admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-07-18 17:00:46 +00:00
parent f7e779ae3d
commit 1b57618a30
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
16 changed files with 1253 additions and 88 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2021/42xxx/CVE-2021-42755.json
View File

@ -71,7 +71,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "An integer overflow / wraparound vulnerability\u00a0[CWE-190] in FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2 and below, 6.0.10\u00a0and below; FortiOS 7.0.2 and below, 6.4.8\u00a0and below, 6.2.10 and below, 6.0.x; FortiProxy 7.0.0, 2.0.6 and below, 1.2.x, 1.1.x, 1.0.x; FortiVoiceEnterprise 6.4.3 and below, 6.0.10\u00a0and below\r\ndhcpd daemon may\u00a0allow an\u00a0unauthenticated and network adjacent attacker to crash the dhcpd deamon, resulting in potential\u00a0denial of service." "value": "An integer overflow / wraparound vulnerability [CWE-190] in FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2 and below, 6.0.10 and below; FortiOS 7.0.2 and below, 6.4.8 and below, 6.2.10 and below, 6.0.x; FortiProxy 7.0.0, 2.0.6 and below, 1.2.x, 1.1.x, 1.0.x; FortiVoiceEnterprise 6.4.3 and below, 6.0.10 and below dhcpd daemon may allow an unauthenticated and network adjacent attacker to crash the dhcpd deamon, resulting in potential denial of service."
} }
] ]
} }

93
2022/1xxx/CVE-2022-1565.json
View File

@ -1,18 +1,99 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-1565", "ID": "CVE-2022-1565",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC",
"STATE": "RESERVED" "TITLE": "Import any XML or CSV File to WordPress <= 3.6.7 - Admin+ Malicious File Upload"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Import any XML or CSV File to WordPress",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "3.6.7",
"version_value": "3.6.7"
}
]
}
}
]
},
"vendor_name": "wpallimport"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "yangkang"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "The plugin WP All Import is vulnerable to arbitrary file uploads due to missing file type validation via the wp_all_import_get_gz.php file in versions up to, and including, 3.6.7. This makes it possible for authenticated attackers, with administrator level permissions and above, to upload arbitrary files on the affected sites server which may make remote code execution possible."
} }
] ]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/changeset/2749264/wp-all-import/trunk?contextall=1&old=2737093&old_path=%2Fwp-all-import%2Ftrunk",
"name": "https://plugins.trac.wordpress.org/changeset/2749264/wp-all-import/trunk?contextall=1&old=2737093&old_path=%2Fwp-all-import%2Ftrunk"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1565",
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1565"
}
]
},
"source": {
"discovery": "UNKNOWN"
} }
} }

93
2022/1xxx/CVE-2022-1912.json
View File

@ -1,18 +1,99 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-1912", "ID": "CVE-2022-1912",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC",
"STATE": "RESERVED" "TITLE": "Button Widget Smartsoft <= 1.0.1 - Cross-Site Request Forgery to Cross-Site Scripting"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Button Widget Smartsoft",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.0.1",
"version_value": "1.0.1"
}
]
}
}
]
},
"vendor_name": "smartsoftbuttonwidget"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Ryo Onodera, Cryptography Laboratory in Tokyo Denki University\t"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "The Button Widget Smartsoft plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing nonce validation on the smartsoftbutton_settings page. This makes it possible for unauthenticated attackers to update the plugins settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
} }
] ]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/browser/smartsoftbutton-widget-de-botones-de-chat/trunk/admin/pages/settings.php#L60",
"name": "https://plugins.trac.wordpress.org/browser/smartsoftbutton-widget-de-botones-de-chat/trunk/admin/pages/settings.php#L60"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1912",
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1912"
}
]
},
"source": {
"discovery": "EXTERNAL"
} }
} }

50
2022/23xxx/CVE-2022-23745.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2022-23745", "ID": "CVE-2022-23745",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@checkpoint.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Checkpoint Harmony Capsule Workspace",
"version": {
"version_data": [
{
"version_value": "before 8.2.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1218: Memory Buffer Errors"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://supportcenter.us.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk179646",
"url": "https://supportcenter.us.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk179646"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A potential memory corruption issue was found in Capsule Workspace Android app (running on GrapheneOS). This could result in application crashing but could not be used to gather any sensitive information."
} }
] ]
} }

