268-b2e1-8efa391dcaec?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/Admin/Menu/Packages.php#L68",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/Admin/Menu/Packages.php#L68"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2761422%40download-manager%2Ftrunk%2Fsrc%2FAdmin%2FMenu%2FPackages.php&new=2761422%40download-manager%2Ftrunk%2Fsrc%2FAdmin%2FMenu%2FPackages.php",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2761422%40download-manager%2Ftrunk%2Fsrc%2FAdmin%2FMenu%2FPackages.php&new=2761422%40download-manager%2Ftrunk%2Fsrc%2FAdmin%2FMenu%2FPackages.php"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2436",
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2436"
},
{
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/Admin/Menu/Packages.php#L68",
"name": "https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/Admin/Menu/Packages.php#L68"
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2436"
}
]
},
"source": {
"discovery": "EXTERNAL"
"credits": [
{
"lang": "en",
"value": "Rasoul Jahanshahi"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}
}

115
2022/2xxx/CVE-2022-2437.json
View File

@ -1,45 +1,12 @@
{
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-2437",
"STATE": "PUBLIC",
"TITLE": "Feed Them Social \u2013 for Twitter feed, Youtube and more <= 2.9.8.5 - Unauthenticated PHAR Deserialization"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Feed Them Social \u2013 for Twitter feed, Youtube and more",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "2.9.8.5",
"version_value": "2.9.8.5"
}
]
}
}
]
},
"vendor_name": "slickremix"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Rasoul Jahanshahi"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-2437",
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
@ -48,25 +15,6 @@
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
@ -79,21 +27,64 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "slickremix",
"product": {
"product_data": [
{
"product_name": "Feed Them Social \u2013 Page, Post, Video, and Photo Galleries",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "2.9.8.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/50bcea94-b12a-4b31-b0c1-bba834ea9bd0?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/50bcea94-b12a-4b31-b0c1-bba834ea9bd0?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2754749%40feed-them-social&new=2754749%40feed-them-social&sfp_email=&sfph_mail=",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2754749%40feed-them-social&new=2754749%40feed-them-social&sfp_email=&sfph_mail="
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2437",
"refsource": "MISC",
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2437"
}
]
},
"source": {
"discovery": "UNKNOWN"
"credits": [
{
"lang": "en",
"value": "Rasoul Jahanshahi"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
}
]
}
}

115
2022/2xxx/CVE-2022-2438.json
View File

@ -1,45 +1,12 @@
{
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-2438",
"STATE": "PUBLIC",
"TITLE": "Broken Link Checker <= 1.11.16 - Authenticated (Admin+) PHAR Deserialization"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Broken Link Checker",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.11.16",
"version_value": "1.11.16"
}
]
}
}
]
},
"vendor_name": "wpmudev"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Rasoul Jahanshahi"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-2438",
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
@ -48,25 +15,6 @@
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
@ -79,21 +27,64 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "wpmudev",
"product": {
"product_data": [
{
"product_name": "Broken Link Checker",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.11.16"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/62fd472e-208b-48db-8f98-3d935c7a678c?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/62fd472e-208b-48db-8f98-3d935c7a678c?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2757773/broken-link-checker/trunk/core/core.php?old=2605914&old_path=broken-link-checker%2Ftrunk%2Fcore%2Fcore.php",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/2757773/broken-link-checker/trunk/core/core.php?old=2605914&old_path=broken-link-checker%2Ftrunk%2Fcore%2Fcore.php"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2438",
"refsource": "MISC",
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2438"
}
]
},
"source": {
"discovery": "EXTERNAL"
"credits": [
{
"lang": "en",
"value": "Rasoul Jahanshahi"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.2,
"baseSeverity": "HIGH"
}
]
}
}

