"-Synchronized-Data."

2021/23xxx/CVE-2021-23150.json

@@ -1,15 +1,38 @@
 {
+    "data_version": "4.0",
+    "data_type": "CVE",
+    "data_format": "MITRE",
     "CVE_data_meta": {
-        "ASSIGNER": "audit@patchstack.com",
-        "DATE_PUBLIC": "2021-12-11T09:34:00.000Z",
         "ID": "CVE-2021-23150",
-        "STATE": "PUBLIC",
-        "TITLE": "WordPress AMP for WP \u2013 Accelerated Mobile Pages plugin <= 1.0.77.31 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability"
+        "ASSIGNER": "audit@patchstack.com",
+        "STATE": "PUBLIC"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability discovered in AMP for WP \u2013 Accelerated Mobile Pages plugin <= 1.0.77.31 versions."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-79 Cross-site Scripting (XSS)",
+                        "cweId": "CWE-79"
+                    }
+                ]
+            }
+        ]
     },
     "affects": {
         "vendor": {
             "vendor_data": [
                 {
+                    "vendor_name": "Ahmed Kaludi, Mohammed Kaludi",
                     "product": {
                         "product_data": [
                             {
@@ -17,42 +40,71 @@
                                 "version": {
                                     "version_data": [
                                         {
-                                            "version_affected": "<=",
-                                            "version_name": "<= 1.0.77.31",
-                                            "version_value": "1.0.77.31"
-                                        }
-                                    ]
-                                }
-                            }
-                        ]
-                    },
-                    "vendor_name": "Ahmed Kaludi, Mohammed Kaludi"
-                }
-            ]
-        }
-    },
-    "credit": [
+                                            "version_value": "not down converted",
+                                            "x_cve_json_5_version_data": {
+                                                "versions": [
                                                     {
-            "lang": "eng",
-            "value": "Vulnerability discovered by Nguyen Anh Tien (Patchstack Red Team project)"
+                                                        "changes": [
+                                                            {
+                                                                "at": "1.0.77.32",
+                                                                "status": "unaffected"
                                                             }
                                                         ],
-    "data_format": "MITRE",
-    "data_type": "CVE",
-    "data_version": "4.0",
-    "description": {
-        "description_data": [
+                                                        "lessThanOrEqual": "1.0.77.31",
+                                                        "status": "affected",
+                                                        "version": "n/a",
+                                                        "versionType": "custom"
+                                                    }
+                                                ],
+                                                "defaultStatus": "unaffected"
+                                            }
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "references": {
+        "reference_data": [
             {
-                "lang": "eng",
-                "value": "Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in AMP for WP \u2013 Accelerated Mobile Pages WordPress plugin (versions <= 1.0.77.31)."
+                "url": "https://patchstack.com/database/vulnerability/accelerated-mobile-pages/wordpress-amp-for-wp-accelerated-mobile-pages-plugin-1-0-77-31-authenticated-stored-cross-site-scripting-xss-vulnerability?_s_id=cve",
+                "refsource": "MISC",
+                "name": "https://patchstack.com/database/vulnerability/accelerated-mobile-pages/wordpress-amp-for-wp-accelerated-mobile-pages-plugin-1-0-77-31-authenticated-stored-cross-site-scripting-xss-vulnerability?_s_id=cve"
             }
         ]
     },
     "generator": {
         "engine": "Vulnogram 0.0.9"
     },
+    "source": {
+        "discovery": "EXTERNAL"
+    },
+    "solution": [
+        {
+            "lang": "en",
+            "supportingMedia": [
+                {
+                    "base64": false,
+                    "type": "text/html",
+                    "value": "<p>Update to 1.0.77.32 or higher version.</p>"
+                }
+            ],
+            "value": "Update to 1.0.77.32 or higher version.\n\n"
+        }
+    ],
+    "credits": [
+        {
+            "lang": "en",
+            "value": "Nguyen Anh Tien (Patchstack Alliance)"
+        }
+    ],
     "impact": {
-        "cvss": {
+        "cvss": [
+            {
                 "attackComplexity": "LOW",
                 "attackVector": "NETWORK",
                 "availabilityImpact": "NONE",
@@ -66,40 +118,6 @@
                 "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                 "version": "3.1"
             }
-    },
-    "problemtype": {
-        "problemtype_data": [
-            {
-                "description": [
-                    {
-                        "lang": "eng",
-                        "value": "CWE-79 Cross-site Scripting (XSS)"
-                    }
         ]
     }
-        ]
-    },
-    "references": {
-        "reference_data": [
-            {
-                "name": "https://wordpress.org/plugins/accelerated-mobile-pages/#developers",
-                "refsource": "CONFIRM",
-                "url": "https://wordpress.org/plugins/accelerated-mobile-pages/#developers"
-            },
-            {
-                "name": "https://patchstack.com/database/vulnerability/accelerated-mobile-pages/wordpress-amp-for-wp-accelerated-mobile-pages-plugin-1-0-77-31-authenticated-stored-cross-site-scripting-xss-vulnerability",
-                "refsource": "CONFIRM",
-                "url": "https://patchstack.com/database/vulnerability/accelerated-mobile-pages/wordpress-amp-for-wp-accelerated-mobile-pages-plugin-1-0-77-31-authenticated-stored-cross-site-scripting-xss-vulnerability"
-            }
-        ]
-    },
-    "solution": [
-        {
-            "lang": "eng",
-            "value": "Update to 1.0.77.32 or higher version."
