From 5104a964dea5ea969f0a0b9a093bb1af0574c41a Mon Sep 17 00:00:00 2001 From: erwanlr Date: Mon, 20 Sep 2021 12:00:45 +0200 Subject: [PATCH] Adds CVEs --- 2021/24xxx/CVE-2021-24396.json | 92 ++++++++++++++++++++++++----- 2021/24xxx/CVE-2021-24397.json | 92 ++++++++++++++++++++++++----- 2021/24xxx/CVE-2021-24398.json | 94 ++++++++++++++++++++++++----- 2021/24xxx/CVE-2021-24399.json | 92 ++++++++++++++++++++++++----- 2021/24xxx/CVE-2021-24400.json | 92 ++++++++++++++++++++++++----- 2021/24xxx/CVE-2021-24401.json | 92 ++++++++++++++++++++++++----- 2021/24xxx/CVE-2021-24402.json | 94 ++++++++++++++++++++++++----- 2021/24xxx/CVE-2021-24403.json | 94 ++++++++++++++++++++++++----- 2021/24xxx/CVE-2021-24404.json | 94 ++++++++++++++++++++++++----- 2021/24xxx/CVE-2021-24511.json | 94 ++++++++++++++++++++++++----- 2021/24xxx/CVE-2021-24525.json | 89 +++++++++++++++++++++++----- 2021/24xxx/CVE-2021-24530.json | 89 +++++++++++++++++++++++----- 2021/24xxx/CVE-2021-24582.json | 87 ++++++++++++++++++++++----- 2021/24xxx/CVE-2021-24583.json | 89 +++++++++++++++++++++++----- 2021/24xxx/CVE-2021-24584.json | 89 +++++++++++++++++++++++----- 2021/24xxx/CVE-2021-24585.json | 89 +++++++++++++++++++++++----- 2021/24xxx/CVE-2021-24587.json | 87 ++++++++++++++++++++++----- 2021/24xxx/CVE-2021-24596.json | 89 +++++++++++++++++++++++----- 2021/24xxx/CVE-2021-24597.json | 89 +++++++++++++++++++++++----- 2021/24xxx/CVE-2021-24600.json | 87 ++++++++++++++++++++++----- 2021/24xxx/CVE-2021-24604.json | 87 ++++++++++++++++++++++----- 2021/24xxx/CVE-2021-24606.json | 87 ++++++++++++++++++++++----- 2021/24xxx/CVE-2021-24609.json | 89 +++++++++++++++++++++++----- 2021/24xxx/CVE-2021-24613.json | 87 ++++++++++++++++++++++----- 2021/24xxx/CVE-2021-24618.json | 89 +++++++++++++++++++++++----- 2021/24xxx/CVE-2021-24635.json | 87 ++++++++++++++++++++++----- 2021/24xxx/CVE-2021-24636.json | 89 +++++++++++++++++++++++----- 2021/24xxx/CVE-2021-24637.json | 89 +++++++++++++++++++++++----- 2021/24xxx/CVE-2021-24638.json | 89 +++++++++++++++++++++++----- 2021/24xxx/CVE-2021-24639.json | 105 ++++++++++++++++++++++++++++----- 2021/24xxx/CVE-2021-24640.json | 89 +++++++++++++++++++++++----- 2021/24xxx/CVE-2021-24657.json | 87 ++++++++++++++++++++++----- 2021/24xxx/CVE-2021-24663.json | 87 ++++++++++++++++++++++----- 2021/24xxx/CVE-2021-24741.json | 97 +++++++++++++++++++++++++----- 34 files changed, 2543 insertions(+), 529 deletions(-) diff --git a/2021/24xxx/CVE-2021-24396.json b/2021/24xxx/CVE-2021-24396.json index 187904558a6..15429570bfc 100644 --- a/2021/24xxx/CVE-2021-24396.json +++ b/2021/24xxx/CVE-2021-24396.json @@ -1,18 +1,80 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24396", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24396", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "GSEOR <= 1.3 - Authenticated SQL Injection" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "GSEOR – WordPress SEO Plugin", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.3", + "version_value": "1.3" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A pageid GET parameter of the GSEOR – WordPress SEO Plugin WordPress plugin through 1.3 is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/28687291-2369-49e0-8905-dc4359454830", + "name": "https://wpscan.com/vulnerability/28687291-2369-49e0-8905-dc4359454830" + }, + { + "refsource": "MISC", + "url": "https://codevigilant.com/disclosure/2021/wp-plugin-gseor/", + "name": "https://codevigilant.com/disclosure/2021/wp-plugin-gseor/" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-89 SQL Injection", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Syed Sheeraz Ali of Codevigilant" + } + ], + "source": { + "discovery": "UNKNOWN" + } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24397.json b/2021/24xxx/CVE-2021-24397.json index 2394e809af9..2f82117c7bc 100644 --- a/2021/24xxx/CVE-2021-24397.json +++ b/2021/24xxx/CVE-2021-24397.json @@ -1,18 +1,80 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24397", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24397", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "MicroCopy <= 1.1.0 - Authenticated SQL Injection" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "MicroCopy", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.1.0", + "version_value": "1.1.0" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The edit functionality in the MicroCopy WordPress plugin through 1.1.0 makes a get request to fetch the related option. The id parameter used is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/2edab2b0-d4fd-4d50-aca0-2a1b7b37c23d", + "name": "https://wpscan.com/vulnerability/2edab2b0-d4fd-4d50-aca0-2a1b7b37c23d" + }, + { + "refsource": "MISC", + "url": "https://codevigilant.com/disclosure/2021/wp-plugin-microcopy/", + "name": "https://codevigilant.com/disclosure/2021/wp-plugin-microcopy/" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-89 SQL Injection", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Syed Sheeraz Ali of Codevigilant" + } + ], + "source": { + "discovery": "UNKNOWN" + } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24398.json b/2021/24xxx/CVE-2021-24398.json index ee5be9194d7..03e920e5849 100644 --- a/2021/24xxx/CVE-2021-24398.json +++ b/2021/24xxx/CVE-2021-24398.json @@ -1,18 +1,80 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24398", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24398", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Responsive 3D Slider <= 1.2 - Authenticated SQL Injection" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "RESPONSIVE 3D SLIDER", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.2", + "version_value": "1.2" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Add new scene functionality in the Responsive 3D Slider WordPress plugin through 1.2 uses an id parameter which is not sanitised, escaped or validated before being inserted to a SQL statement, leading to SQL injection. This is a time based SQLI and in the same function vulnerable parameter is passed twice so if we pass time as 5 seconds it takes 10 seconds to return since the query is ran twice." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/e6fb2256-0214-4891-b4b7-e4371a1599a5", + "name": "https://wpscan.com/vulnerability/e6fb2256-0214-4891-b4b7-e4371a1599a5" + }, + { + "refsource": "MISC", + "url": "https://codevigilant.com/disclosure/2021/wp-plugin-morpheus-slider/", + "name": "https://codevigilant.com/disclosure/2021/wp-plugin-morpheus-slider/" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-89 SQL Injection", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Syed Sheeraz Ali of Codevigilant" + } + ], + "source": { + "discovery": "UNKNOWN" + } +} diff --git a/2021/24xxx/CVE-2021-24399.json b/2021/24xxx/CVE-2021-24399.json index 9c6e1a60b3b..916603739aa 100644 --- a/2021/24xxx/CVE-2021-24399.json +++ b/2021/24xxx/CVE-2021-24399.json @@ -1,18 +1,80 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24399", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24399", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "The Sorter <= 1.0 - Authenticated SQL Injection" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "The Sorter", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.0", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The check_order function of The Sorter WordPress plugin through 1.0 uses an `area_id` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/f7af0795-f111-4acc-9b1e-63cae5862f8b", + "name": "https://wpscan.com/vulnerability/f7af0795-f111-4acc-9b1e-63cae5862f8b" + }, + { + "refsource": "MISC", + "url": "https://codevigilant.com/disclosure/2021/wp-plugin-the-sorter/", + "name": "https://codevigilant.com/disclosure/2021/wp-plugin-the-sorter/" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-89 SQL Injection", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Syed Sheeraz Ali of Codevigilant" + } + ], + "source": { + "discovery": "UNKNOWN" + } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24400.json b/2021/24xxx/CVE-2021-24400.json index 824edf1f45f..2ac9f2bfe56 100644 --- a/2021/24xxx/CVE-2021-24400.json +++ b/2021/24xxx/CVE-2021-24400.json @@ -1,18 +1,80 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24400", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24400", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Display users <= 2.0.0 - Authenticated SQL Injection" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Display Users", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "2.0.0", + "version_value": "2.0.0" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Edit Role functionality in the Display Users WordPress plugin through 2.0.0 had an `id` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/614cf338-c8cf-4570-ae83-4f79cbdcc9d5", + "name": "https://wpscan.com/vulnerability/614cf338-c8cf-4570-ae83-4f79cbdcc9d5" + }, + { + "refsource": "MISC", + "url": "https://codevigilant.com/disclosure/2021/wp-plugin-wp-display-users/", + "name": "https://codevigilant.com/disclosure/2021/wp-plugin-wp-display-users/" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-89 SQL Injection", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Syed Sheeraz Ali of Codevigilant" + } + ], + "source": { + "discovery": "UNKNOWN" + } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24401.json b/2021/24xxx/CVE-2021-24401.json index 76143585c17..4cc529100f9 100644 --- a/2021/24xxx/CVE-2021-24401.json +++ b/2021/24xxx/CVE-2021-24401.json @@ -1,18 +1,80 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24401", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24401", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "WP Domain Redirect <= 1.0 - Authenticated SQL Injection" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "WP Domain Redirect", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.0", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Edit domain functionality in the WP Domain Redirect WordPress plugin through 1.0 has an `editid` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/f9ae34a9-84c9-4d48-af6a-9e6c786f856e", + "name": "https://wpscan.com/vulnerability/f9ae34a9-84c9-4d48-af6a-9e6c786f856e" + }, + { + "refsource": "MISC", + "url": "https://codevigilant.com/disclosure/2021/wp-plugins-domain-redirect/", + "name": "https://codevigilant.com/disclosure/2021/wp-plugins-domain-redirect/" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-89 SQL Injection", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Syed Sheeraz Ali of Codevigilant" + } + ], + "source": { + "discovery": "UNKNOWN" + } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24402.json b/2021/24xxx/CVE-2021-24402.json index c8c7564a4ec..693740af43c 100644 --- a/2021/24xxx/CVE-2021-24402.json +++ b/2021/24xxx/CVE-2021-24402.json @@ -1,18 +1,80 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24402", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24402", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "WP iCommerce <= 1.1.1 - Authenticated (contributor+) SQL Injection" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "WP iCommerce – the first interactive ecommerce for wordpress", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.1.1", + "version_value": "1.1.1" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Orders functionality in the WP iCommerce WordPress plugin through 1.1.1 has an `order_id` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. The feature is available to low privilege users such as contributors" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/7840e664-907f-42d1-950d-8c919032b707", + "name": "https://wpscan.com/vulnerability/7840e664-907f-42d1-950d-8c919032b707" + }, + { + "refsource": "MISC", + "url": "https://codevigilant.com/disclosure/2021/wp-plugin-wp-icommerce/", + "name": "https://codevigilant.com/disclosure/2021/wp-plugin-wp-icommerce/" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-89 SQL Injection", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Syed Sheeraz Ali of Codevigilant" + } + ], + "source": { + "discovery": "UNKNOWN" + } +} diff --git a/2021/24xxx/CVE-2021-24403.json b/2021/24xxx/CVE-2021-24403.json index f9fb80fdcbe..660adfe6be2 100644 --- a/2021/24xxx/CVE-2021-24403.json +++ b/2021/24xxx/CVE-2021-24403.json @@ -1,18 +1,80 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24403", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24403", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "WordPress Page Contact <= 1.0 - Authenticated (editor+) SQL Injection" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "WordPress Page Contact", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.0", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Orders functionality in the WordPress Page Contact plugin through 1.0 has an order_id parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. The feature is available to low privilege users such as contributors" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/a87040c1-58fc-4bf7-8bfa-0b9712a62ba8", + "name": "https://wpscan.com/vulnerability/a87040c1-58fc-4bf7-8bfa-0b9712a62ba8" + }, + { + "refsource": "MISC", + "url": "https://codevigilant.com/disclosure/2021/wp-plugin-wpagecontact/", + "name": "https://codevigilant.com/disclosure/2021/wp-plugin-wpagecontact/" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-89 SQL Injection", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Syed Sheeraz Ali of Codevigilant" + } + ], + "source": { + "discovery": "UNKNOWN" + } +} diff --git a/2021/24xxx/CVE-2021-24404.json b/2021/24xxx/CVE-2021-24404.json index 8778184023b..4e3859708ba 100644 --- a/2021/24xxx/CVE-2021-24404.json +++ b/2021/24xxx/CVE-2021-24404.json @@ -1,18 +1,80 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24404", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24404", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "WP-Board <= 1.1 (beta) - Unauthenticated SQL Injection" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "WP-Board", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.1 beta", + "version_value": "1.1 beta" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The options.php file of the WP-Board WordPress plugin through 1.1 beta accepts a postid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. This is a time based SQLI and in the same function vulnerable parameter is passed twice so if we pass time as 5 seconds it takes 10 seconds to return since the query ran twice." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/a86240e1-f064-4972-9f97-6b349fdd57f6", + "name": "https://wpscan.com/vulnerability/a86240e1-f064-4972-9f97-6b349fdd57f6" + }, + { + "refsource": "MISC", + "url": "https://codevigilant.com/disclosure/2021/wp-plugin-wp-board/", + "name": "https://codevigilant.com/disclosure/2021/wp-plugin-wp-board/" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-89 SQL Injection", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Syed Sheeraz Ali of Codevigilant" + } + ], + "source": { + "discovery": "UNKNOWN" + } +} diff --git a/2021/24xxx/CVE-2021-24511.json b/2021/24xxx/CVE-2021-24511.json index 6ae830cb207..9f73fb42af9 100644 --- a/2021/24xxx/CVE-2021-24511.json +++ b/2021/24xxx/CVE-2021-24511.json @@ -1,18 +1,80 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24511", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24511", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Create WooCommerce Product Feeds For 40+ Merchants < 3.3.1.0 - Authenticated SQL Injection" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Product Feed on WooCommerce for Google, Awin, Shareasale, Bing, and More", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.3.1.0", + "version_value": "3.3.1.0" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The fetch_product_ajax functionality in the Product Feed on WooCommerce WordPress plugin before 3.3.1.0 uses a `product_id` POST parameter which is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/0fa114a0-29df-4312-9138-eb9f0aedb3c5", + "name": "https://wpscan.com/vulnerability/0fa114a0-29df-4312-9138-eb9f0aedb3c5" + }, + { + "refsource": "MISC", + "url": "https://codevigilant.com/disclosure/2021/wp-plugin-purple-xmls-google-product-feed-for-woocommerce/", + "name": "https://codevigilant.com/disclosure/2021/wp-plugin-purple-xmls-google-product-feed-for-woocommerce/" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-89 SQL Injection", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Syed Sheeraz Ali of Codevigilant" + } + ], + "source": { + "discovery": "UNKNOWN" + } +} diff --git a/2021/24xxx/CVE-2021-24525.json b/2021/24xxx/CVE-2021-24525.json index afe9c709dd2..ea664e46b06 100644 --- a/2021/24xxx/CVE-2021-24525.json +++ b/2021/24xxx/CVE-2021-24525.