From 1aad0f46637f6fbc4d430483f320d1b5d5c9e409 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 11 Feb 2023 23:00:41 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/23xxx/CVE-2021-23150.json | 168 +++++++++++++++++--------------- 2021/36xxx/CVE-2021-36823.json | 171 ++++++++++++++++++--------------- 2021/36xxx/CVE-2021-36826.json | 171 ++++++++++++++++++--------------- 2022/38xxx/CVE-2022-38093.json | 166 ++++++++++++++++++-------------- 4 files changed, 369 insertions(+), 307 deletions(-) diff --git a/2021/23xxx/CVE-2021-23150.json b/2021/23xxx/CVE-2021-23150.json index 577e0044af8..530bb90d851 100644 --- a/2021/23xxx/CVE-2021-23150.json +++ b/2021/23xxx/CVE-2021-23150.json @@ -1,105 +1,123 @@ { - "CVE_data_meta": { - "ASSIGNER": "audit@patchstack.com", - "DATE_PUBLIC": "2021-12-11T09:34:00.000Z", - "ID": "CVE-2021-23150", - "STATE": "PUBLIC", - "TITLE": "WordPress AMP for WP \u2013 Accelerated Mobile Pages plugin <= 1.0.77.31 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "AMP for WP \u2013 Accelerated Mobile Pages (WordPress plugin)", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "<= 1.0.77.31", - "version_value": "1.0.77.31" - } - ] - } - } - ] - }, - "vendor_name": "Ahmed Kaludi, Mohammed Kaludi" - } - ] - } - }, - "credit": [ - { - "lang": "eng", - "value": "Vulnerability discovered by Nguyen Anh Tien (Patchstack Red Team project)" - } - ], - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2021-23150", + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" + }, "description": { "description_data": [ { "lang": "eng", - "value": "Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in AMP for WP \u2013 Accelerated Mobile Pages WordPress plugin (versions <= 1.0.77.31)." + "value": "Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability discovered in AMP for WP \u2013 Accelerated Mobile Pages plugin <= 1.0.77.31 versions." } ] }, - "generator": { - "engine": "Vulnogram 0.0.9" - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 4.8, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "HIGH", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", - "version": "3.1" - } - }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-79 Cross-site Scripting (XSS)" + "value": "CWE-79 Cross-site Scripting (XSS)", + "cweId": "CWE-79" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Ahmed Kaludi, Mohammed Kaludi", + "product": { + "product_data": [ + { + "product_name": "AMP for WP \u2013 Accelerated Mobile Pages (WordPress plugin)", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "1.0.77.32", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.0.77.31", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://wordpress.org/plugins/accelerated-mobile-pages/#developers", - "refsource": "CONFIRM", - "url": "https://wordpress.org/plugins/accelerated-mobile-pages/#developers" - }, - { - "name": "https://patchstack.com/database/vulnerability/accelerated-mobile-pages/wordpress-amp-for-wp-accelerated-mobile-pages-plugin-1-0-77-31-authenticated-stored-cross-site-scripting-xss-vulnerability", - "refsource": "CONFIRM", - "url": "https://patchstack.com/database/vulnerability/accelerated-mobile-pages/wordpress-amp-for-wp-accelerated-mobile-pages-plugin-1-0-77-31-authenticated-stored-cross-site-scripting-xss-vulnerability" + "url": "https://patchstack.com/database/vulnerability/accelerated-mobile-pages/wordpress-amp-for-wp-accelerated-mobile-pages-plugin-1-0-77-31-authenticated-stored-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/accelerated-mobile-pages/wordpress-amp-for-wp-accelerated-mobile-pages-plugin-1-0-77-31-authenticated-stored-cross-site-scripting-xss-vulnerability?_s_id=cve" } ] }, - "solution": [ - { - "lang": "eng", - "value": "Update to 1.0.77.32 or higher version." - } - ], + "generator": { + "engine": "Vulnogram 0.0.9" + }, "source": { "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "

Update to 1.0.77.32 or higher version.

