diff --git a/2022/0xxx/CVE-2022-0450.json b/2022/0xxx/CVE-2022-0450.json index 348e35c01a6..bff2aaa4b14 100644 --- a/2022/0xxx/CVE-2022-0450.json +++ b/2022/0xxx/CVE-2022-0450.json @@ -1,75 +1,80 @@ { - "CVE_data_meta": { - "ID": "CVE-2022-0450", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "Menu Image, Icons made easy < 3.0.8 - Subscriber+ Stored Cross-Site Scripting" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Unknown", - "product": { - "product_data": [ - { - "product_name": "Menu Image, Icons made easy", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "3.0.8", - "version_value": "3.0.8" - } - ] - } - } - ] - } - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The Menu Image, Icons made easy WordPress plugin before 3.0.8 does not have authorisation and CSRF checks when saving menu settings, and does not validate, sanitise and escape them. As a result, any authenticate users, such as subscriber can update the settings or arbitrary menu and put Cross-Site Scripting payloads in them which will be triggered in the related menu in the frontend" - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "url": "https://wpscan.com/vulnerability/612f9273-acc8-4be6-b372-33f1e687f54a", - "name": "https://wpscan.com/vulnerability/612f9273-acc8-4be6-b372-33f1e687f54a" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-79 Cross-site Scripting (XSS)", - "lang": "eng" - } + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2022-0450", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Menu Image, Icons made easy WordPress plugin before 3.0.6 does not have authorisation and CSRF checks when saving menu settings, and does not validate, sanitise and escape them. As a result, any authenticate users, such as subscriber can update the settings or arbitrary menu and put Cross-Site Scripting payloads in them which will be triggered in the related menu in the frontend" + } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-116 Improper Encoding or Escaping of Output" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Menu Image, Icons made easy", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "3.0.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/612f9273-acc8-4be6-b372-33f1e687f54a", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/612f9273-acc8-4be6-b372-33f1e687f54a" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Krzysztof Zaj\u0105c" + }, + { + "lang": "en", + "value": "WPScan" + } ] - }, - "credit": [ - { - "lang": "eng", - "value": "Krzysztof Zając" - } - ], - "source": { - "discovery": "EXTERNAL" - } } \ No newline at end of file diff --git a/2022/0xxx/CVE-2022-0634.json b/2022/0xxx/CVE-2022-0634.json index 6c1c512cf4c..459e9c81f27 100644 --- a/2022/0xxx/CVE-2022-0634.json +++ b/2022/0xxx/CVE-2022-0634.json @@ -1,75 +1,88 @@ { - "CVE_data_meta": { - "ID": "CVE-2022-0634", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "ThirstyAffiliates < 3.10.5 - Subscriber+ unauthorized image upload + CSRF" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Unknown", - "product": { - "product_data": [ - { - "product_name": "ThirstyAffiliates Affiliate Link Manager", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "3.10.5", - "version_value": "3.10.5" - } - ] - } - } - ] - } - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The ThirstyAffiliates Affiliate Link Manager WordPress plugin before 3.10.5 lacks authorization checks in the ta_insert_external_image action, allowing a low-privilege user (with a role as low as Subscriber) to add an image from an external URL to an affiliate link. Further the plugin lacks csrf checks, allowing an attacker to trick a logged in user to perform the action by crafting a special request." - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "url": "https://wpscan.com/vulnerability/7e11aeb0-b231-407d-86ec-9018c2c7eee3", - "name": "https://wpscan.com/vulnerability/7e11aeb0-b231-407d-86ec-9018c2c7eee3" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-862 Missing Authorization", - "lang": "eng" - } + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2022-0634", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ThirstyAffiliates Affiliate Link Manager WordPress plugin before 3.10.5 lacks authorization checks in the ta_insert_external_image action, allowing a low-privilege user (with a role as low as Subscriber) to add an image from an external URL to an affiliate link. Further the plugin lacks csrf checks, allowing an attacker to trick a logged in user to perform the action by crafting a special request." + } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Control" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "ThirstyAffiliates Affiliate Link Manager", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "3.10.