-        }
-    ],
-    "source": {
-        "discovery": "EXTERNAL"
-    }
 }

2021/36xxx/CVE-2021-36823.json

@@ -1,15 +1,38 @@
 {
+    "data_version": "4.0",
+    "data_type": "CVE",
+    "data_format": "MITRE",
     "CVE_data_meta": {
-        "ASSIGNER": "audit@patchstack.com",
-        "DATE_PUBLIC": "2021-09-23T12:29:00.000Z",
         "ID": "CVE-2021-36823",
-        "STATE": "PUBLIC",
-        "TITLE": "WordPress Absolutely Glamorous Custom Admin plugin <= 6.8 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability"
+        "ASSIGNER": "audit@patchstack.com",
+        "STATE": "PUBLIC"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "Auth. Stored Cross-Site Scripting (XSS) vulnerability in WordPress Absolutely Glamorous Custom Admin plugin <= 6.8 versions."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-79 Cross-site Scripting (XSS)",
+                        "cweId": "CWE-79"
+                    }
+                ]
+            }
+        ]
     },
     "affects": {
         "vendor": {
             "vendor_data": [
                 {
+                    "vendor_name": "Cusmin",
                     "product": {
                         "product_data": [
                             {
@@ -17,42 +40,71 @@
                                 "version": {
                                     "version_data": [
                                         {
-                                            "version_affected": "<=",
-                                            "version_name": "6.8",
-                                            "version_value": "6.8"
-                                        }
-                                    ]
-                                }
-                            }
-                        ]
-                    },
-                    "vendor_name": "Cusmin"
-                }
-            ]
-        }
-    },
-    "credit": [
+                                            "version_value": "not down converted",
+                                            "x_cve_json_5_version_data": {
+                                                "versions": [
                                                     {
-            "lang": "eng",
-            "value": "Original researcher - J\u00f6rgson (Patchstack Red Team)"
+                                                        "changes": [
+                                                            {
+                                                                "at": "6.9",
+                                                                "status": "unaffected"
                                                             }
                                                         ],
-    "data_format": "MITRE",
-    "data_type": "CVE",
-    "data_version": "4.0",
-    "description": {
-        "description_data": [
+                                                        "lessThanOrEqual": "6.8",
+                                                        "status": "affected",
+                                                        "version": "n/a",
+                                                        "versionType": "custom"
+                                                    }
+                                                ],
+                                                "defaultStatus": "unaffected"
+                                            }
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "references": {
+        "reference_data": [
             {
-                "lang": "eng",
-                "value": "Authenticated Stored Cross-Site Scripting (XSS) vulnerability in WordPress Absolutely Glamorous Custom Admin plugin (versions <= 6.8). Stored XSS possible via unsanitized input fields of the plugin settings, some of the payloads could make the frontend and the backend inaccessible."