129
2022/2xxx/CVE-2022-2444.json
View File

@ -1,45 +1,12 @@
{
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-2444",
"STATE": "PUBLIC",
"TITLE": "Visualizer: Tables and Charts Manager for WordPress <= 3.7.9 - Authenticated (Contributor+) PHAR Deserialization"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Visualizer: Tables and Charts Manager for WordPress ",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "3.7.9",
"version_value": "3.7.9"
}
]
}
}
]
},
"vendor_name": "themeisle"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Rasoul Jahanshahi"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-2444",
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
@ -48,25 +15,6 @@
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
@ -79,36 +27,79 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "themeisle",
"product": {
"product_data": [
{
"product_name": "Visualizer: Tables and Charts Manager for WordPress",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "3.7.9"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d9606d92-8061-4dfc-a6e2-509b54613277?source=cve",
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2752058%40visualizer&new=2752058%40visualizer&sfp_email=&sfph_mail=",
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2752058%40visualizer&new=2752058%40visualizer&sfp_email=&sfph_mail="
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d9606d92-8061-4dfc-a6e2-509b54613277?source=cve"
},
{
"refsource": "MISC",
"url": "https://github.com/Codeinwp/visualizer/blob/master/classes/Visualizer/Module/Chart.php#L1115",
"name": "https://github.com/Codeinwp/visualizer/blob/master/classes/Visualizer/Module/Chart.php#L1115"
},
{
"refsource": "MISC",
"url": "https://github.com/Codeinwp/visualizer/blob/master/classes/Visualizer/Source/Csv.php",
"refsource": "MISC",
"name": "https://github.com/Codeinwp/visualizer/blob/master/classes/Visualizer/Source/Csv.php"
},
{
"url": "https://github.com/Codeinwp/visualizer/blob/master/classes/Visualizer/Module/Chart.php#L1115",
"refsource": "MISC",
"name": "https://github.com/Codeinwp/visualizer/blob/master/classes/Visualizer/Module/Chart.php#L1115"
},
{
"url": "https://github.com/Codeinwp/visualizer/compare/v3.7.9...v3.7.10",
"refsource": "MISC",
"name": "https://github.com/Codeinwp/visualizer/compare/v3.7.9...v3.7.10"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2752058%40visualizer&new=2752058%40visualizer&sfp_email=&sfph_mail=",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2752058%40visualizer&new=2752058%40visualizer&sfp_email=&sfph_mail="
},
{
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2444",
"refsource": "MISC",
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2444"
}
]
},
"source": {
"discovery": "UNKNOWN"
"credits": [
{
"lang": "en",
"value": "Rasoul Jahanshahi"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}
}

141
2022/2xxx/CVE-2022-2461.json
View File

@ -1,45 +1,12 @@
{
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-2461",
"STATE": "PUBLIC",
"TITLE": "Transposh WordPress Translation <= 1.0.8.1 - Unauthorized Settings Change"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Transposh WordPress Translation",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.0.8.1",
"version_value": "1.0.8.1"
}
]
}
}
]
},
"vendor_name": "oferwald"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Julien Ahrens"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-2461",
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
@ -48,67 +15,91 @@
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
"value": "CWE-285 Improper Authorization"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "oferwald",
"product": {
"product_data": [
{
"product_name": "Transposh WordPress Translation",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.0.8.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/223373fc-9d78-47f0-b283-109f8e00b802?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/223373fc-9d78-47f0-b283-109f8e00b802?source=cve"
},
{
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2461",
"refsource": "MISC",
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2461"
},
{
"url": "https://www.rcesecurity.com/2022/07/WordPress-Transposh-Exploiting-a-Blind-SQL-Injection-via-XSS/",
"refsource": "MISC",
"name": "https://www.rcesecurity.com/2022/07/WordPress-Transposh-Exploiting-a-Blind-SQL-Injection-via-XSS/"
},
{
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/167870/wptransposh107-auth.txt",
"name": "https://packetstormsecurity.com/files/167870/wptransposh107-auth.txt"
},
{
"refsource": "MISC",
"url": "https://www.exploitalert.com/view-details.html?id=38891",
"name": "https://www.exploitalert.com/view-details.html?id=38891"
},
{
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/browser/transposh-translation-filter-for-wordpress/trunk/transposh.php?rev=2682425#L1989",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/transposh-translation-filter-for-wordpress/trunk/transposh.php?rev=2682425#L1989"
},
{
"url": "https://packetstormsecurity.com/files/167870/wptransposh107-auth.txt",
"refsource": "MISC",
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2461",
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2461"
"name": "https://packetstormsecurity.com/files/167870/wptransposh107-auth.txt"
},
{
"url": "https://www.exploitalert.com/view-details.html?id=38891",
"refsource": "MISC",
"name": "https://www.exploitalert.com/view-details.html?id=38891"
}
]
},
"source": {
"discovery": "EXTERNAL"
"credits": [
{
"lang": "en",
"value": "Julien Ahrens"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
]
}
}