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24525", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24525", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Shortcodes Ultimate < 5.10.2 - Contributor+ Stored XSS" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "WordPress Shortcodes Plugin — Shortcodes Ultimate", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "5.10.2", + "version_value": "5.10.2" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Shortcodes Ultimate WordPress plugin before 5.10.2 allows users with Contributor roles to perform stored XSS via shortcode attributes. Note: the plugin is inconsistent in its handling of shortcode attributes; some do escape, most don't, and there are even some attributes that are insecure by design (like [su_button]'s onclick attribute)." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/7f5659bd-50c3-4725-95f4-cf88812acf1c", + "name": "https://wpscan.com/vulnerability/7f5659bd-50c3-4725-95f4-cf88812acf1c" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "apple502j" + } + ], + "source": { + "discovery": "UNKNOWN" + } +} diff --git a/2021/24xxx/CVE-2021-24530.json b/2021/24xxx/CVE-2021-24530.json index 627cebcf978..2bd27d703a0 100644 --- a/2021/24xxx/CVE-2021-24530.json +++ b/2021/24xxx/CVE-2021-24530.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24530", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24530", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Alojapro Widget <= 1.1.15 - Authenticated Stored Cross-Site Scripting (XSS)" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Alojapro Widget", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.1.15", + "version_value": "1.1.15" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Alojapro Widget WordPress plugin through 1.1.15 doesn't properly sanitise its Custom CSS settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/caf36ca5-aafd-48bd-a1e5-30f3973d8eb8", + "name": "https://wpscan.com/vulnerability/caf36ca5-aafd-48bd-a1e5-30f3973d8eb8" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "xiahao" + } + ], + "source": { + "discovery": "UNKNOWN" + } +} diff --git a/2021/24xxx/CVE-2021-24582.json b/2021/24xxx/CVE-2021-24582.json index de8f690140e..e73e8c143d5 100644 --- a/2021/24xxx/CVE-2021-24582.json +++ b/2021/24xxx/CVE-2021-24582.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24582", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24582", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "ThinkTwit < 1.7.1 - Authenticated Stored Cross-Site Scripting (XSS)" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "ThinkTwit", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.7.1", + "version_value": "1.7.1" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ThinkTwit WordPress plugin before 1.7.1 did not sanitise or escape its \"Consumer key\" setting before outputting it its settings page, leading to a Stored Cross-Site Scripting issue." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/5a5293ed-ddcb-4a63-9420-09942e7d69c2", + "name": "https://wpscan.com/vulnerability/5a5293ed-ddcb-4a63-9420-09942e7d69c2" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Vinit Yashwantrao" + } + ], + "source": { + "discovery": "UNKNOWN" + } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24583.json b/2021/24xxx/CVE-2021-24583.json index c48553a576d..d05f42cfc6a 100644 --- a/2021/24xxx/CVE-2021-24583.json +++ b/2021/24xxx/CVE-2021-24583.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24583", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24583", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Timetable and Event Schedule by MotoPress < 2.4.2 - Unauthorised Event TimeSlot Deletion" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Timetable and Event Schedule by MotoPress", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.4.2", + "version_value": "2.4.2" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Timetable and Event Schedule WordPress plugin before 2.4.2 does not have proper access control when deleting a timeslot, allowing any user with the edit_posts capability (contributor+) to delete arbitrary timeslot from any events. Furthermore, no CSRF check is in place as well, allowing such attack to be performed via CSRF against a logged in with such capability" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/7aec4ef4-db3b-41fb-9177-88ce9d37bca6", + "name": "https://wpscan.com/vulnerability/7aec4ef4-db3b-41fb-9177-88ce9d37bca6" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-284 Improper Access Control", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "dc11" + } + ], + "source": { + "discovery": "UNKNOWN" + } +} diff --git a/2021/24xxx/CVE-2021-24584.json b/2021/24xxx/CVE-2021-24584.json index b8cd4ce96e9..b5f172fe4d5 100644 --- a/2021/24xxx/CVE-2021-24584.json +++ b/2021/24xxx/CVE-2021-24584.