+                "url": "https://patchstack.com/database/vulnerability/ag-custom-admin/wordpress-absolutely-glamorous-custom-admin-plugin-6-8-authenticated-stored-cross-site-scripting-xss-vulnerability?_s_id=cve",
+                "refsource": "MISC",
+                "name": "https://patchstack.com/database/vulnerability/ag-custom-admin/wordpress-absolutely-glamorous-custom-admin-plugin-6-8-authenticated-stored-cross-site-scripting-xss-vulnerability?_s_id=cve"
             }
         ]
     },
     "generator": {
         "engine": "Vulnogram 0.0.9"
     },
+    "source": {
+        "discovery": "EXTERNAL"
+    },
+    "solution": [
+        {
+            "lang": "en",
+            "supportingMedia": [
+                {
+                    "base64": false,
+                    "type": "text/html",
+                    "value": "<p>Update to version 6.9.2 or higher.</p>"
+                }
+            ],
+            "value": "Update to version 6.9.2 or higher.\n\n"
+        }
+    ],
+    "credits": [
+        {
+            "lang": "en",
+            "value": "J\u00f6rgson (Patchstack Alliance)"
+        }
+    ],
     "impact": {
-        "cvss": {
+        "cvss": [
+            {
                 "attackComplexity": "LOW",
                 "attackVector": "NETWORK",
                 "availabilityImpact": "LOW",
@@ -66,45 +118,6 @@
                 "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
                 "version": "3.1"
             }
-    },
-    "problemtype": {
-        "problemtype_data": [
-            {
-                "description": [
-                    {
-                        "lang": "eng",
-                        "value": "CWE-79 Cross-site Scripting (XSS)"
-                    }
         ]
     }
-        ]
-    },
-    "references": {
-        "reference_data": [
-            {
-                "name": "https://plugins.svn.wordpress.org/ag-custom-admin/trunk/changelog.txt",
-                "refsource": "CONFIRM",
-                "url": "https://plugins.svn.wordpress.org/ag-custom-admin/trunk/changelog.txt"
-            },
-            {
-                "name": "https://patchstack.com/database/vulnerability/ag-custom-admin/wordpress-absolutely-glamorous-custom-admin-plugin-6-8-authenticated-stored-cross-site-scripting-xss-vulnerability",
-                "refsource": "MISC",
-                "url": "https://patchstack.com/database/vulnerability/ag-custom-admin/wordpress-absolutely-glamorous-custom-admin-plugin-6-8-authenticated-stored-cross-site-scripting-xss-vulnerability"
-            },
-            {
-                "name": "https://www.youtube.com/watch?v=tnyIIWntOww",
-                "refsource": "MISC",
-                "url": "https://www.youtube.com/watch?v=tnyIIWntOww"
-            }
-        ]
-    },
-    "solution": [
-        {
-            "lang": "eng",
-            "value": "Update to version 6.9.2 (partly patched in 6.9 and 6.9.1) or higher."
-        }
-    ],
-    "source": {
-        "discovery": "EXTERNAL"
-    }
 }

2021/36xxx/CVE-2021-36826.json

@@ -1,15 +1,38 @@
 {
+    "data_version": "4.0",
+    "data_type": "CVE",
+    "data_format": "MITRE",
     "CVE_data_meta": {
-        "ASSIGNER": "audit@patchstack.com",
-        "DATE_PUBLIC": "2021-10-11T13:37:00.000Z",
         "ID": "CVE-2021-36826",
-        "STATE": "PUBLIC",
-        "TITLE": "WordPress WP Project Manager plugin <= 2.4.13 - Stored Cross-Site Scripting (XSS) vulnerability"
+        "ASSIGNER": "audit@patchstack.com",
+        "STATE": "PUBLIC"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "Authenticated (subscriber or higher user role if allowed to access projects) Stored Cross-Site Scripting (XSS) vulnerability in weDevs WP Project Manager plugin <= 2.4.13 versions."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-79 Cross-site Scripting (XSS)",
+                        "cweId": "CWE-79"
+                    }
+                ]
+            }
+        ]
     },
     "affects": {
         "vendor": {
             "vendor_data": [
                 {
+                    "vendor_name": "weDevs",
                     "product": {
                         "product_data": [
                             {
@@ -17,42 +40,71 @@
                                 "version": {
                                     "version_data": [
                                         {
-                                            "version_affected": "<=",
-                                            "version_name": "<= 2.4.13",
-                                            "version_value": "2.4.13"
-                                        }
-                                    ]
-                                }
-                            }
-                        ]
-                    },
-                    "vendor_name": "weDevs"
-                }
-            ]
-        }
-    },
-    "credit": [
+                                            "version_value": "not down converted",
+                                            "x_cve_json_5_version_data": {
+                                                "versions": [
                                                     {
-            "lang": "eng",
-            "value": "Vulnerability discovered by J\u00f6rgson (Patchstack Alliance)."