132
2022/2xxx/CVE-2022-2473.json
View File

@ -1,45 +1,12 @@
{
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-2473",
"STATE": "PUBLIC",
"TITLE": "WP-UserOnline <= 2.87.6 - Authenticated (Admin+) Stored Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WP-UserOnline",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "2.87.6",
"version_value": "2.87.6"
}
]
}
}
]
},
"vendor_name": "gamerz"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "steffin stanly"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-2473",
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
@ -48,62 +15,101 @@
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "gamerz",
"product": {
"product_data": [
{
"product_name": "WP-UserOnline",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "2.87.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6a44a55e-a96a-4698-9948-6ef33138a834?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6a44a55e-a96a-4698-9948-6ef33138a834?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2758412%40wp-useronline&new=2758412%40wp-useronline&sfp_email=&sfph_mail=",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2758412%40wp-useronline&new=2758412%40wp-useronline&sfp_email=&sfph_mail="
},
{
"url": "https://youtu.be/Q3zInrUnAV0",
"refsource": "MISC",
"name": "https://youtu.be/Q3zInrUnAV0"
},
{
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2473",
"refsource": "MISC",
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2473"
},
{
"url": "https://www.exploit-db.com/exploits/50988",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/50988"
},
{
"url": "https://packetstormsecurity.com/files/167864/wpuseronline2876-xss.txt",
"refsource": "MISC",
"name": "https://packetstormsecurity.com/files/167864/wpuseronline2876-xss.txt"
},
{
"refsource": "MISC",
"url": "https://www.exploitalert.com/view-details.html?id=38893",
"refsource": "MISC",
"name": "https://www.exploitalert.com/view-details.html?id=38893"
},
{
"url": "https://www.exploitalert.com/view-details.html?id=38912",
"refsource": "MISC",
"name": "https://www.exploitalert.com/view-details.html?id=38912"
}
]
},
"source": {
"discovery": "EXTERNAL"
"credits": [
{
"lang": "en",
"value": "steffin stanly"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
}
]
}
}

123
2022/2xxx/CVE-2022-2515.json
View File

@ -1,45 +1,12 @@
{
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-2515",
"STATE": "PUBLIC",
"TITLE": "Simple Banner <= 2.11.0 - Authenticated Stored Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Simple Banner",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "2.11.0",
"version_value": "2.11.0"
}
]
}
}
]
},
"vendor_name": "rpetersen29"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Muhammad Zeeshan (Xib3rR4dAr)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-2515",
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
@ -48,57 +15,81 @@
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "rpetersen29",
"product": {
"product_data": [
{
"product_name": "Simple Banner \u2013 An easy to use Banner/Bar/Notification/Announcement for the top or bottom of your website",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "2.11.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3bb9520d-e679-4e8a-ae3c-8207f17d45a2?source=cve",
"refsource": "MISC",
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2515",
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2515"
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3bb9520d-e679-4e8a-ae3c-8207f17d45a2?source=cve"
},
{
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2758766%40simple-banner&new=2758766%40simple-banner&sfp_email=&sfph_mail=",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2758766%40simple-banner&new=2758766%40simple-banner&sfp_email=&sfph_mail="
},
{
"refsource": "MISC",
"url": "https://gist.github.com/Xib3rR4dAr/6aa9e730c1d030a5ee9f9d1eae6fbd5e",
"refsource": "MISC",
"name": "https://gist.github.com/Xib3rR4dAr/6aa9e730c1d030a5ee9f9d1eae6fbd5e"
},
{
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2515",
"refsource": "MISC",
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2515"
}
]
},
"source": {
"discovery": "EXTERNAL"
"credits": [
{
"lang": "en",
"value": "Muhammad Zeeshan"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
}
]
}
}