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/7e11aeb0-b231-407d-86ec-9018c2c7eee3", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/7e11aeb0-b231-407d-86ec-9018c2c7eee3" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Muhamad Hidayat" + }, + { + "lang": "en", + "value": "WPScan" + } ] - }, - "credit": [ - { - "lang": "eng", - "value": "Muhamad Hidayat" - } - ], - "source": { - "discovery": "EXTERNAL" - } -} +} \ No newline at end of file diff --git a/2022/0xxx/CVE-2022-0952.json b/2022/0xxx/CVE-2022-0952.json index d2b1ed187ae..345832f07b4 100644 --- a/2022/0xxx/CVE-2022-0952.json +++ b/2022/0xxx/CVE-2022-0952.json @@ -1,75 +1,88 @@ { - "CVE_data_meta": { - "ID": "CVE-2022-0952", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "Sitemap by click5 < 1.0.36 - Unauthenticated Arbitrary Options Update" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Unknown", - "product": { - "product_data": [ - { - "product_name": "Sitemap by click5", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "1.0.36", - "version_value": "1.0.36" - } - ] - } - } - ] - } - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The Sitemap by click5 WordPress plugin before 1.0.36 does not have authorisation and CSRF checks when updating options via a REST endpoint, and does not ensure that the option to be updated belongs to the plugin. As a result, unauthenticated attackers could change arbitrary blog options, such as the users_can_register and default_role, allowing them to create a new admin account and take over the blog." - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "url": "https://wpscan.com/vulnerability/0f694961-afab-44f9-846c-e80a0f6c768b", - "name": "https://wpscan.com/vulnerability/0f694961-afab-44f9-846c-e80a0f6c768b" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-862 Missing Authorization", - "lang": "eng" - } + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2022-0952", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Sitemap by click5 WordPress plugin before 1.0.36 does not have authorisation and CSRF checks when updating options via a REST endpoint, and does not ensure that the option to be updated belongs to the plugin. As a result, unauthenticated attackers could change arbitrary blog options, such as the users_can_register and default_role, allowing them to create a new admin account and take over the blog." + } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Sitemap by click5", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "1.0.36" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/0f694961-afab-44f9-846c-e80a0f6c768b", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/0f694961-afab-44f9-846c-e80a0f6c768b" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "cydave" + }, + { + "lang": "en", + "value": "WPScan" + } ] - }, - "credit": [ - { - "lang": "eng", - "value": "cydave" - } - ], - "source": { - "discovery": "EXTERNAL" - } } \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1092.json b/2022/1xxx/CVE-2022-1092.json index 8ddc020ad4e..404f3e840b5 100644 --- a/2022/1xxx/CVE-2022-1092.json +++ b/2022/1xxx/CVE-2022-1092.json @@ -1,75 +1,88 @@ { - "CVE_data_meta": { - "ID": "CVE-2022-1092", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "myCred < 2.4.4 - Subscriber+ Import/Export to Email Address Disclosure" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Unknown", - "product": { - "product_data": [ - { - "product_name": "myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "2.4.4", - "version_value": "2.4.4" - } - ] - } - } - ] - } - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The myCred WordPress plugin before 2.4.4 does not have authorisation and CSRF checks in its mycred-tools-import-export AJAX action, allowing any authenticated user to call and and retrieve the list of email address present in the blog" - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "url": "https://wpscan.com/vulnerability/95759d5c-8802-4493-b7e5-7f2bc546af61", - "name": "https://wpscan.com/vulnerability/95759d5c-8802-4493-b7e5-7f2bc546af61" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-862 Missing Authorization", - "lang": "eng" - } + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2022-1092", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The myCred WordPress plugin before 2.4.3.1 does not have authorisation and CSRF checks in its mycred-tools-import-export AJAX action, allowing any authenticated user to call and and retrieve the list of email address present in the blog" + } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "myCred", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "2.4.3.