+                                                        "changes": [
+                                                            {
+                                                                "at": "2.4.14",
+                                                                "status": "unaffected"
                                                             }
                                                         ],
-    "data_format": "MITRE",
-    "data_type": "CVE",
-    "data_version": "4.0",
-    "description": {
-        "description_data": [
+                                                        "lessThanOrEqual": "2.4.13",
+                                                        "status": "affected",
+                                                        "version": "n/a",
+                                                        "versionType": "custom"
+                                                    }
+                                                ],
+                                                "defaultStatus": "unaffected"
+                                            }
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "references": {
+        "reference_data": [
             {
-                "lang": "eng",
-                "value": "Authenticated (subscriber or higher user role if allowed to access projects) Stored Cross-Site Scripting (XSS) vulnerability in weDevs WP Project Manager (WordPress plugin) versions <= 2.4.13."
+                "url": "https://patchstack.com/database/vulnerability/wedevs-project-manager/wordpress-wp-project-manager-plugin-2-4-13-stored-cross-site-scripting-xss-vulnerability-1?_s_id=cve",
+                "refsource": "MISC",
+                "name": "https://patchstack.com/database/vulnerability/wedevs-project-manager/wordpress-wp-project-manager-plugin-2-4-13-stored-cross-site-scripting-xss-vulnerability-1?_s_id=cve"
             }
         ]
     },
     "generator": {
         "engine": "Vulnogram 0.0.9"
     },
+    "source": {
+        "discovery": "EXTERNAL"
+    },
+    "solution": [
+        {
+            "lang": "en",
+            "supportingMedia": [
+                {
+                    "base64": false,
+                    "type": "text/html",
+                    "value": "<p>Update to 2.4.14 or higher version.</p>"
+                }
+            ],
+            "value": "Update to 2.4.14 or higher version.\n\n"
+        }
+    ],
+    "credits": [
+        {
+            "lang": "en",
+            "value": "J\u00f6rgson (Patchstack Alliance)"
+        }
+    ],
     "impact": {
-        "cvss": {
+        "cvss": [
+            {
                 "attackComplexity": "LOW",
                 "attackVector": "NETWORK",
                 "availabilityImpact": "NONE",
@@ -66,45 +118,6 @@
                 "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                 "version": "3.1"
             }
-    },
-    "problemtype": {
-        "problemtype_data": [
-            {
-                "description": [
-                    {
-                        "lang": "eng",
-                        "value": "CWE-79 Cross-site Scripting (XSS)"
-                    }
         ]
     }
-        ]
-    },
-    "references": {
-        "reference_data": [
-            {
-                "name": "https://wordpress.org/plugins/wedevs-project-manager/#developers",
-                "refsource": "CONFIRM",
-                "url": "https://wordpress.org/plugins/wedevs-project-manager/#developers"
-            },
-            {
-                "name": "https://patchstack.com/database/vulnerability/wedevs-project-manager/wordpress-wp-project-manager-plugin-2-4-13-stored-cross-site-scripting-xss-vulnerability-1",
-                "refsource": "CONFIRM",
-                "url": "https://patchstack.com/database/vulnerability/wedevs-project-manager/wordpress-wp-project-manager-plugin-2-4-13-stored-cross-site-scripting-xss-vulnerability-1"
-            },
-            {
-                "name": "https://youtu.be/710WcqG6frc",
-                "refsource": "MISC",
-                "url": "https://youtu.be/710WcqG6frc"
-            }
-        ]
-    },
-    "solution": [
-        {
-            "lang": "eng",
-            "value": "Update to 2.4.14 or higher version."