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24584", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24584", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Timetable and Event Schedule by MotoPress < 2.4.2 - Unauthorised Event TimeSlot Update" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Timetable and Event Schedule by MotoPress", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.4.2", + "version_value": "2.4.2" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Timetable and Event Schedule WordPress plugin before 2.4.2 does not have proper access control when updating a timeslot, allowing any user with the edit_posts capability (contributor+) to update arbitrary timeslot from any events. Furthermore, no CSRF check is in place as well, allowing such attack to be perform via CSRF against a logged in with such capability. In versions before 2.3.19, the lack of sanitisation and escaping in some of the fields, like the descritption could also lead to Stored XSS issues" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/60eadf75-8298-49de-877e-ce103fc34d58", + "name": "https://wpscan.com/vulnerability/60eadf75-8298-49de-877e-ce103fc34d58" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-284 Improper Access Control", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "dc11" + } + ], + "source": { + "discovery": "UNKNOWN" + } +} diff --git a/2021/24xxx/CVE-2021-24585.json b/2021/24xxx/CVE-2021-24585.json index 88f85494344..77d23bc0717 100644 --- a/2021/24xxx/CVE-2021-24585.json +++ b/2021/24xxx/CVE-2021-24585.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24585", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24585", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Timetable and Event Schedule by MotoPress < 2.4.0 - Arbitrary User's Hashed Password/Email/Username Disclosure" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Timetable and Event Schedule by MotoPress", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.4.0", + "version_value": "2.4.0" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Timetable and Event Schedule WordPress plugin before 2.4.0 outputs the Hashed Password, Username and Email Address (along other less sensitive data) of the user related to the Even Head of the Timeslot in the response when requesting the event Timeslot data with a user with the edit_posts capability. Combined with the other Unauthorised Event Timeslot Modification issue (https://wpscan.com/reports/submissions/4699/) where an arbitrary user ID can be set, this could allow low privilege users with the edit_posts capability (such as author) to retrieve sensitive User data by iterating over the user_id" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/cd288a92-903b-47c9-83ac-8e5b677e949b", + "name": "https://wpscan.com/vulnerability/cd288a92-903b-47c9-83ac-8e5b677e949b" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-200 Information Exposure", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "dc11" + } + ], + "source": { + "discovery": "UNKNOWN" + } +} diff --git a/2021/24xxx/CVE-2021-24587.json b/2021/24xxx/CVE-2021-24587.json index 7f6c2f69d75..a19de644b37 100644 --- a/2021/24xxx/CVE-2021-24587.json +++ b/2021/24xxx/CVE-2021-24587.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24587", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24587", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Splash Header < 1.20.8 - Authenticated Stored Cross-Site Scripting (XSS)" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Splash Header", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.20.8", + "version_value": "1.20.8" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Splash Header WordPress plugin before 1.20.8 doesn't sanitise and escape some of its settings while outputting them in the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/bb5d94ad-e1ce-44e2-8403-d73fe75a146a", + "name": "https://wpscan.com/vulnerability/bb5d94ad-e1ce-44e2-8403-d73fe75a146a" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "xiahao" + } + ], + "source": { + "discovery": "UNKNOWN" + } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24596.json b/2021/24xxx/CVE-2021-24596.json index 44bc3ee9eb7..3c1e4136ae9 100644 --- a/2021/24xxx/CVE-2021-24596.json +++ b/2021/24xxx/CVE-2021-24596.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24596", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24596", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "youForms for WordPress <= 1.0.5 - Authenticated Stored Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "youForms for WordPress – Creating Forms for CopeCart", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.0.5", + "version_value": "1.0.5" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The youForms for WordPress plugin through 1.0.5 does not sanitise escape the Button Text field of its Templates, allowing high privilege users (editors and admins) to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/b5def0e7-2b4a-43e0-8175-28b28aa2f8ae", + "name": "https://wpscan.com/vulnerability/b5def0e7-2b4a-43e0-8175-28b28aa2f8ae" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "xiahao@webray.com.cn inc" + } + ], + "source": { + "discovery": "UNKNOWN" + } +} diff --git a/2021/24xxx/CVE-2021-24597.json b/2021/24xxx/CVE-2021-24597.json index aa21b2d89c2..8ab7da15ac4 100644 --- a/2021/24xxx/CVE-2021-24597.json +++ b/2021/24xxx/CVE-2021-24597.