120
2022/2xxx/CVE-2022-2518.json
View File

@ -1,45 +1,12 @@
{
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-2518",
"STATE": "PUBLIC",
"TITLE": "Stockists Manager for Woocommerce <= 1.0.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Stockists Manager for Woocommerce",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.0.2.1",
"version_value": "1.0.2.1"
}
]
}
}
]
},
"vendor_name": "dholovnia"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Yuta Kikuchi"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-2518",
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
@ -48,25 +15,6 @@
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
@ -79,21 +27,69 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "dholovnia",
"product": {
"product_data": [
{
"product_name": "Stockists Manager for Woocommerce",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.0.2.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5b5e0204-4a05-45c1-833a-c2e4016d9830?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5b5e0204-4a05-45c1-833a-c2e4016d9830?source=cve"
},
{
"url": "https://wordpress.org/plugins/stockists-manager/",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/stockists-manager/"
},
{
"url": "https://plugins.trac.wordpress.org/browser/stockists-manager/trunk/stockist_settings.php",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/stockists-manager/trunk/stockist_settings.php"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2518",
"refsource": "MISC",
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2518"
}
]
},
"source": {
"discovery": "EXTERNAL"
"credits": [
{
"lang": "en",
"value": "Yuta Kikuchi"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}
}

121
2022/2xxx/CVE-2022-2541.json
View File

@ -1,45 +1,12 @@
{
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-2541",
"STATE": "PUBLIC",
"TITLE": "uContext for Amazon <= 3.9.1 - Cross-Site Request Forgery to Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "uContext for Amazon",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "3.9.1",
"version_value": "3.9.1"
}
]
}
}
]
},
"vendor_name": "gcornelisse"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Hayato Takizawa"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-2541",
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
@ -48,25 +15,6 @@
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
@ -79,26 +27,69 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "gcornelisse",
"product": {
"product_data": [
{
"product_name": "uContext for Amazon",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "3.9.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0f7c43d4-cf21-4324-bc77-50bdc2c24661?source=cve",
"refsource": "MISC",
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2541",
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2541"
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0f7c43d4-cf21-4324-bc77-50bdc2c24661?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ucontext-for-amazon/trunk/app/sites/ajax/actions/keyword_save.php",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/ucontext-for-amazon/trunk/app/sites/ajax/actions/keyword_save.php"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ucontext-for-amazon/trunk/app/Ucontext4a_Ajax.php",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/ucontext-for-amazon/trunk/app/Ucontext4a_Ajax.php"
},
{
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2541",
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/browser/ucontext-for-amazon/trunk/app/sites/ajax/actions/keyword_save.php",
"name": "https://plugins.trac.wordpress.org/browser/ucontext-for-amazon/trunk/app/sites/ajax/actions/keyword_save.php"
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2541"
}
]
},
"source": {
"discovery": "EXTERNAL"
"credits": [
{
"lang": "en",
"value": "Hayato Takizawa"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}
}

121
2022/2xxx/CVE-2022-2542.json
View File

@ -1,45 +1,12 @@
{
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-2542",
"STATE": "PUBLIC",
"TITLE": "uContext for Clickbank <= 3.9.1 - Cross-Site Request Forgery to Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "uContext for Clickbank",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "3.9.1",
"version_value": "3.9.1"
}
]
}
}
]
},
"vendor_name": "gcornelisse"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Hayato Takizawa"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-2542",
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
@ -48,25 +15,6 @@
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
@ -79,26 +27,69 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "gcornelisse",
"product": {
"product_data": [
{
"product_name": "uContext for Clickbank",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "3.9.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4af83d4b-2eae-481f-b3fd-d5bcacc1d709?source=cve",
"refsource": "MISC",
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2542",
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2542"
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4af83d4b-2eae-481f-b3fd-d5bcacc1d709?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ucontext/trunk/app/Ucontext_Ajax.php",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/ucontext/trunk/app/Ucontext_Ajax.php"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ucontext/trunk/app/sites/ajax/actions/keyword_save.php",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/ucontext/trunk/app/sites/ajax/actions/keyword_save.php"
},
{
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2542",
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/browser/ucontext/trunk/app/Ucontext_Ajax.php",
"name": "https://plugins.trac.wordpress.org/browser/ucontext/trunk/app/Ucontext_Ajax.php"
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2542"
}
]
},
"source": {
"discovery": "EXTERNAL"
"credits": [
{
"lang": "en",
"value": "Hayato Takizawa"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}
}