-        }
-    ],
-    "source": {
-        "discovery": "EXTERNAL"
-    }
 }

2022/38xxx/CVE-2022-38093.json

@@ -1,45 +1,12 @@
 {
-    "CVE_data_meta": {
-        "ASSIGNER": "audit@patchstack.com",
-        "DATE_PUBLIC": "2022-09-05T11:23:00.000Z",
-        "ID": "CVE-2022-38093",
-        "STATE": "PUBLIC",
-        "TITLE": "WordPress All in One SEO plugin <= 4.2.3.1 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities"
-    },
-    "affects": {
-        "vendor": {
-            "vendor_data": [
-                {
-                    "product": {
-                        "product_data": [
-                            {
-                                "product_name": "All in One SEO (WordPress plugin)",
-                                "version": {
-                                    "version_data": [
-                                        {
-                                            "version_affected": "<=",
-                                            "version_name": "<= 4.2.3.1",
-                                            "version_value": "4.2.3.1"
-                                        }
-                                    ]
-                                }
-                            }
-                        ]
-                    },
-                    "vendor_name": "All in One SEO Team"
-                }
-            ]
-        }
-    },
-    "credit": [
-        {
-            "lang": "eng",
-            "value": "Vulnerability discovered by Rafie Muhammad aka Yeraisci (Patchstack Alliance)"
-        }
-    ],
-    "data_format": "MITRE",
-    "data_type": "CVE",
     "data_version": "4.0",
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "CVE_data_meta": {
+        "ID": "CVE-2022-38093",
+        "ASSIGNER": "audit@patchstack.com",
+        "STATE": "PUBLIC"
+    },
     "description": {
         "description_data": [
             {
@@ -48,11 +15,96 @@
             }
         ]
     },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-352 Cross-Site Request Forgery (CSRF)",
+                        "cweId": "CWE-352"
+                    }
+                ]
+            }
+        ]
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "All in One SEO Team",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "All in One SEO (WordPress plugin)",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "not down converted",
+                                            "x_cve_json_5_version_data": {
+                                                "versions": [
+                                                    {
+                                                        "changes": [
+                                                            {
+                                                                "at": "4.2.4",
+                                                                "status": "unaffected"
+                                                            }
+                                                        ],
+                                                        "lessThanOrEqual": "4.2.3.1",
+                                                        "status": "affected",
+                                                        "version": "n/a",
+                                                        "versionType": "custom"
+                                                    }
+                                                ],
+                                                "defaultStatus": "unaffected"
+                                            }
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://patchstack.com/database/vulnerability/all-in-one-seo-pack/wordpress-all-in-one-seo-plugin-4-2-3-1-multiple-cross-site-request-forgery-csrf-vulnerabilities?_s_id=cve",
+                "refsource": "MISC",
+                "name": "https://patchstack.com/database/vulnerability/all-in-one-seo-pack/wordpress-all-in-one-seo-plugin-4-2-3-1-multiple-cross-site-request-forgery-csrf-vulnerabilities?_s_id=cve"
+            }
+        ]
+    },
     "generator": {
         "engine": "Vulnogram 0.0.9"
     },
+    "source": {
+        "discovery": "EXTERNAL"
+    },
+    "solution": [
+        {
+            "lang": "en",
+            "supportingMedia": [
+                {
+                    "base64": false,
+                    "type": "text/html",
+                    "value": "<p>Update to 4.2.4 or higher version.</p>"
+                }
+            ],
+            "value": "Update to 4.2.4 or higher version.\n\n"
+        }
+    ],
+    "credits": [
+        {
+            "lang": "en",
+            "value": "Rafie Muhammad (Patchstack Alliance)"
+        }
+    ],
     "impact": {
-        "cvss": {
+        "cvss": [
+            {
                 "attackComplexity": "LOW",
                 "attackVector": "NETWORK",
                 "availabilityImpact": "LOW",
@@ -66,40 +118,6 @@
                 "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
                 "version": "3.1"
             }
-    },
-    "problemtype": {
-        "problemtype_data": [
-            {
-                "description": [
-                    {
-                        "lang": "eng",
-                        "value": "CWE-352 Cross-Site Request Forgery (CSRF)"
-                    }
         ]
     }
-        ]
-    },
-    "references": {
-        "reference_data": [
-            {
-                "name": "https://patchstack.com/database/vulnerability/all-in-one-seo-pack/wordpress-all-in-one-seo-plugin-4-2-3-1-multiple-cross-site-request-forgery-csrf-vulnerabilities/_s_id=cve",
-                "refsource": "CONFIRM",
-                "url": "https://patchstack.com/database/vulnerability/all-in-one-seo-pack/wordpress-all-in-one-seo-plugin-4-2-3-1-multiple-cross-site-request-forgery-csrf-vulnerabilities/_s_id=cve"
-            },
-            {
-                "name": "https://wordpress.org/plugins/all-in-one-seo-pack/#developers",
-                "refsource": "CONFIRM",
-                "url": "https://wordpress.org/plugins/all-in-one-seo-pack/#developers"
-            }
-        ]
-    },
-    "solution": [
-        {
-            "lang": "eng",
-            "value": "Update to 4.2.4 or higher version."
-        }
-    ],
-    "source": {
-        "discovery": "EXTERNAL"
-    }
 }