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/95759d5c-8802-4493-b7e5-7f2bc546af61", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/95759d5c-8802-4493-b7e5-7f2bc546af61" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "David Hamann" + }, + { + "lang": "en", + "value": "WPScan" + } ] - }, - "credit": [ - { - "lang": "eng", - "value": "David Hamann" - } - ], - "source": { - "discovery": "EXTERNAL" - } } \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1203.json b/2022/1xxx/CVE-2022-1203.json index 3d58fd1fc9a..f48bf0644e4 100644 --- a/2022/1xxx/CVE-2022-1203.json +++ b/2022/1xxx/CVE-2022-1203.json @@ -1,14 +1,40 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2022-1203", "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "Content Mask < 1.8.4.1 - Subscriber+ Arbitrary Options Update" + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Content Mask WordPress plugin before 1.8.4.1 does not have authorisation and CSRF checks in various AJAX actions, as well as does not validate the option to be updated to ensure it belongs to the plugin. As a result, any authenticated user, such as subscriber could modify arbitrary blog options" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + } + ] + } + ] }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", "affects": { "vendor": { "vendor_data": [ @@ -22,7 +48,7 @@ "version_data": [ { "version_affected": "<", - "version_name": "1.8.4.1", + "version_name": "0", "version_value": "1.8.4.1" } ] @@ -34,47 +60,29 @@ ] } }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The Content Mask WordPress plugin before 1.8.4.1 does not have authorisation and CSRF checks in various AJAX actions, as well as does not validate the option to be updated to ensure it belongs to the plugin. As a result, any authenticated user, such as subscriber could modify arbitrary blog options" - } - ] - }, "references": { "reference_data": [ { - "refsource": "MISC", "url": "https://wpscan.com/vulnerability/3c9969e5-ca8e-4e5d-a482-c6b5c4257820", - "name": "https://wpscan.com/vulnerability/3c9969e5-ca8e-4e5d-a482-c6b5c4257820" - }, - { "refsource": "MISC", - "name": "https://www.pluginvulnerabilities.com/2021/05/28/our-proactive-monitoring-caught-an-authenticated-option-update-vulnerability-in-content-mask/", - "url": "https://www.pluginvulnerabilities.com/2021/05/28/our-proactive-monitoring-caught-an-authenticated-option-update-vulnerability-in-content-mask/" + "name": "https://wpscan.com/vulnerability/3c9969e5-ca8e-4e5d-a482-c6b5c4257820" } ] }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-862 Missing Authorization", - "lang": "eng" - } - ] - } - ] + "generator": { + "engine": "WPScan CVE Generator" }, - "credit": [ - { - "lang": "eng", - "value": "ptsfence" - } - ], "source": { "discovery": "EXTERNAL" - } + }, + "credits": [ + { + "lang": "en", + "value": "ptsfence" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1323.json b/2022/1xxx/CVE-2022-1323.json index 1724d673a5a..306568ce2f5 100644 --- a/2022/1xxx/CVE-2022-1323.json +++ b/2022/1xxx/CVE-2022-1323.json @@ -1,14 +1,32 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2022-1323", "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "Discy < 5.0 - Subscriber+ Broken Access Control to change settings" + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Discy WordPress theme before 5.0 lacks authorization checks then processing ajax requests to the discy_update_options action, allowing any logged in users (with privileges as low as Subscriber,) to change Theme options by sending a crafted POST request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization" + } + ] + } + ] }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", "affects": { "vendor": { "vendor_data": [ @@ -22,7 +40,7 @@ "version_data": [ { "version_affected": "<", - "version_name": "5.0", + "version_name": "0", "version_value": "5.0" } ] @@ -34,42 +52,29 @@ ] } }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The Discy WordPress theme before 5.0 lacks authorization checks then processing ajax requests to the discy_update_options action, allowing any logged in users (with privileges as low as Subscriber,) to change Theme options by sending a crafted POST request." - } - ] - }, "references": { "reference_data": [ { - "refsource": "MISC", "url": "https://wpscan.com/vulnerability/2d8020e1-6489-4555-9956-2dc190aaa61b", + "refsource": "MISC", "name": "https://wpscan.com/vulnerability/2d8020e1-6489-4555-9956-2dc190aaa61b" } ] }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-284 Improper Access Control", - "lang": "eng" - } - ] - } - ] + "generator": { + "engine": "WPScan CVE Generator" }, - "credit": [ - { - "lang": "eng", - "value": "Veshraj Ghimire" - } - ], "source": { "discovery": "EXTERNAL" - } + }, + "credits": [ + { + "lang": "en", + "value": "Veshraj Ghimire" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1570.json b/2022/1xxx/CVE-2022-1570.json index 842b1df454e..1e61e96215a 