" + } + ], + "value": "Update to 1.0.77.32 or higher version.\n\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "Nguyen Anh Tien (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + ] } } \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36823.json b/2021/36xxx/CVE-2021-36823.json index a848f0fee92..bf3c67ce918 100644 --- a/2021/36xxx/CVE-2021-36823.json +++ b/2021/36xxx/CVE-2021-36823.json @@ -1,110 +1,123 @@ { - "CVE_data_meta": { - "ASSIGNER": "audit@patchstack.com", - "DATE_PUBLIC": "2021-09-23T12:29:00.000Z", - "ID": "CVE-2021-36823", - "STATE": "PUBLIC", - "TITLE": "WordPress Absolutely Glamorous Custom Admin plugin <= 6.8 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "AGCA - Absolutely Glamorous Custom Admin (WordPress plugin)", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "6.8", - "version_value": "6.8" - } - ] - } - } - ] - }, - "vendor_name": "Cusmin" - } - ] - } - }, - "credit": [ - { - "lang": "eng", - "value": "Original researcher - J\u00f6rgson (Patchstack Red Team)" - } - ], - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2021-36823", + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" + }, "description": { "description_data": [ { "lang": "eng", - "value": "Authenticated Stored Cross-Site Scripting (XSS) vulnerability in WordPress Absolutely Glamorous Custom Admin plugin (versions <= 6.8). Stored XSS possible via unsanitized input fields of the plugin settings, some of the payloads could make the frontend and the backend inaccessible." + "value": "Auth. Stored Cross-Site Scripting (XSS) vulnerability in WordPress Absolutely Glamorous Custom Admin plugin <= 6.8 versions." } ] }, - "generator": { - "engine": "Vulnogram 0.0.9" - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 6.6, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "HIGH", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L", - "version": "3.1" - } - }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-79 Cross-site Scripting (XSS)" + "value": "CWE-79 Cross-site Scripting (XSS)", + "cweId": "CWE-79" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Cusmin", + "product": { + "product_data": [ + { + "product_name": "AGCA - Absolutely Glamorous Custom Admin (WordPress plugin)", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "6.9", + "status": "unaffected" + } + ], + "lessThanOrEqual": "6.8", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://plugins.svn.wordpress.org/ag-custom-admin/trunk/changelog.txt", - "refsource": "CONFIRM", - "url": "https://plugins.svn.wordpress.org/ag-custom-admin/trunk/changelog.txt" - }, - { - "name": "https://patchstack.com/database/vulnerability/ag-custom-admin/wordpress-absolutely-glamorous-custom-admin-plugin-6-8-authenticated-stored-cross-site-scripting-xss-vulnerability", + "url": "https://patchstack.com/database/vulnerability/ag-custom-admin/wordpress-absolutely-glamorous-custom-admin-plugin-6-8-authenticated-stored-cross-site-scripting-xss-vulnerability?_s_id=cve", "refsource": "MISC", - "url": "https://patchstack.com/database/vulnerability/ag-custom-admin/wordpress-absolutely-glamorous-custom-admin-plugin-6-8-authenticated-stored-cross-site-scripting-xss-vulnerability" - }, - { - "name": "https://www.youtube.com/watch?v=tnyIIWntOww", - "refsource": "MISC", - "url": "https://www.youtube.com/watch?v=tnyIIWntOww" + "name": "https://patchstack.com/database/vulnerability/ag-custom-admin/wordpress-absolutely-glamorous-custom-admin-plugin-6-8-authenticated-stored-cross-site-scripting-xss-vulnerability?_s_id=cve" } ] }, - "solution": [ - { - "lang": "eng", - "value": "Update to version 6.9.2 (partly patched in 6.9 and 6.9.1) or higher." - } - ], + "generator": { + "engine": "Vulnogram 0.0.9" + }, "source": { "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "

Update to version 6.9.2 or higher.

" + } + ], + "value": "Update to version 6.9.2 or higher.\n\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "J\u00f6rgson (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L", + "version": "3.1" + } + ] } } \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36826.json b/2021/36xxx/CVE-2021-36826.json index 6ad7b07c22d..7f87941c649 100644 --- a/2021/36xxx/CVE-2021-36826.json +++ b/2021/36xxx/CVE-2021-36826.json @@ -1,110 +1,123 @@ { - "CVE_data_meta": { - "ASSIGNER": "audit@patchstack.com", - "DATE_PUBLIC": "2021-10-11T13:37:00.000Z", - "ID": "CVE-2021-36826", - "STATE": "PUBLIC", - "TITLE": "WordPress WP Project Manager plugin <= 2.4.13 - Stored Cross-Site Scripting (XSS) vulnerability" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "WP Project Manager (WordPress plugin)", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "<= 2.4.13", - "version_value": "2.4.13" - } - ] - } - } - ] - }, - "vendor_name": "weDevs" - } - ] - } - }, - "credit": [ - { - "lang": "eng", - "value": "Vulnerability discovered by J\u00f6rgson (Patchstack Alliance)." - } - ], - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2021-36826", + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" + }, "description": { "description_data": [ { "lang": "eng", - "value": "Authenticated (subscriber or higher user role if allowed to access projects) Stored Cross-Site Scripting (XSS) vulnerability in weDevs WP Project Manager (WordPress plugin) versions <= 2.4.13." + "value": "Authenticated (subscriber or higher user role if allowed to access projects) Stored Cross-Site Scripting (XSS) vulnerability in weDevs WP Project Manager plugin <= 2.4.13 versions." } ] }, - "generator": { - "engine": "Vulnogram 0.0.9" - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 5.4, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", - "version": "3.1" - } - }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-79 Cross-site Scripting (XSS)" + "value": "CWE-79 Cross-site Scripting (XSS)", + "cweId": "CWE-79" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "weDevs", + "product": { + "product_data": [ + { + "product_name": "WP Project Manager (WordPress plugin)", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "2.4.14", + "status": "unaffected" + } + ], + "lessThanOrEqual": "2.4.13", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://wordpress.org/plugins/wedevs-project-manager/#developers", - "refsource": "CONFIRM", - "url": "https://wordpress.org/plugins/wedevs-project-manager/#developers" - }, - { - "name": "https://patchstack.com/database/vulnerability/wedevs-project-manager/wordpress-wp-project-manager-plugin-2-4-13-stored-cross-site-scripting-xss-vulnerability-1", - "refsource": "CONFIRM", - "url": "https://patchstack.com/database/vulnerability/wedevs-project-manager/wordpress-wp-project-manager-plugin-2-4-13-stored-cross-site-scripting-xss-vulnerability-1" - }, - { - "name": "https://youtu.be/710WcqG6frc", + "url": "https://patchstack.com/database/vulnerability/wedevs-project-manager/wordpress-wp-project-manager-plugin-2-4-13-stored-cross-site-scripting-xss-vulnerability-1?_s_id=cve", "refsource": "MISC", - "url": "https://youtu.be/710WcqG6frc" + "name": "https://patchstack.com/database/vulnerability/wedevs-project-manager/wordpress-wp-project-manager-plugin-2-4-13-stored-cross-site-scripting-xss-vulnerability-1?_s_id=cve" } ] }, - "solution": [ - { - "lang": "eng", - "value": "Update to 2.4.14 or higher version." - } - ], + "generator": { + "engine": "Vulnogram 0.0.9" + }, "source": { "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "

Update to 2.4.14 or higher version.

" + } + ], + "value": "Update to 2.4.14 or higher version.\n\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "J\u00f6rgson (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + ] } } \ No newline at end of file diff --git a/2022/38xxx/CVE-2022-38093.json b/2022/38xxx/CVE-2022-38093.json index 43c91107144..1a369d49c19 100644 --- a/2022/38xxx/CVE-2022-38093.json +++ b/2022/38xxx/CVE-2022-38093.json @@ -1,45 +1,12 @@ { - "CVE_data_meta": { - "ASSIGNER": "audit@patchstack.com", - "DATE_PUBLIC": "2022-09-05T11:23:00.000Z", - "ID": "CVE-2022-38093", - "STATE": "PUBLIC", - "TITLE": "WordPress All in One SEO plugin <= 4.2.3.1 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "All in One SEO (WordPress plugin)", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "<= 4.2.3.1", - "version_value": "4.2.3.1" - } - ] - } - } - ] - }, - "vendor_name": "All in One SEO Team" - } - ] - } - }, - "credit": [ - { - "lang": "eng", - "value": "Vulnerability discovered by Rafie Muhammad aka Yeraisci (Patchstack Alliance)" - } - ], - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2022-38093", + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" + }, "description": { "description_data": [ { @@ -48,58 +15,109 @@ } ] }, - "generator": { - "engine": "Vulnogram 0.0.9" - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 5.4, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "NONE", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", - "version": "3.1" - } - }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "All in One SEO Team", + "product": { + "product_data": [ + { + "product_name": "All in One SEO (WordPress plugin)", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "4.2.4", + "status": "unaffected" + } + ], + "lessThanOrEqual": "4.2.3.1", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://patchstack.com/database/vulnerability/all-in-one-seo-pack/wordpress-all-in-one-seo-plugin-4-2-3-1-multiple-cross-site-request-forgery-csrf-vulnerabilities/_s_id=cve", - "refsource": "CONFIRM", - "url": "https://patchstack.com/database/vulnerability/all-in-one-seo-pack/wordpress-all-in-one-seo-plugin-4-2-3-1-multiple-cross-site-request-forgery-csrf-vulnerabilities/_s_id=cve" - }, - { - "name": "https://wordpress.org/plugins/all-in-one-seo-pack/#developers", - "refsource": "CONFIRM", - "url": "https://wordpress.org/plugins/all-in-one-seo-pack/#developers" + "url": "https://patchstack.com/database/vulnerability/all-in-one-seo-pack/wordpress-all-in-one-seo-plugin-4-2-3-1-multiple-cross-site-request-forgery-csrf-vulnerabilities?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/all-in-one-seo-pack/wordpress-all-in-one-seo-plugin-4-2-3-1-multiple-cross-site-request-forgery-csrf-vulnerabilities?_s_id=cve" } ] }, - "solution": [ - { - "lang": "eng", - "value": "Update to 4.2.4 or higher version." - } - ], + "generator": { + "engine": "Vulnogram 0.0.9" + }, "source": { "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "

Update to 4.2.4 or higher version.

" + } + ], + "value": "Update to 4.2.4 or higher version.\n\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "Rafie Muhammad (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "version": "3.1" + } + ] } } \ No newline at end of file