admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-30 18:04:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-07-22 17:00:44 +00:00
parent f04564de0c
commit 4e66d01d96
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
12 changed files with 960 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
2022/0xxx/CVE-2022-0978.json
View File

@ -4,14 +4,64 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2022-0978", "ID": "CVE-2022-0978",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "chrome-cve-admin@google.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_value": "99.0.4844.74",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use after free"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_15.html",
"refsource": "MISC",
"name": "https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_15.html"
},
{
"url": "https://crbug.com/1299264",
"refsource": "MISC",
"name": "https://crbug.com/1299264"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Use after free in ANGLE in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
} }
] ]
} }

56
2022/0xxx/CVE-2022-0979.json
View File

@ -4,14 +4,64 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2022-0979", "ID": "CVE-2022-0979",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "chrome-cve-admin@google.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_value": "99.0.4844.74",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use after free"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_15.html",
"refsource": "MISC",
"name": "https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_15.html"
},
{
"url": "https://crbug.com/1302644",
"refsource": "MISC",
"name": "https://crbug.com/1302644"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Use after free in Safe Browsing in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page."
} }
] ]
} }

56
2022/0xxx/CVE-2022-0980.json
View File

@ -4,14 +4,64 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2022-0980", "ID": "CVE-2022-0980",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "chrome-cve-admin@google.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_value": "99.0.4844.74",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use after free"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_15.html",
"refsource": "MISC",
"name": "https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_15.html"
},
{
"url": "https://crbug.com/1302157",
"refsource": "MISC",
"name": "https://crbug.com/1302157"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Use after free in New Tab Page in Google Chrome prior to 99.0.4844.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific user interactions."
} }
] ]
} }

99
2022/27xxx/CVE-2022-27235.json
View File

@ -1,18 +1,105 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-06-09T08:45:00.000Z",
"ID": "CVE-2022-27235", "ID": "CVE-2022-27235",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC",
"STATE": "RESERVED" "TITLE": "WordPress Social Share Buttons by Supsystic plugin <= 2.2.3 - Multiple Broken Access Control vulnerabilities"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Social Share Buttons by Supsystic (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 2.2.3",
"version_value": "2.2.3"
}
]
}
}
]
},
"vendor_name": "Supsystic"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by m0ze (Patchstack)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Multiple Broken Access Control vulnerabilities in Social Share Buttons by Supsystic plugin <= 2.2.3 at WordPress."
} }
] ]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264 Permissions, Privileges, and Access Controls"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/social-share-buttons-by-supsystic/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/social-share-buttons-by-supsystic/#developers"
},
{
"name": "https://patchstack.com/database/vulnerability/social-share-buttons-by-supsystic/wordpress-social-share-buttons-by-supsystic-plugin-2-2-3-multiple-broken-access-control-vulnerabilities",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/social-share-buttons-by-supsystic/wordpress-social-share-buttons-by-supsystic-plugin-2-2-3-multiple-broken-access-control-vulnerabilities"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update to 2.2.4 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
} }
} }

99
2022/29xxx/CVE-2022-29495.json
View File

@ -1,18 +1,105 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-06-30T07:42:00.000Z",
"ID": "CVE-2022-29495", "ID": "CVE-2022-29495",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC",
"STATE": "RESERVED" "TITLE": "WordPress Popup Builder plugin <= 4.1.11 - Cross-Site Request Forgery (CSRF) leading to plugin settings update"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Popup Builder (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 4.1.11",
"version_value": "4.1.11"
}
]
}
}
]
},
"vendor_name": "Sygnoos"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Rafie Muhammad aka Yeraisci (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Builder plugin <= 4.1.11 at WordPress allows an attacker to update plugin settings."
} }
] ]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/popup-builder/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/popup-builder/#developers"
},
{
"name": "https://patchstack.com/database/vulnerability/popup-builder/wordpress-popup-builder-plugin-4-1-11-cross-site-request-forgery-csrf-leading-to-plugin-settings-update",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/popup-builder/wordpress-popup-builder-plugin-4-1-11-cross-site-request-forgery-csrf-leading-to-plugin-settings-update"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update to 4.1.12 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
} }
} }