125
2022/2xxx/CVE-2022-2941.json
View File

@ -1,45 +1,12 @@
{
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-2941",
"STATE": "PUBLIC",
"TITLE": "WP-UserOnline <= 2.88.0 - Authenticated (Admin+) Stored Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WP-UserOnline",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "2.88.0",
"version_value": "2.88.0"
}
]
}
}
]
},
"vendor_name": "gamerz"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Juampa Rodr\u00edguez"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-2941",
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
@ -48,62 +15,86 @@
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "gamerz",
"product": {
"product_data": [
{
"product_name": "WP-UserOnline",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "2.88.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5c4fb14c-de6d-4247-8f83-050f1350f6a2?source=cve",
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2770235%40wp-useronline&new=2770235%40wp-useronline&sfp_email=&sfph_mail=",
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2770235%40wp-useronline&new=2770235%40wp-useronline&sfp_email=&sfph_mail="
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5c4fb14c-de6d-4247-8f83-050f1350f6a2?source=cve"
},
{
"refsource": "MISC",
"url": "https://github.com/lesterchan/wp-useronline/commit/59c76b20e4e27489f93dee4ef1254d6204e08b3c",
"refsource": "MISC",
"name": "https://github.com/lesterchan/wp-useronline/commit/59c76b20e4e27489f93dee4ef1254d6204e08b3c"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2770235%40wp-useronline&new=2770235%40wp-useronline&sfp_email=&sfph_mail=",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2770235%40wp-useronline&new=2770235%40wp-useronline&sfp_email=&sfph_mail="
},
{
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2941",
"refsource": "MISC",
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2941"
},
{
"url": "https://packetstormsecurity.com/files/168479/wpuseronline2880-xss.txt",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/168479/WordPress-WP-UserOnline-2.88.0-Cross-Site-Scripting.html",
"url": "http://packetstormsecurity.com/files/168479/WordPress-WP-UserOnline-2.88.0-Cross-Site-Scripting.html"
"name": "https://packetstormsecurity.com/files/168479/wpuseronline2880-xss.txt"
}
]
},
"source": {
"discovery": "EXTERNAL"
"credits": [
{
"lang": "en",
"value": "Juampa Rodr\u00edguez"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
}
]
}
}

119
2022/2xxx/CVE-2022-2943.json
View File

@ -1,45 +1,12 @@
{
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-2943",
"STATE": "PUBLIC",
"TITLE": "WordPress Infinite Scroll \u2013 Ajax Load More <= 5.5.3 - Authenticated (Admin+) Arbitrary File Read"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WordPress Infinite Scroll \u2013 Ajax Load More ",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "5.5.3",
"version_value": "5.5.3"
}
]
}
}
]
},
"vendor_name": "connekthq"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Muhammad Zeeshan (Xib3rR4dAr)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-2943",
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
@ -48,57 +15,81 @@
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-73 External Control of File Name or Path"
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "connekthq",
"product": {
"product_data": [
{
"product_name": "WordPress Infinite Scroll \u2013 Ajax Load More",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "5.5.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6d643d07-7533-430b-a1d8-8e66a2a2c5e6?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6d643d07-7533-430b-a1d8-8e66a2a2c5e6?source=cve"
},
{
"url": "https://plugins.svn.wordpress.org/ajax-load-more/tags/5.5.4/README.txt",
"refsource": "MISC",
"name": "https://plugins.svn.wordpress.org/ajax-load-more/tags/5.5.4/README.txt"
},
{
"refsource": "MISC",
"url": "https://gist.github.com/Xib3rR4dAr/f9a4b4838154854ec6cde7d5deb76bf9",
"refsource": "MISC",
"name": "https://gist.github.com/Xib3rR4dAr/f9a4b4838154854ec6cde7d5deb76bf9"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2943",
"refsource": "MISC",
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2943"
}
]
},
"source": {
"discovery": "EXTERNAL"
"credits": [
{
"lang": "en",
"value": "Muhammad Zeeshan"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
}
]
}
}