100644 --- a/2022/1xxx/CVE-2022-1570.json +++ b/2022/1xxx/CVE-2022-1570.json @@ -1,75 +1,88 @@ { - "CVE_data_meta": { - "ID": "CVE-2022-1570", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "Files Download Delay < 1.0.7 - Subscriber+ Settings Reset" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Unknown", - "product": { - "product_data": [ - { - "product_name": "Files Download Delay", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "1.0.7", - "version_value": "1.0.7" - } - ] - } - } - ] - } - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The Files Download Delay WordPress plugin before 1.0.7 does not have authorisation and CSRF checks when reseting its settings, which could allow any authenticated users, such as subscriber to perform such action." - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "url": "https://wpscan.com/vulnerability/c0257564-48ee-4d02-865f-82c8b5e793c9", - "name": "https://wpscan.com/vulnerability/c0257564-48ee-4d02-865f-82c8b5e793c9" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-862 Missing Authorization", - "lang": "eng" - } + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2022-1570", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Files Download Delay WordPress plugin before 1.0.7 does not have authorisation and CSRF checks when reseting its settings, which could allow any authenticated users, such as subscriber to perform such action." + } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Files Download Delay", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "1.0.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/c0257564-48ee-4d02-865f-82c8b5e793c9", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/c0257564-48ee-4d02-865f-82c8b5e793c9" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Daniel Ruf" + }, + { + "lang": "en", + "value": "WPScan" + } ] - }, - "credit": [ - { - "lang": "eng", - "value": "Daniel Ruf" - } - ], - "source": { - "discovery": "EXTERNAL" - } -} +} \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1572.json b/2022/1xxx/CVE-2022-1572.json index 303cb4deb51..666371a6b3e 100644 --- a/2022/1xxx/CVE-2022-1572.json +++ b/2022/1xxx/CVE-2022-1572.json @@ -1,75 +1,97 @@ { - "CVE_data_meta": { - "ID": "CVE-2022-1572", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "HTML2WP <= 1.0.0 - Subscriber+ Arbitrary File Deletion" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Unknown", - "product": { - "product_data": [ - { - "product_name": "HTML2WP", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "1.0.0", - "version_value": "1.0.0" - } - ] - } - } - ] - } - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks in an AJAX action, available to any authenticated users such as subscriber, which could allow them to delete arbitrary file" - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "url": "https://wpscan.com/vulnerability/9afd1805-d449-4551-986a-f92cb47c95c5", - "name": "https://wpscan.com/vulnerability/9afd1805-d449-4551-986a-f92cb47c95c5" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-862 Missing Authorization", - "lang": "eng" - } + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2022-1572", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks in an AJAX action, available to any authenticated users such as subscriber, which could allow them to delete arbitrary file" + } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "HTML2WP", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "versionType": "custom", + "version": "0", + "lessThanOrEqual": "1.0.0" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/9afd1805-d449-4551-986a-f92cb47c95c5", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/9afd1805-d449-4551-986a-f92cb47c95c5" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Daniel Ruf" + }, + { + "lang": "en", + "value": "WPScan" + } ] - }, - "credit": [ - { - "lang": "eng", - "value": "Daniel Ruf" - } - ], - "source": { - "discovery": "EXTERNAL" - } } \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1574.json b/2022/1xxx/CVE-2022-1574.json index 31c99b1a760..dee78202bed 100644 --- a/2022/1xxx/CVE-2022-1574.json +++ b/2022/1xxx/CVE-2022-1574.json @@ -1,75 +1,97 @@ { - "CVE_data_meta": { - "ID": "CVE-2022-1574", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "HTML2WP <= 1.0.0 - Unauthenticated Arbitrary File Upload" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Unknown", - "product": { - "product_data": [ - { - "product_name": "HTML2WP", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "1.0.0", - "version_value": "1.0.0" - } - ] - } - } - ] - } - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks when importing files, and does not validate them, as a result, unauthenticated attackers can upload arbitrary files (such as PHP) on the remote server" - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "url": "https://wpscan.com/vulnerability/c36d0ea8-bf5c-4af9-bd3d-911eb02adc14", - "name": "https://wpscan.com/vulnerability/c36d0ea8-bf5c-4af9-bd3d-911eb02adc14" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-434 Unrestricted Upload of File with Dangerous Type", - "lang": "eng" - } + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2022-1574", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks when importing files, and does not validate them, as a result, unauthenticated attackers can upload arbitrary files (such as PHP) on the remote server" + } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "HTML2WP", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "versionType": "custom", + "version": "0", + "lessThanOrEqual": "1.0.0" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/c36d0ea8-bf5c-4af9-bd3d-911eb02adc14", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/c36d0ea8-bf5c-4af9-bd3d-911eb02adc14" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Daniel Ruf" + }, + { + "lang": "en", + "value": "WPScan" + } ] - }, - "credit": [ - { - "lang": "eng", - "value": "Daniel Ruf" - } - ], - "source": { - "discovery": "EXTERNAL" - } } \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1589.json b/2022/1xxx/CVE-2022-1589.json index 72592877e46..60c6955a08e 100644 --- a/2022/1xxx/CVE-2022-1589.json +++ b/2022/1xxx/CVE-2022-1589.json @@ -1,75 +1,88 @@ { - "CVE_data_meta": { - "ID": "CVE-2022-1589", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "Change wp-admin Login < 1.1.0 - Unauthenticated Arbitrary Settings Update" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Unknown", - "product": { - "product_data": [ - { - "product_name": "Change wp-admin login", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "1.1.0", - "version_value": "1.1.0" - } - ] - } - } - ] - } - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The Change wp-admin login WordPress plugin before 1.1.0 does not properly check for authorisation and is also missing CSRF check when updating its settings, which could allow unauthenticated users to change the settings. The attacked could also be performed via a CSRF vector" - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "url": "https://wpscan.com/vulnerability/257f9e14-4f43-4852-8384-80c15d087633", - "name": "https://wpscan.com/vulnerability/257f9e14-4f43-4852-8384-80c15d087633" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-863 Incorrect Authorization", - "lang": "eng" - } + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2022-1589", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Change wp-admin login WordPress plugin before 1.1.0 does not properly check for authorisation and is also missing CSRF check when updating its settings, which could allow unauthenticated users to change the settings. The attacked could also be performed via a CSRF vector" + } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-863 Incorrect Authorization" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Change wp-admin login", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "1.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/257f9e14-4f43-4852-8384-80c15d087633", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/257f9e14-4f43-4852-8384-80c15d087633" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Daniel Ruf" + }, + { + "lang": "en", + "value": "WPScan" + } ] - }, - "credit": [ - { - "lang": "eng", - "value": "Daniel Ruf" - } - ], - "source": { - "discovery": "EXTERNAL" - } } \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1598.json b/2022/1xxx/CVE-2022-1598.json index f80abeceb0d..086bc373f6a 100644 --- a/2022/1xxx/CVE-2022-1598.json +++ b/2022/1xxx/CVE-2022-1598.json @@ -1,75 +1,80 @@ { - "CVE_data_meta": { - "ID": "CVE-2022-1598", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "WPQA < 5.5 - Unauthenticated Private Message Disclosure" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Unknown", - "product": { - "product_data": [ - { - "product_name": "WPQA Builder", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "5.4", - "version_value": "5.4" - } - ] - } - } - ] - } - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The WPQA Builder WordPress plugin before 5.4 which is a companion to the Discy and Himer , lacks authentication in a REST API endpoint, allowing unauthenticated users to discover private questions sent between users on the site." - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "url": "https://wpscan.com/vulnerability/0416ae2f-5670-4080-a88d-3484bb19d8c8", - "name": "https://wpscan.com/vulnerability/0416ae2f-5670-4080-a88d-3484bb19d8c8" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-284 Improper Access Control", - "lang": "eng" - } + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2022-1598", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WPQA Builder WordPress plugin before 5.5 which is a companion to the Discy and Himer , lacks authentication in a REST API endpoint, allowing unauthenticated users to discover private questions sent between users on the site." + } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-306 Missing Authentication for Critical Function" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "WPQA Builder", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "5.