93
2022/30xxx/CVE-2022-30998.json
View File

@ -1,18 +1,99 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-07-19T09:43:00.000Z",
"ID": "CVE-2022-30998", "ID": "CVE-2022-30998",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC",
"STATE": "RESERVED" "TITLE": "WordPress Homepage Product Organizer for WooCommerce plugin <= 1.1 - Multiple Authenticated SQL Injection (SQLi) vulnerabilities"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Homepage Product Organizer for WooCommerce (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 1.1",
"version_value": "1.1"
}
]
}
}
]
},
"vendor_name": "WooPlugins.co"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Lenon Leite (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Multiple Authenticated (subscriber or higher user role) SQL Injection (SQLi) vulnerabilities in WooPlugins.co's Homepage Product Organizer for WooCommerce plugin <= 1.1 at WordPress."
} }
] ]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/homepage-product-organizer-for-woocommerce/#description",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/homepage-product-organizer-for-woocommerce/#description"
},
{
"name": "https://patchstack.com/database/vulnerability/homepage-product-organizer-for-woocommerce/wordpress-homepage-product-organizer-for-woocommerce-plugin-1-1-multiple-authenticated-sql-injection-sqli-vulnerabilities",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/homepage-product-organizer-for-woocommerce/wordpress-homepage-product-organizer-for-woocommerce-plugin-1-1-multiple-authenticated-sql-injection-sqli-vulnerabilities"
}
]
},
"source": {
"discovery": "EXTERNAL"
} }
} }

93
2022/33xxx/CVE-2022-33191.json
View File

@ -1,18 +1,99 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-07-19T09:21:00.000Z",
"ID": "CVE-2022-33191", "ID": "CVE-2022-33191",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC",
"STATE": "RESERVED" "TITLE": "WordPress Testimonials plugin <= 3.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Testimonials (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 3.0.1",
"version_value": "3.0.1"
}
]
}
}
]
},
"vendor_name": "Chinmoy Paul (chinmoy29)"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Ngo Van Thien (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Chinmoy Paul's Testimonials plugin <= 3.0.1 at WordPress."
} }
] ]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/testimonials/#description",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/testimonials/#description"
},
{
"name": "https://patchstack.com/database/vulnerability/testimonials/wordpress-testimonials-plugin-3-0-1-authenticated-stored-cross-site-scripting-xss-vulnerability",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/testimonials/wordpress-testimonials-plugin-3-0-1-authenticated-stored-cross-site-scripting-xss-vulnerability"
}
]
},
"source": {
"discovery": "EXTERNAL"
} }
} }

93
2022/33xxx/CVE-2022-33901.json
View File

@ -1,18 +1,99 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-07-18T10:34:00.000Z",
"ID": "CVE-2022-33901", "ID": "CVE-2022-33901",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC",
"STATE": "RESERVED" "TITLE": "WordPress MultiSafepay plugin for WooCommerce plugin <= 4.13.1 - Unauthenticated Arbitrary File Read vulnerability"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MultiSafepay plugin for WooCommerce (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 4.13.1",
"version_value": "4.13.1"
}
]
}
}
]
},
"vendor_name": "MultiSafepay"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Roldan Brandon (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Unauthenticated Arbitrary File Read vulnerability in MultiSafepay plugin for WooCommerce plugin <= 4.13.1 at WordPress."
} }
] ]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary File Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/multisafepay/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/multisafepay/#developers"
},
{
"name": "https://patchstack.com/database/vulnerability/multisafepay/wordpress-multisafepay-plugin-for-woocommerce-plugin-4-13-1-unauthenticated-arbitrary-file-read-vulnerability",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/multisafepay/wordpress-multisafepay-plugin-for-woocommerce-plugin-4-13-1-unauthenticated-arbitrary-file-read-vulnerability"
}
]
},
"source": {
"discovery": "EXTERNAL"
} }
} }