93
2022/2xxx/CVE-2022-2001.json
View File

@ -1,18 +1,99 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-2001", "ID": "CVE-2022-2001",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC",
"STATE": "RESERVED" "TITLE": "DX Share Selection <= 1.4 - Cross-Site Request Forgery to Cross-Site Scripting"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DX Share Selection",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.4",
"version_value": "1.4"
}
]
}
}
]
},
"vendor_name": "nofearinc"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Sho Sakata"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "The DX Share Selection plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.4. This is due to missing nonce protection on the dxss_admin_page() function found in the ~/dx-share-selection.php file. This makes it possible for unauthenticated attackers to inject malicious web scripts into the page, granted they can trick a site's administrator into performing an action such as clicking on a link."
} }
] ]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/changeset/2747572/dx-share-selection/trunk?contextall=1&old=2384535&old_path=%2Fdx-share-selection%2Ftrunk",
"name": "https://plugins.trac.wordpress.org/changeset/2747572/dx-share-selection/trunk?contextall=1&old=2384535&old_path=%2Fdx-share-selection%2Ftrunk"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2001",
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2001"
}
]
},
"source": {
"discovery": "UNKNOWN"
} }
} }

93
2022/2xxx/CVE-2022-2039.json
View File

@ -1,18 +1,99 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-2039", "ID": "CVE-2022-2039",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC",
"STATE": "RESERVED" "TITLE": "Free Live Chat Support <= 1.0.11 - Cross-Site Request Forgery to Cross-Site Scripting"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Free Live Chat Support",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.0.11",
"version_value": "1.0.11"
}
]
}
}
]
},
"vendor_name": "livesupporti"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Masaki Sunayama"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "The Free Live Chat Support plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.0.11. This is due to missing nonce protection on the livesupporti_settings() function found in the ~/livesupporti.php file. This makes it possible for unauthenticated attackers to inject malicious web scripts into the page, granted they can trick a site's administrator into performing an action such as clicking on a link."
} }
] ]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/browser/livesupporti/trunk/livesupporti.php#L67",
"name": "https://plugins.trac.wordpress.org/browser/livesupporti/trunk/livesupporti.php#L67"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2039",
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2039"
}
]
},
"source": {
"discovery": "EXTERNAL"
} }
} }

103
2022/2xxx/CVE-2022-2101.json
View File

@ -1,18 +1,109 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-2101", "ID": "CVE-2022-2101",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC",
"STATE": "RESERVED" "TITLE": "Download Manager <= 3.2.46 - Contributor+ Cross-Site Scripting"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Download Manager",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "3.2.46",
"version_value": "3.2.46"
}
]
}
}
]
},
"vendor_name": "codename065"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Andrea Bocchetti"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `file[files][]` parameter in versions up to, and including, 3.2.46 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor level permissions and above to inject arbitrary web scripts on the file's page that will execute whenever an administrator accesses the editor area for the injected file page."
} }
] ]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/167573/",
"name": "https://packetstormsecurity.com/files/167573/"
},
{
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2750339%40download-manager&new=2750339%40download-manager&sfp_email=&sfph_mail=",
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2750339%40download-manager&new=2750339%40download-manager&sfp_email=&sfph_mail="
},
{
"refsource": "MISC",
"url": "https://medium.com/%40andreabocchetti88/download-manager-3-2-43-contributor-cross-site-scripting-fa4970fba45c",
"name": "https://medium.com/%40andreabocchetti88/download-manager-3-2-43-contributor-cross-site-scripting-fa4970fba45c"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2101",
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2101"
}
]
},
"source": {
"discovery": "UNKNOWN"
} }
} }

93
2022/2xxx/CVE-2022-2108.json
View File

@ -1,18 +1,99 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-2108", "ID": "CVE-2022-2108",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC",
"STATE": "RESERVED" "TITLE": "Wbcom Designs \u2013 BuddyPress Group Reviews <= 2.8.3 - Unauthorized AJAX Actions due to Nonce Bypass"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Wbcom Designs \u2013 BuddyPress Group Reviews",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "2.9.3",
"version_value": "2.8.3"
}
]
}
}
]
},
"vendor_name": "wbcomdesigns/"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Marco Wotschka\t"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "The plugin Wbcom Designs \u2013 BuddyPress Group Reviews for WordPress is vulnerable to unauthorized settings changes and review modification due to missing capability checks and improper nonce checks in several functions related to said actions in versions up to, and including, 2.8.3. This makes it possible for unauthenticated attackers to modify reviews and plugin settings on the affected site."
} }
] ]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/changeset/2742109",
"name": "https://plugins.trac.wordpress.org/changeset/2742109"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2108",
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2108"
}
]
},
"source": {
"discovery": "UNKNOWN"
} }
} }