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24597", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24597", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "You Shang <= 1.0.1 - Authenticated Stored Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "有赏 You Shang", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.0.1", + "version_value": "1.0.1" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The You Shang WordPress plugin through 1.0.1 does not escape its qrcode links settings, which result into Stored Cross-Site Scripting issues in frontend posts and the plugins settings page depending on the payload used" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/37554d0e-68e2-4df9-8c59-65f5cd7f184e", + "name": "https://wpscan.com/vulnerability/37554d0e-68e2-4df9-8c59-65f5cd7f184e" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "yangshengcheng@webray.com.cn inc" + } + ], + "source": { + "discovery": "UNKNOWN" + } +} diff --git a/2021/24xxx/CVE-2021-24600.json b/2021/24xxx/CVE-2021-24600.json index f00d7abb270..d86d59fedd5 100644 --- a/2021/24xxx/CVE-2021-24600.json +++ b/2021/24xxx/CVE-2021-24600.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24600", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24600", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "WP Dialog <= 1.2.5.5 - Authenticated Stored Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "WP Dialog", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.2.5.5", + "version_value": "1.2.5.5" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WP Dialog WordPress plugin through 1.2.5.5 does not sanitise and escape some of its settings before outputting them in pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/413b3a2e-1c05-45ec-b00f-1c137a1ae33e", + "name": "https://wpscan.com/vulnerability/413b3a2e-1c05-45ec-b00f-1c137a1ae33e" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "liaojia@webray.com.cn inc" + } + ], + "source": { + "discovery": "UNKNOWN" + } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24604.json b/2021/24xxx/CVE-2021-24604.json index 28eb351450d..2abedad3fc2 100644 --- a/2021/24xxx/CVE-2021-24604.json +++ b/2021/24xxx/CVE-2021-24604.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24604", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24604", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Availability Calendar < 1.2.2 - Authenticated Stored Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Availability Calendar", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.2.2", + "version_value": "1.2.2" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Availability Calendar WordPress plugin before 1.2.2 does not sanitise or escape its Category Names before outputting them in page/post where the associated shortcode is embed, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/d084c5b1-45f1-4e7e-b3e9-3c98ae4bce9c", + "name": "https://wpscan.com/vulnerability/d084c5b1-45f1-4e7e-b3e9-3c98ae4bce9c" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "xiahao@webray.com.cn inc" + } + ], + "source": { + "discovery": "UNKNOWN" + } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24606.json b/2021/24xxx/CVE-2021-24606.json index 8d4922517ea..381e24dd15f 100644 --- a/2021/24xxx/CVE-2021-24606.json +++ b/2021/24xxx/CVE-2021-24606.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24606", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24606", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Availability Calendar < 1.2.1 - Authenticated SQL Injection" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Availability Calendar", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.2.1", + "version_value": "1.2.1" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Availability Calendar WordPress plugin before 1.2.1 does not escape the category attribute from its shortcode before using it in a SQL statement, leading to a SQL Injection issue, which can be exploited by any user able to add shortcode to posts/pages, such as contributor+" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/fe49f48a-f97a-44fe-8d71-be08e7ce4f83", + "name": "https://wpscan.com/vulnerability/fe49f48a-f97a-44fe-8d71-be08e7ce4f83" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-89 SQL Injection", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "xiahao@webray.com.cn inc" + } + ], + "source": { + "discovery": "UNKNOWN" + } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24609.json b/2021/24xxx/CVE-2021-24609.json index 1b9d9a52c5b..7f3b0152213 100644 --- a/2021/24xxx/CVE-2021-24609.json +++ b/2021/24xxx/CVE-2021-24609.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24609", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24609", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "WP Mapa Politico Espana < 3.7.0- Authenticated Stored XSS" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "WP Mapa Politico España", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.7.0", + "version_value": "3.7.0" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WP Mapa Politico Espana WordPress plugin before 3.7.0 does not sanitise or escape some of its settings before outputting them in attributes, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/8b639743-3eb5-4f74-a156-76cb657bbe05", + "name": "https://wpscan.com/vulnerability/8b639743-3eb5-4f74-a156-76cb657bbe05" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "xiahao@webray.com.cn inc" + } + ], + "source": { + "discovery": "UNKNOWN" + } +} diff --git a/2021/24xxx/CVE-2021-24613.json b/2021/24xxx/CVE-2021-24613.json index f719f1a988e..5643d995b97 100644 --- a/2021/24xxx/CVE-2021-24613.json +++ b/2021/24xxx/CVE-2021-24613.