99
2022/33xxx/CVE-2022-33960.json
View File

@ -1,18 +1,105 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-06-09T08:34:00.000Z",
"ID": "CVE-2022-33960", "ID": "CVE-2022-33960",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC",
"STATE": "RESERVED" "TITLE": "WordPress Social Share Buttons by Supsystic plugin <= 2.2.3 - Multiple Authenticated SQL Injection (SQLi) vulnerabilities"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Social Share Buttons by Supsystic (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 2.2.3",
"version_value": "2.2.3"
}
]
}
}
]
},
"vendor_name": "Supsystic"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by m0ze (Patchstack)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Multiple Authenticated (subscriber or higher user role) SQL Injection (SQLi) vulnerabilities in Social Share Buttons by Supsystic plugin <= 2.2.3 at WordPress."
} }
] ]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/social-share-buttons-by-supsystic/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/social-share-buttons-by-supsystic/#developers"
},
{
"name": "https://patchstack.com/database/vulnerability/social-share-buttons-by-supsystic/wordpress-social-share-buttons-by-supsystic-plugin-2-2-3-multiple-authenticated-sql-injection-sqli-vulnerabilities",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/social-share-buttons-by-supsystic/wordpress-social-share-buttons-by-supsystic-plugin-2-2-3-multiple-authenticated-sql-injection-sqli-vulnerabilities"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update to 2.2.4 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
} }
} }

93
2022/34xxx/CVE-2022-34650.json
View File

@ -1,18 +1,99 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-07-20T10:28:00.000Z",
"ID": "CVE-2022-34650", "ID": "CVE-2022-34650",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC",
"STATE": "RESERVED" "TITLE": "WordPress Team plugin <= 1.2.6 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Team (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 1.2.6",
"version_value": "1.2.6"
}
]
}
}
]
},
"vendor_name": "wpWax"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Ngo Van Thien (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in wpWax Team plugin <= 1.2.6 at WordPress."
} }
] ]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/adl-team/#description",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/adl-team/#description"
},
{
"name": "https://patchstack.com/database/vulnerability/adl-team/wordpress-team-plugin-1-2-6-multiple-stored-cross-site-scripting-xss-vulnerabilities",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/adl-team/wordpress-team-plugin-1-2-6-multiple-stored-cross-site-scripting-xss-vulnerabilities"
}
]
},
"source": {
"discovery": "EXTERNAL"
} }
} }

93
2022/34xxx/CVE-2022-34839.json
View File

@ -1,18 +1,99 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-07-18T08:57:00.000Z",
"ID": "CVE-2022-34839", "ID": "CVE-2022-34839",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC",
"STATE": "RESERVED" "TITLE": "WordPress WP OAuth2 Server plugin <= 1.0.1 - Authentication Bypass vulnerability"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WP OAuth2 Server (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 1.0.1",
"version_value": "1.0.1"
}
]
}
}
]
},
"vendor_name": "CodexShaper"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Lana Codes (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Authentication Bypass vulnerability in CodexShaper's WP OAuth2 Server plugin <= 1.0.1 at WordPress."
} }
] ]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/oauth2-server/#description",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/oauth2-server/#description"
},
{
"name": "https://patchstack.com/database/vulnerability/oauth2-server/wordpress-wp-oauth2-server-plugin-1-0-1-authentication-bypass-vulnerability",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/oauth2-server/wordpress-wp-oauth2-server-plugin-1-0-1-authentication-bypass-vulnerability"
}
]
},
"source": {
"discovery": "EXTERNAL"
} }
} }

93
2022/34xxx/CVE-2022-34853.json
View File

@ -1,18 +1,99 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-07-20T09:54:00.000Z",
"ID": "CVE-2022-34853", "ID": "CVE-2022-34853",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC",
"STATE": "RESERVED" "TITLE": "WordPress Team plugin <= 1.2.6 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Team (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 1.2.6",
"version_value": "1.2.6"
}
]
}
}
]
},
"vendor_name": "wpWax"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by m0ze (Patchstack)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Multiple Authenticated (contributor or higher user role) Persistent Cross-Site Scripting (XSS) vulnerabilities in wpWax Team plugin <= 1.2.6 at WordPress."
} }
] ]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/adl-team/#description",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/adl-team/#description"
},
{
"name": "https://patchstack.com/database/vulnerability/adl-team/wordpress-team-plugin-1-2-6-multiple-authenticated-persistent-cross-site-scripting-xss-vulnerabilities",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/adl-team/wordpress-team-plugin-1-2-6-multiple-authenticated-persistent-cross-site-scripting-xss-vulnerabilities"
}
]
},
"source": {
"discovery": "EXTERNAL"
} }
} }