32
2023/22xxx/CVE-2023-22515.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances.\n\nAtlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue. \n\nFor more details, please review the linked advisory on this CVE."
"value": "Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. \r\n\r\nAtlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue. "
}
]
},
@ -62,14 +62,6 @@
"version": ">= 8.0.3",
"status": "affected"
},
{
"version": ">= 8.0.4",
"status": "affected"
},
{
"version": ">= 8.1.1",
"status": "affected"
},
{
"version": ">= 8.1.3",
"status": "affected"
@ -172,14 +164,6 @@
"version": ">= 8.0.3",
"status": "affected"
},
{
"version": ">= 8.0.4",
"status": "affected"
},
{
"version": ">= 8.1.1",
"status": "affected"
},
{
"version": ">= 8.1.3",
"status": "affected"
@ -262,6 +246,11 @@
},
"references": {
"reference_data": [
{
"url": "http://packetstormsecurity.com/files/175225/Atlassian-Confluence-Unauthenticated-Remote-Code-Execution.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/175225/Atlassian-Confluence-Unauthenticated-Remote-Code-Execution.html"
},
{
"url": "https://confluence.atlassian.com/display/KB/FAQ+for+CVE-2023-22515",
"refsource": "MISC",
@ -273,14 +262,9 @@
"name": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1295682276"
},
{
"url": "https://jira.atlassian.com/browse/CONFSERVER-92457",
"url": "https://jira.atlassian.com/browse/CONFSERVER-92475",
"refsource": "MISC",
"name": "https://jira.atlassian.com/browse/CONFSERVER-92457"
},
{
"url": "http://packetstormsecurity.com/files/175225/Atlassian-Confluence-Unauthenticated-Remote-Code-Execution.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/175225/Atlassian-Confluence-Unauthenticated-Remote-Code-Execution.html"
"name": "https://jira.atlassian.com/browse/CONFSERVER-92475"
}
]
},

75
2023/3xxx/CVE-2023-3933.json
View File

@ -1,17 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-3933",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Your Journey theme for WordPress is vulnerable to Reflected Cross-Site Scripting via prototype pollution in versions up to, and including, 1.9.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "wiloke",
"product": {
"product_data": [
{
"product_name": "Your Journey",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.9.8"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c738e051-ad1c-4115-94d3-127dd5dff935?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c738e051-ad1c-4115-94d3-127dd5dff935?source=cve"
},
{
"url": "https://github.com/BlackFan/client-side-prototype-pollution",
"refsource": "MISC",
"name": "https://github.com/BlackFan/client-side-prototype-pollution"
}
]
},
"credits": [
{
"lang": "en",
"value": "longxi"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
}
]
}

75
2023/3xxx/CVE-2023-3962.json
View File

@ -1,17 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-3962",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Winters theme for WordPress is vulnerable to Reflected Cross-Site Scripting via prototype pollution in versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "myshopkit",
"product": {
"product_data": [
{
"product_name": "Winters - WordPress Blog Theme",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.4.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6f8b75a1-f0f2-445b-a1c7-1628916470d3?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6f8b75a1-f0f2-445b-a1c7-1628916470d3?source=cve"
},
{
"url": "https://github.com/BlackFan/client-side-prototype-pollution",
"refsource": "MISC",
"name": "https://github.com/BlackFan/client-side-prototype-pollution"
}
]
},
"credits": [
{
"lang": "en",
"value": "longxi"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
}
]
}

75
2023/3xxx/CVE-2023-3965.json
View File

@ -1,17 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-3965",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The nsc theme for WordPress is vulnerable to Reflected Cross-Site Scripting via prototype pollution in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "National Show Centre",
"product": {
"product_data": [
{
"product_name": "NSC WordPress Theme",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5909513d-8877-40ff-bee9-d565141b7ed2?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5909513d-8877-40ff-bee9-d565141b7ed2?source=cve"
},
{
"url": "https://github.com/BlackFan/client-side-prototype-pollution",
"refsource": "MISC",
"name": "https://github.com/BlackFan/client-side-prototype-pollution"
}
]
},
"credits": [
{
"lang": "en",
"value": "longxi"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
}
]
}

18
2023/46xxx/CVE-2023-46288.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46288",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/5xxx/CVE-2023-5681.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5681",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/5xxx/CVE-2023-5682.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5682",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/5xxx/CVE-2023-5683.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5683",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/5xxx/CVE-2023-5684.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5684",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/5xxx/CVE-2023-5685.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5685",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}