93
2022/2xxx/CVE-2022-2117.json
View File

@ -1,18 +1,99 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-2117", "ID": "CVE-2022-2117",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC",
"STATE": "RESERVED" "TITLE": "GiveWP \u2013 Donation Plugin and Fundraising Platform <= 2.20.2 - Sensitive Information Disclosure"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GiveWP \u2013 Donation Plugin and Fundraising Platform",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "2.20.2",
"version_value": "2.20.2"
}
]
}
}
]
},
"vendor_name": "webdevmattcrom"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Kane Gamble (Blackfoot UK)\t"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "The GiveWP plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to, and including, 2.20.2 via the /donor-wall REST-API endpoint which provides unauthenticated users with donor information even when the donor wall is not enabled. This functionality has been completely removed in version 2.20.2."
} }
] ]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/changeset/2743833/give/tags/2.21.0/includes/api/class-give-api-v2.php",
"name": "https://plugins.trac.wordpress.org/changeset/2743833/give/tags/2.21.0/includes/api/class-give-api-v2.php"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2117",
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2117"
}
]
},
"source": {
"discovery": "UNKNOWN"
} }
} }

93
2022/2xxx/CVE-2022-2223.json
View File

@ -1,18 +1,99 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-2223", "ID": "CVE-2022-2223",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC",
"STATE": "RESERVED" "TITLE": "Image Slider <= 1.1.121 - Cross-Site Request Forgery to Post Duplication"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "\tImage Slider",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.1.121",
"version_value": "1.1.121"
}
]
}
}
]
},
"vendor_name": "ghozylab"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Marco Wotschka, Wordfence\t"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "The WordPress plugin Image Slider is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.1.121 due to failure to properly check for the existence of a nonce in the function ewic_duplicate_slider. This make it possible for unauthenticated attackers to duplicate existing posts or pages granted they can trick a site administrator into performing an action such as clicking on a link."
} }
] ]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2749352%40image-slider-widget&new=2749352%40image-slider-widget&sfp_email=&sfph_mail=",
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2749352%40image-slider-widget&new=2749352%40image-slider-widget&sfp_email=&sfph_mail="
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2223",
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2223"
}
]
},
"source": {
"discovery": "UNKNOWN"
} }
} }

92
2022/2xxx/CVE-2022-2224.json
View File

@ -1,18 +1,98 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-2224", "ID": "CVE-2022-2224",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC",
"STATE": "RESERVED" "TITLE": "Gallery for Social Photo <= 1.0.0.27 - Cross-Site Request Forgery to Post Duplication"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Gallery for Social Photo",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.0.0.27",
"version_value": "1.0.0.27"
}
]
}
}
]
},
"vendor_name": "ghozylab"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Marco Wotschka, Wordfence"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "The WordPress plugin Gallery for Social Photo is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.0.0.27 due to failure to properly check for the existence of a nonce in the function gifeed_duplicate_feed. This make it possible for unauthenticated attackers to duplicate existing posts or pages granted they can trick a site administrator into performing an action such as clicking on a link."
} }
] ]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2749351%40feed-instagram-lite&new=2749351%40feed-instagram-lite&sfp_email=&sfph_mail=",
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2749351%40feed-instagram-lite&new=2749351%40feed-instagram-lite&sfp_email=&sfph_mail="
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2224",
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2224"
}
]
},
"source": {
"discovery": "INTERNAL"
} }
} }

93
2022/2xxx/CVE-2022-2435.json
View File

@ -1,18 +1,99 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-2435", "ID": "CVE-2022-2435",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC",
"STATE": "RESERVED" "TITLE": "AnyMind Widget <= 1.1 - Cross-Site Request Forgery to Cross-Site Scripting"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AnyMind Widget",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.1",
"version_value": "1.1"
}
]
}
}
]
},
"vendor_name": "mbeltwski"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Sho Sakata"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "The AnyMind Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.1. This is due to missing nonce protection on the createDOMStructure() function found in the ~/anymind-widget-id.php file. This makes it possible for unauthenticated attackers to inject malicious web scripts into the page, granted they can trick a site\u2019s administrator into performing an action such as clicking on a link."
} }
] ]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/browser/anymind-widget/trunk/anymind-widget-id.php",
"name": "https://plugins.trac.wordpress.org/browser/anymind-widget/trunk/anymind-widget-id.php"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2435",
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2435"
}
]
},
"source": {
"discovery": "UNKNOWN"
} }
} }

