diff --git a/2022/0xxx/CVE-2022-0978.json b/2022/0xxx/CVE-2022-0978.json index e4daba94d28..f7c86450a5e 100644 --- a/2022/0xxx/CVE-2022-0978.json +++ b/2022/0xxx/CVE-2022-0978.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-0978", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "99.0.4844.74", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_15.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_15.html" + }, + { + "url": "https://crbug.com/1299264", + "refsource": "MISC", + "name": "https://crbug.com/1299264" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in ANGLE in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." } ] } diff --git a/2022/0xxx/CVE-2022-0979.json b/2022/0xxx/CVE-2022-0979.json index edb9f95f900..c93995d8961 100644 --- a/2022/0xxx/CVE-2022-0979.json +++ b/2022/0xxx/CVE-2022-0979.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-0979", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "99.0.4844.74", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_15.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_15.html" + }, + { + "url": "https://crbug.com/1302644", + "refsource": "MISC", + "name": "https://crbug.com/1302644" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in Safe Browsing in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page." } ] } diff --git a/2022/0xxx/CVE-2022-0980.json b/2022/0xxx/CVE-2022-0980.json index 5bb8ed1e148..45cb0a3a431 100644 --- a/2022/0xxx/CVE-2022-0980.json +++ b/2022/0xxx/CVE-2022-0980.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-0980", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "99.0.4844.74", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_15.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_15.html" + }, + { + "url": "https://crbug.com/1302157", + "refsource": "MISC", + "name": "https://crbug.com/1302157" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in New Tab Page in Google Chrome prior to 99.0.4844.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific user interactions." } ] } diff --git a/2022/27xxx/CVE-2022-27235.json b/2022/27xxx/CVE-2022-27235.json index 572f88d99e4..559d911ad1e 100644 --- a/2022/27xxx/CVE-2022-27235.json +++ b/2022/27xxx/CVE-2022-27235.json @@ -1,18 +1,105 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "audit@patchstack.com", + "DATE_PUBLIC": "2022-06-09T08:45:00.000Z", "ID": "CVE-2022-27235", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WordPress Social Share Buttons by Supsystic plugin <= 2.2.3 - Multiple Broken Access Control vulnerabilities" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Social Share Buttons by Supsystic (WordPress plugin)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "<= 2.2.3", + "version_value": "2.2.3" + } + ] + } + } + ] + }, + "vendor_name": "Supsystic" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Vulnerability discovered by m0ze (Patchstack)" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple Broken Access Control vulnerabilities in Social Share Buttons by Supsystic plugin <= 2.2.3 at WordPress." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-264 Permissions, Privileges, and Access Controls" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/social-share-buttons-by-supsystic/#developers", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/social-share-buttons-by-supsystic/#developers" + }, + { + "name": "https://patchstack.com/database/vulnerability/social-share-buttons-by-supsystic/wordpress-social-share-buttons-by-supsystic-plugin-2-2-3-multiple-broken-access-control-vulnerabilities", + "refsource": "CONFIRM", + "url": "https://patchstack.com/database/vulnerability/social-share-buttons-by-supsystic/wordpress-social-share-buttons-by-supsystic-plugin-2-2-3-multiple-broken-access-control-vulnerabilities" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update to 2.2.4 or higher version." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/29xxx/CVE-2022-29495.json b/2022/29xxx/CVE-2022-29495.json index bd293834d43..f2b9cbe3a8a 100644 --- a/2022/29xxx/CVE-2022-29495.json +++ b/2022/29xxx/CVE-2022-29495.json @@ -1,18 +1,105 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "audit@patchstack.com", + "DATE_PUBLIC": "2022-06-30T07:42:00.000Z", "ID": "CVE-2022-29495", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WordPress Popup Builder plugin <= 4.1.11 - Cross-Site Request Forgery (CSRF) leading to plugin settings update" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Popup Builder (WordPress plugin)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "<= 4.1.11", + "version_value": "4.1.11" + } + ] + } + } + ] + }, + "vendor_name": "Sygnoos" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Vulnerability discovered by Rafie Muhammad aka Yeraisci (Patchstack Alliance)" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Builder plugin <= 4.1.11 at WordPress allows an attacker to update plugin settings." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/popup-builder/#developers", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/popup-builder/#developers" + }, + { + "name": "https://patchstack.com/database/vulnerability/popup-builder/wordpress-popup-builder-plugin-4-1-11-cross-site-request-forgery-csrf-leading-to-plugin-settings-update", + "refsource": "CONFIRM", + "url": "https://patchstack.com/database/vulnerability/popup-builder/wordpress-popup-builder-plugin-4-1-11-cross-site-request-forgery-csrf-leading-to-plugin-settings-update" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update to 4.1.12 or higher version." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/30xxx/CVE-2022-30998.json b/2022/30xxx/CVE-2022-30998.json index dee66a6a7ea..f46b4d275ad 100644 --- a/2022/30xxx/CVE-2022-30998.json +++ b/2022/30xxx/CVE-2022-30998.json @@ -1,18 +1,99 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "audit@patchstack.com", + "DATE_PUBLIC": "2022-07-19T09:43:00.000Z", "ID": "CVE-2022-30998", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WordPress Homepage Product Organizer for WooCommerce plugin <= 1.1 - Multiple Authenticated SQL Injection (SQLi) vulnerabilities" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Homepage Product Organizer for WooCommerce (WordPress plugin)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "<= 1.1", + "version_value": "1.1" + } + ] + } + } + ] + }, + "vendor_name": "WooPlugins.co" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Vulnerability discovered by Lenon Leite (Patchstack Alliance)" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple Authenticated (subscriber or higher user role) SQL Injection (SQLi) vulnerabilities in WooPlugins.co's Homepage Product Organizer for WooCommerce plugin <= 1.1 at WordPress." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/homepage-product-organizer-for-woocommerce/#description", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/homepage-product-organizer-for-woocommerce/#description" + }, + { + "name": "https://patchstack.com/database/vulnerability/homepage-product-organizer-for-woocommerce/wordpress-homepage-product-organizer-for-woocommerce-plugin-1-1-multiple-authenticated-sql-injection-sqli-vulnerabilities", + "refsource": "CONFIRM", + "url": "https://patchstack.com/database/vulnerability/homepage-product-organizer-for-woocommerce/wordpress-homepage-product-organizer-for-woocommerce-plugin-1-1-multiple-authenticated-sql-injection-sqli-vulnerabilities" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/33xxx/CVE-2022-33191.json b/2022/33xxx/CVE-2022-33191.json index 8539f3aab64..8066fc4a438 100644 --- a/2022/33xxx/CVE-2022-33191.json +++ b/2022/33xxx/CVE-2022-33191.json @@ -1,18 +1,99 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "audit@patchstack.com", + "DATE_PUBLIC": "2022-07-19T09:21:00.000Z", "ID": "CVE-2022-33191", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WordPress Testimonials plugin <= 3.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Testimonials (WordPress plugin)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "<= 3.0.1", + "version_value": "3.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Chinmoy Paul (chinmoy29)" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Vulnerability discovered by Ngo Van Thien (Patchstack Alliance)" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Chinmoy Paul's Testimonials plugin <= 3.0.1 at WordPress." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/testimonials/#description", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/testimonials/#description" + }, + { + "name": "https://patchstack.com/database/vulnerability/testimonials/wordpress-testimonials-plugin-3-0-1-authenticated-stored-cross-site-scripting-xss-vulnerability", + "refsource": "CONFIRM", + "url": "https://patchstack.com/database/vulnerability/testimonials/wordpress-testimonials-plugin-3-0-1-authenticated-stored-cross-site-scripting-xss-vulnerability" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/33xxx/CVE-2022-33901.json b/2022/33xxx/CVE-2022-33901.json index a7ee81325a3..0a9bf0a3300 100644 --- a/2022/33xxx/CVE-2022-33901.json +++ b/2022/33xxx/CVE-2022-33901.json @@ -1,18 +1,99 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "audit@patchstack.com", + "DATE_PUBLIC": "2022-07-18T10:34:00.000Z", "ID": "CVE-2022-33901", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WordPress MultiSafepay plugin for WooCommerce plugin <= 4.13.1 - Unauthenticated Arbitrary File Read vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MultiSafepay plugin for WooCommerce (WordPress plugin)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "<= 4.13.1", + "version_value": "4.13.1" + } + ] + } + } + ] + }, + "vendor_name": "MultiSafepay" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Vulnerability discovered by Roldan Brandon (Patchstack Alliance)" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unauthenticated Arbitrary File Read vulnerability in MultiSafepay plugin for WooCommerce plugin <= 4.13.1 at WordPress." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Arbitrary File Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/multisafepay/#developers", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/multisafepay/#developers" + }, + { + "name": "https://patchstack.com/database/vulnerability/multisafepay/wordpress-multisafepay-plugin-for-woocommerce-plugin-4-13-1-unauthenticated-arbitrary-file-read-vulnerability", + "refsource": "CONFIRM", + "url": "https://patchstack.com/database/vulnerability/multisafepay/wordpress-multisafepay-plugin-for-woocommerce-plugin-4-13-1-unauthenticated-arbitrary-file-read-vulnerability" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/33xxx/CVE-2022-33960.json b/2022/33xxx/CVE-2022-33960.json index 64898f52627..ea633f0e7ec 100644 --- a/2022/33xxx/CVE-2022-33960.json +++ b/2022/33xxx/CVE-2022-33960.json @@ -1,18 +1,105 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "audit@patchstack.com", + "DATE_PUBLIC": "2022-06-09T08:34:00.000Z", "ID": "CVE-2022-33960", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WordPress Social Share Buttons by Supsystic plugin <= 2.2.3 - Multiple Authenticated SQL Injection (SQLi) vulnerabilities" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Social Share Buttons by Supsystic (WordPress plugin)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "<= 2.2.3", + "version_value": "2.2.3" + } + ] + } + } + ] + }, + "vendor_name": "Supsystic" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Vulnerability discovered by m0ze (Patchstack)" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple Authenticated (subscriber or higher user role) SQL Injection (SQLi) vulnerabilities in Social Share Buttons by Supsystic plugin <= 2.2.3 at WordPress." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/social-share-buttons-by-supsystic/#developers", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/social-share-buttons-by-supsystic/#developers" + }, + { + "name": "https://patchstack.com/database/vulnerability/social-share-buttons-by-supsystic/wordpress-social-share-buttons-by-supsystic-plugin-2-2-3-multiple-authenticated-sql-injection-sqli-vulnerabilities", + "refsource": "CONFIRM", + "url": "https://patchstack.com/database/vulnerability/social-share-buttons-by-supsystic/wordpress-social-share-buttons-by-supsystic-plugin-2-2-3-multiple-authenticated-sql-injection-sqli-vulnerabilities" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update to 2.2.4 or higher version." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/34xxx/CVE-2022-34650.json b/2022/34xxx/CVE-2022-34650.json index 55cfad18b82..c7ac2c00019 100644 --- a/2022/34xxx/CVE-2022-34650.json +++ b/2022/34xxx/CVE-2022-34650.json @@ -1,18 +1,99 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "audit@patchstack.com", + "DATE_PUBLIC": "2022-07-20T10:28:00.000Z", "ID": "CVE-2022-34650", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WordPress Team plugin <= 1.2.6 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Team (WordPress plugin)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "<= 1.2.6", + "version_value": "1.2.6" + } + ] + } + } + ] + }, + "vendor_name": "wpWax" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Vulnerability discovered by Ngo Van Thien (Patchstack Alliance)" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in wpWax Team plugin <= 1.2.6 at WordPress." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/adl-team/#description", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/adl-team/#description" + }, + { + "name": "https://patchstack.com/database/vulnerability/adl-team/wordpress-team-plugin-1-2-6-multiple-stored-cross-site-scripting-xss-vulnerabilities", + "refsource": "CONFIRM", + "url": "https://patchstack.com/database/vulnerability/adl-team/wordpress-team-plugin-1-2-6-multiple-stored-cross-site-scripting-xss-vulnerabilities" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/34xxx/CVE-2022-34839.json b/2022/34xxx/CVE-2022-34839.json index 1b7ddaa440b..34d4ad6544f 100644 --- a/2022/34xxx/CVE-2022-34839.json +++ b/2022/34xxx/CVE-2022-34839.json @@ -1,18 +1,99 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "audit@patchstack.com", + "DATE_PUBLIC": "2022-07-18T08:57:00.000Z", "ID": "CVE-2022-34839", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WordPress WP OAuth2 Server plugin <= 1.0.1 - Authentication Bypass vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WP OAuth2 Server (WordPress plugin)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "<= 1.0.1", + "version_value": "1.0.1" + } + ] + } + } + ] + }, + "vendor_name": "CodexShaper" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Vulnerability discovered by Lana Codes (Patchstack Alliance)" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Authentication Bypass vulnerability in CodexShaper's WP OAuth2 Server plugin <= 1.0.1 at WordPress." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/oauth2-server/#description", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/oauth2-server/#description" + }, + { + "name": "https://patchstack.com/database/vulnerability/oauth2-server/wordpress-wp-oauth2-server-plugin-1-0-1-authentication-bypass-vulnerability", + "refsource": "CONFIRM", + "url": "https://patchstack.com/database/vulnerability/oauth2-server/wordpress-wp-oauth2-server-plugin-1-0-1-authentication-bypass-vulnerability" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/34xxx/CVE-2022-34853.json b/2022/34xxx/CVE-2022-34853.json index e2dc55effda..573a386b183 100644 --- a/2022/34xxx/CVE-2022-34853.json +++ b/2022/34xxx/CVE-2022-34853.json @@ -1,18 +1,99 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "audit@patchstack.com", + "DATE_PUBLIC": "2022-07-20T09:54:00.000Z", "ID": "CVE-2022-34853", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WordPress Team plugin <= 1.2.6 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Team (WordPress plugin)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "<= 1.2.6", + "version_value": "1.2.6" + } + ] + } + } + ] + }, + "vendor_name": "wpWax" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Vulnerability discovered by m0ze (Patchstack)" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple Authenticated (contributor or higher user role) Persistent Cross-Site Scripting (XSS) vulnerabilities in wpWax Team plugin <= 1.2.6 at WordPress." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/adl-team/#description", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/adl-team/#description" + }, + { + "name": "https://patchstack.com/database/vulnerability/adl-team/wordpress-team-plugin-1-2-6-multiple-authenticated-persistent-cross-site-scripting-xss-vulnerabilities", + "refsource": "CONFIRM", + "url": "https://patchstack.com/database/vulnerability/adl-team/wordpress-team-plugin-1-2-6-multiple-authenticated-persistent-cross-site-scripting-xss-vulnerabilities" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file