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/0416ae2f-5670-4080-a88d-3484bb19d8c8", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/0416ae2f-5670-4080-a88d-3484bb19d8c8" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Veshraj Ghimire" + }, + { + "lang": "en", + "value": "WPScan" + } ] - }, - "credit": [ - { - "lang": "eng", - "value": "Veshraj Ghimire" - } - ], - "source": { - "discovery": "EXTERNAL" - } -} +} \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2034.json b/2022/2xxx/CVE-2022-2034.json index 9677a99fbda..cb4284187b7 100644 --- a/2022/2xxx/CVE-2022-2034.json +++ b/2022/2xxx/CVE-2022-2034.json @@ -1,80 +1,85 @@ { - "CVE_data_meta": { - "ID": "CVE-2022-2034", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "Sensei LMS < 4.5.0 - Unauthenticated Private Messages Disclosure via Rest API" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Unknown", - "product": { - "product_data": [ - { - "product_name": "Sensei LMS – Online Courses, Quizzes, & Learning", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "4.5.0", - "version_value": "4.5.0" - } - ] - } - } - ] - } - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The Sensei LMS WordPress plugin before 4.5.0 does not have proper permissions set in one of its REST endpoint, allowing unauthenticated users to access private messages sent to teachers" - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "url": "https://wpscan.com/vulnerability/aba3dd58-7a8e-4129-add5-4dd5972c0426", - "name": "https://wpscan.com/vulnerability/aba3dd58-7a8e-4129-add5-4dd5972c0426" - }, - { - "refsource": "MISC", - "url": "https://hackerone.com/reports/1590237", - "name": "https://hackerone.com/reports/1590237" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-862 Missing Authorization", - "lang": "eng" - } + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2022-2034", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Sensei LMS WordPress plugin before 4.5.0 does not have proper permissions set in one of its REST endpoint, allowing unauthenticated users to access private messages sent to teachers" + } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-639 Authorization Bypass Through User-Controlled Key" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Sensei LMS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "4.5.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/aba3dd58-7a8e-4129-add5-4dd5972c0426", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/aba3dd58-7a8e-4129-add5-4dd5972c0426" + }, + { + "url": "https://hackerone.com/reports/1590237", + "refsource": "MISC", + "name": "https://hackerone.com/reports/1590237" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Veshraj Ghimire" + }, + { + "lang": "en", + "value": "WPScan" + } ] - }, - "credit": [ - { - "lang": "eng", - "value": "Veshraj Ghimire" - } - ], - "source": { - "discovery": "EXTERNAL" - } -} +} \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2099.json b/2022/2xxx/CVE-2022-2099.json index 30fd9a2b705..869eaa48abd 100644 --- a/2022/2xxx/CVE-2022-2099.json +++ b/2022/2xxx/CVE-2022-2099.json @@ -1,75 +1,80 @@ { - "CVE_data_meta": { - "ID": "CVE-2022-2099", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "WooCommerce < 6.6.0 - Admin+ Stored HTML Injection" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Unknown", - "product": { - "product_data": [ - { - "product_name": "WooCommerce", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "6.6.0", - "version_value": "6.6.0" - } - ] - } - } - ] - } - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The WooCommerce WordPress plugin before 6.6.0 is vulnerable to stored HTML injection due to lack of escaping and sanitizing in the payment gateway titles" - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "url": "https://wpscan.com/vulnerability/0316e5f3-3302-40e3-8ff4-be3423a3be7b", - "name": "https://wpscan.com/vulnerability/0316e5f3-3302-40e3-8ff4-be3423a3be7b" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-94 Improper Control of Generation of Code ('Code Injection')", - "lang": "eng" - } + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2022-2099", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WooCommerce WordPress plugin before 6.6.0 is vulnerable to stored HTML injection due to lack of escaping and sanitizing in the payment gateway titles" + } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-116 Improper Encoding or Escaping of Output" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "WooCommerce", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "6.6.