93
2022/2xxx/CVE-2022-2437.json
View File

@ -1,18 +1,99 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-2437", "ID": "CVE-2022-2437",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC",
"STATE": "RESERVED" "TITLE": "Feed Them Social \u2013 for Twitter feed, Youtube and more <= 2.9.8.5 - Unauthenticated PHAR Deserialization"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Feed Them Social \u2013 for Twitter feed, Youtube and more",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "2.9.8.5",
"version_value": "2.9.8.5"
}
]
}
}
]
},
"vendor_name": "slickremix"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Rasoul Jahanshahi"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "The Feed Them Social \u2013 for Twitter feed, Youtube and more plugin for WordPress is vulnerable to deserialization of untrusted input via the 'fts_url' parameter in versions up to, and including 2.9.8.5. This makes it possible for unauthenticated attackers to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload."
} }
] ]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2754749%40feed-them-social&new=2754749%40feed-them-social&sfp_email=&sfph_mail=",
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2754749%40feed-them-social&new=2754749%40feed-them-social&sfp_email=&sfph_mail="
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2437",
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2437"
}
]
},
"source": {
"discovery": "UNKNOWN"
} }
} }

93
2022/2xxx/CVE-2022-2443.json
View File

@ -1,18 +1,99 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-2443", "ID": "CVE-2022-2443",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC",
"STATE": "RESERVED" "TITLE": "FreeMind WP Browser <= 1.2 - Cross-Site Request Forgery to Cross-Site Scripting"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FreeMind WP Browser",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.2",
"version_value": "1.2"
}
]
}
}
]
},
"vendor_name": "kusbandono"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Kenya Uematsu"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "The FreeMind WP Browser plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.2. This is due to missing nonce protection on the FreemindOptions() function found in the ~/freemind-wp-browser.php file. This makes it possible for unauthenticated attackers to inject malicious web scripts into the page, granted they can trick a site's administrator into performing an action such as clicking on a link."
} }
] ]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/browser/freemind-wp-browser/trunk/freemind-wp-browser.php#L104",
"name": "https://plugins.trac.wordpress.org/browser/freemind-wp-browser/trunk/freemind-wp-browser.php#L104"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2443",
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2443"
}
]
},
"source": {
"discovery": "UNKNOWN"
} }
} }

108
2022/2xxx/CVE-2022-2444.json
View File

@ -1,18 +1,114 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-2444", "ID": "CVE-2022-2444",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC",
"STATE": "RESERVED" "TITLE": "Visualizer: Tables and Charts Manager for WordPress <= 3.7.9 - Authenticated (Contributor+) PHAR Deserialization"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Visualizer: Tables and Charts Manager for WordPress ",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "3.7.9",
"version_value": "3.7.9"
}
]
}
}
]
},
"vendor_name": "themeisle"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Rasoul Jahanshahi"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to deserialization of untrusted input via the 'remote_data' parameter in versions up to, and including 3.7.9. This makes it possible for authenticated attackers with contributor privileges and above to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload."
} }
] ]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2752058%40visualizer&new=2752058%40visualizer&sfp_email=&sfph_mail=",
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2752058%40visualizer&new=2752058%40visualizer&sfp_email=&sfph_mail="
},
{
"refsource": "MISC",
"url": "https://github.com/Codeinwp/visualizer/blob/master/classes/Visualizer/Module/Chart.php#L1115",
"name": "https://github.com/Codeinwp/visualizer/blob/master/classes/Visualizer/Module/Chart.php#L1115"
},
{
"refsource": "MISC",
"url": "https://github.com/Codeinwp/visualizer/blob/master/classes/Visualizer/Source/Csv.php",
"name": "https://github.com/Codeinwp/visualizer/blob/master/classes/Visualizer/Source/Csv.php"
},
{
"refsource": "MISC",
"url": "https://github.com/Codeinwp/visualizer/compare/v3.7.9...v3.7.10",
"name": "https://github.com/Codeinwp/visualizer/compare/v3.7.9...v3.7.10"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2444",
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2444"
}
]
},
"source": {
"discovery": "UNKNOWN"
} }
} }

56
2022/32xxx/CVE-2022-32387.json
View File

@ -1,17 +1,61 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2022-32387",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2022-32387",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "In Kentico before 13.0.66, attackers can achieve Denial of Service via a crafted request to the GetResource handler."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://devnet.kentico.com/download/hotfixes",
"url": "https://devnet.kentico.com/download/hotfixes"
} }
] ]
} }