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/0316e5f3-3302-40e3-8ff4-be3423a3be7b", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/0316e5f3-3302-40e3-8ff4-be3423a3be7b" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Taurus Omar" + }, + { + "lang": "en", + "value": "WPScan" + } ] - }, - "credit": [ - { - "lang": "eng", - "value": "Taurus Omar" - } - ], - "source": { - "discovery": "EXTERNAL" - } -} +} \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2146.json b/2022/2xxx/CVE-2022-2146.json index ddb27096a29..d997964ad81 100644 --- a/2022/2xxx/CVE-2022-2146.json +++ b/2022/2xxx/CVE-2022-2146.json @@ -1,75 +1,89 @@ { - "CVE_data_meta": { - "ID": "CVE-2022-2146", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "Import CSV Files <= 1.0 - Reflected Cross-Site Scripting" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Unknown", - "product": { - "product_data": [ - { - "product_name": "Import CSV Files", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "1.0", - "version_value": "1.0" - } - ] - } - } - ] - } - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The Import CSV Files WordPress plugin through 1.0 does not sanitise and escaped imported data before outputting them back in a page, and is lacking CSRF check when performing such action as well, resulting in a Reflected Cross-Site Scripting" - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "url": "https://wpscan.com/vulnerability/adc1d752-331e-44af-b5dc-b463d56c2cb4", - "name": "https://wpscan.com/vulnerability/adc1d752-331e-44af-b5dc-b463d56c2cb4" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-79 Cross-site Scripting (XSS)", - "lang": "eng" - } + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2022-2146", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Import CSV Files WordPress plugin through 1.0 does not sanitise and escaped imported data before outputting them back in a page, and is lacking CSRF check when performing such action as well, resulting in a Reflected Cross-Site Scripting" + } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Import CSV Files", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "versionType": "custom", + "version": "0", + "lessThanOrEqual": "1.0" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/adc1d752-331e-44af-b5dc-b463d56c2cb4", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/adc1d752-331e-44af-b5dc-b463d56c2cb4" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Benachi" + }, + { + "lang": "en", + "value": "WPScan" + } ] - }, - "credit": [ - { - "lang": "eng", - "value": "Benachi" - } - ], - "source": { - "discovery": "EXTERNAL" - } } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2241.json b/2022/2xxx/CVE-2022-2241.json index b5b911b9683..9e2161212f1 100644 --- a/2022/2xxx/CVE-2022-2241.json +++ b/2022/2xxx/CVE-2022-2241.json @@ -1,75 +1,80 @@ { - "CVE_data_meta": { - "ID": "CVE-2022-2241", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "Featured Image from URL < 4.0.0 - Arbitrary Settings Update to Stored XSS via CSRF" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Unknown", - "product": { - "product_data": [ - { - "product_name": "Featured Image from URL (FIFU)", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "4.0.0", - "version_value": "4.0.0" - } - ] - } - } - ] - } - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The Featured Image from URL (FIFU) WordPress plugin before 4.0.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of validation, sanitisation and escaping in some of them, it could also lead to Stored XSS issues" - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "url": "https://wpscan.com/vulnerability/8670d196-972b-491b-8d9b-25994a345f57", - "name": "https://wpscan.com/vulnerability/8670d196-972b-491b-8d9b-25994a345f57" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-352 Cross-Site Request Forgery (CSRF)", - "lang": "eng" - } + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2022-2241", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Featured Image from URL (FIFU) WordPress plugin before 4.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of validation, sanitisation and escaping in some of them, it could also lead to Stored XSS issues" + } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-116 Improper Encoding or Escaping of Output" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Featured Image from URL (FIFU)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "4.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/8670d196-972b-491b-8d9b-25994a345f57", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/8670d196-972b-491b-8d9b-25994a345f57" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Raad Haddad of Cloudyrion GmbH" + }, + { + "lang": "en", + "value": "WPScan" + } ] - }, - "credit": [ - { - "lang": "eng", - "value": "Raad Haddad" - } - ], - "source": { - "discovery": "EXTERNAL" - } -} +} \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2354.json b/2022/2xxx/CVE-2022-2354.json index ca7b1692b2d..1fb4d37e18e 100644 --- a/2022/2xxx/CVE-2022-2354.json +++ b/2022/2xxx/CVE-2022-2354.json @@ -1,75 +1,80 @@ { - "CVE_data_meta": { - "ID": "CVE-2022-2354", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "WP-DBManager < 2.80.8 - Admin+ Remote Command Execution" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Unknown", - "product": { - "product_data": [ - { - "product_name": "WP-DBManager", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "2.80.8", - "version_value": "2.80.8" - } - ] - } - } - ] - } - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The WP-DBManager WordPress plugin before 2.80.8 does not prevent administrators from running arbitrary commands on the server in multisite installations, where only super-administrators should." - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "url": "https://wpscan.com/vulnerability/1c8c5861-ce87-4813-9e26-470d63c1903a", - "name": "https://wpscan.com/vulnerability/1c8c5861-ce87-4813-9e26-470d63c1903a" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-94 Improper Control of Generation of Code ('Code Injection')", - "lang": "eng" - } + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2022-2354", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WP-DBManager WordPress plugin before 2.80.8 does not prevent administrators from running arbitrary commands on the server in multisite installations, where only super-administrators should." + } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-863 Incorrect Authorization" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "WP-DBManager", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "2.80.8" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/1c8c5861-ce87-4813-9e26-470d63c1903a", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/1c8c5861-ce87-4813-9e26-470d63c1903a" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Raad Haddad of Cloudyrion GmbH" + }, + { + "lang": "en", + "value": "WPScan" + } ] - }, - "credit": [ - { - "lang": "eng", - "value": "Raad Haddad" - } - ], - "source": { - "discovery": "EXTERNAL" - } } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2370.json b/2022/2xxx/CVE-2022-2370.json index f18f86e27a0..4da9042d28f 100644 --- a/2022/2xxx/CVE-2022-2370.json +++ b/2022/2xxx/CVE-2022-2370.json @@ -1,75 +1,80 @@ { - "CVE_data_meta": { - "ID": "CVE-2022-2370", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "YaySMTP < 2.2.1 - Subscriber+ SMTP Credentials Leak" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Unknown", - "product": { - "product_data": [ - { - "product_name": "YaySMTP – Simple WP SMTP Mail", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "2.2.1", - "version_value": "2.2.1" - } - ] - } - } - ] - } - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The YaySMTP WordPress plugin before 2.2.1 does not have capability check before displaying the Mailer Credentials in JS code for the settings, allowing any authenticated users, such as subscriber to retrieve them" - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "url": "https://wpscan.com/vulnerability/bedda2a9-6c52-478e-b17a-7a4488419334", - "name": "https://wpscan.com/vulnerability/bedda2a9-6c52-478e-b17a-7a4488419334" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-668 Exposure of Resource to Wrong Sphere", - "lang": "eng" - } + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2022-2370", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The YaySMTP WordPress plugin before 2.2.1 does not have capability check before displaying the Mailer Credentials in JS code for the settings, allowing any authenticated users, such as subscriber to retrieve them" + } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "YaySMTP", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "2.2.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/bedda2a9-6c52-478e-b17a-7a4488419334", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/bedda2a9-6c52-478e-b17a-7a4488419334" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Rafshanzani Suhada" + }, + { + "lang": "en", + "value": "WPScan" + } ] - }, - "credit": [ - { - "lang": "eng", - "value": "Rafshanzani Suhada" - } - ], - "source": { - "discovery": "EXTERNAL" - } -} +} \ No newline at end of file