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24613", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24613", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Post Views Counter < 1.3.5 - Authenticated Stored XSS" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Post Views Counter", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.3.5", + "version_value": "1.3.5" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Post Views Counter WordPress plugin before 1.3.5 does not sanitise or escape its Post Views Label settings, which could allow high privilege users to perform Cross-Site Scripting attacks in the frontend even when the unfiltered_html capability is disallowed" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/0b8c5947-bc73-448e-8f10-a4f4456e4000", + "name": "https://wpscan.com/vulnerability/0b8c5947-bc73-448e-8f10-a4f4456e4000" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Tung Duong Dinh" + } + ], + "source": { + "discovery": "UNKNOWN" + } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24618.json b/2021/24xxx/CVE-2021-24618.json index 4b0e33b87cb..4660725827a 100644 --- a/2021/24xxx/CVE-2021-24618.json +++ b/2021/24xxx/CVE-2021-24618.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24618", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24618", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Donate With QRCode < 1.4.5 - Stored Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Donate With QRCode", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.4.5", + "version_value": "1.4.5" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Donate With QRCode WordPress plugin before 1.4.5 does not sanitise or escape its QRCode Image setting, which result into a Stored Cross-Site Scripting (XSS). Furthermore, the plugin also does not have any CSRF and capability checks in place when saving such setting, allowing any authenticated user (as low as subscriber), or unauthenticated user via a CSRF vector to update them and perform such attack." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/d50b801a-16b5-45e9-a465-e3bb0445cb49", + "name": "https://wpscan.com/vulnerability/d50b801a-16b5-45e9-a465-e3bb0445cb49" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "yangshengcheng@webray.com.cn inc" + } + ], + "source": { + "discovery": "UNKNOWN" + } +} diff --git a/2021/24xxx/CVE-2021-24635.json b/2021/24xxx/CVE-2021-24635.json index 4cbe415e501..165d51e00a8 100644 --- a/2021/24xxx/CVE-2021-24635.json +++ b/2021/24xxx/CVE-2021-24635.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24635", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24635", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Visual Link Preview < 2.2.3 - Unauthorised AJAX Calls" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Visual Link Preview", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.2.3", + "version_value": "2.2.3" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Visual Link Preview WordPress plugin before 2.2.3 does not enforce authorisation on several AJAX actions and has the CSRF nonce displayed for all authenticated users, allowing any authenticated user (such as subscriber) to call them and 1) Get and search through title and content of Draft post, 2) Get title of a password-protected post as well as 3) Upload an image from an URL" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/854b23d9-e3f8-4835-8d29-140c580f11c9", + "name": "https://wpscan.com/vulnerability/854b23d9-e3f8-4835-8d29-140c580f11c9" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-284 Improper Access Control", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "apple502j" + } + ], + "source": { + "discovery": "UNKNOWN" + } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24636.json b/2021/24xxx/CVE-2021-24636.json index 9b685928528..8bdf819ec28 100644 --- a/2021/24xxx/CVE-2021-24636.json +++ b/2021/24xxx/CVE-2021-24636.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24636", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24636", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Print My Blog < 3.4.2 - Plugin Deactivation via CSRF" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Print My Blog – Print, PDF, & eBook Converter WordPress Plugin", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.4.2", + "version_value": "3.4.2" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Print My Blog WordPress Plugin before 3.4.2 does not enforce nonce (CSRF) checks, which allows attackers to make logged in administrators deactivate the Print My Blog plugin and delete all saved data for that plugin by tricking them to open a malicious link" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/db8ace7b-7a44-4620-9fe8-ddf0ad520f5e", + "name": "https://wpscan.com/vulnerability/db8ace7b-7a44-4620-9fe8-ddf0ad520f5e" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "apple502j" + } + ], + "source": { + "discovery": "UNKNOWN" + } +} diff --git a/2021/24xxx/CVE-2021-24637.json b/2021/24xxx/CVE-2021-24637.json index 1c0fa14e75d..f0f1c9d2362 100644 --- a/2021/24xxx/CVE-2021-24637.json +++ b/2021/24xxx/CVE-2021-24637.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24637", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24637", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Fonts Plugin < 3.0.3 - Contributor+ Stored Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Fonts Plugin | Google Fonts Typography", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.0.3", + "version_value": "3.0.3" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Google Fonts Typography WordPress plugin before 3.0.3 does not escape and sanitise some of its block settings, allowing users with as role as low as Contributor to perform Stored Cross-Site Scripting attacks via blockType (combined with content), align, color, variant and fontID argument of a Gutenberg block." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/dd2b3f22-5e8b-41cf-bcb8-d2e673e1d21e", + "name": "https://wpscan.com/vulnerability/dd2b3f22-5e8b-41cf-bcb8-d2e673e1d21e" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "apple502j" + } + ], + "source": { + "discovery": "UNKNOWN" + } +} diff --git a/2021/24xxx/CVE-2021-24638.json b/2021/24xxx/CVE-2021-24638.json index 3b095456af8..56a1d30123d 100644 --- a/2021/24xxx/CVE-2021-24638.json +++ b/2021/24xxx/CVE-2021-24638.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24638", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24638", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "OMGF < 4.5.4 - Unauthenticated Path Traversal in REST API" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "OMGF | Host Google Fonts Locally", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "4.5.4", + "version_value": "4.5.4" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The OMGF WordPress plugin before 4.5.4 does not escape or validate the handle parameter of the REST API, which allows unauthenticated users to perform path traversal and overwrite arbitrary CSS file with Google Fonts CSS, or download fonts uploaded on Google Fonts website." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/c783a746-f1fe-4d68-9d0a-477de5dbb35c", + "name": "https://wpscan.com/vulnerability/c783a746-f1fe-4d68-9d0a-477de5dbb35c" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "apple502j" + } + ], + "source": { + "discovery": "UNKNOWN" + } +} diff --git a/2021/24xxx/CVE-2021-24639.json b/2021/24xxx/CVE-2021-24639.json index 6e9a5fb5ec5..b175e74aacb 100644 --- a/2021/24xxx/CVE-2021-24639.json +++ b/2021/24xxx/CVE-2021-24639.json @@ -1,18 +1,91 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24639", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24639", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "OMGF < 4.5.4 - Subscriber+ Arbitrary File/Folder Deletion" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "OMGF | Host Google Fonts Locally", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "4.5.4", + "version_value": "4.5.4" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The OMGF WordPress plugin before 4.5.4 does not enforce path validation, authorisation and CSRF checks in the omgf_ajax_empty_dir AJAX action, which allows any authenticated users to delete arbitrary files or folders on the server." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/1ada2a96-32aa-4e37-809c-705db6026e0b", + "name": "https://wpscan.com/vulnerability/1ada2a96-32aa-4e37-809c-705db6026e0b" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-284 Improper Access Control", + "lang": "eng" + } + ] + }, + { + "description": [ + { + "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + "lang": "eng" + } + ] + }, + { + "description": [ + { + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "apple502j" + } + ], + "source": { + "discovery": "UNKNOWN" + } +} diff --git a/2021/24xxx/CVE-2021-24640.json b/2021/24xxx/CVE-2021-24640.json index fb1b374e154..2cda0f41a12 100644 --- a/2021/24xxx/CVE-2021-24640.json +++ b/2021/24xxx/CVE-2021-24640.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24640", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24640", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Gutenslider < 5.2.0 - Contributor+ Stored XSS" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "WordPress Slider Block Gutenslider", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "5.2.0", + "version_value": "5.2.0" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WordPress Slider Block Gutenslider plugin before 5.2.0 does not escape the minWidth attribute of a Gutenburg block, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/e61dd498-5d0e-45ce-b660-a36c576f8d78", + "name": "https://wpscan.com/vulnerability/e61dd498-5d0e-45ce-b660-a36c576f8d78" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "apple502j" + } + ], + "source": { + "discovery": "UNKNOWN" + } +} diff --git a/2021/24xxx/CVE-2021-24657.json b/2021/24xxx/CVE-2021-24657.json index 4a458f6a0ed..e843d592220 100644 --- a/2021/24xxx/CVE-2021-24657.json +++ b/2021/24xxx/CVE-2021-24657.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24657", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24657", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Limit Login Attempts < 4.0.50 - Unauthenticated Stored Cross-Site Scripting " + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Limit Login Attempts", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "4.0.50", + "version_value": "4.0.50" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Limit Login Attempts WordPress plugin before 4.0.50 does not escape the IP addresses (which can be controlled by attacker via headers such as X-Forwarded-For) of attempted logins before outputting them in the reports table, leading to an Unauthenticated Stored Cross-Site Scripting issue." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/c789ca04-d88c-4789-8be1-812888f0c8f8", + "name": "https://wpscan.com/vulnerability/c789ca04-d88c-4789-8be1-812888f0c8f8" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "wuzhenyu" + } + ], + "source": { + "discovery": "UNKNOWN" + } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24663.json b/2021/24xxx/CVE-2021-24663.json index 3c39eb9d4fb..85671137ac8 100644 --- a/2021/24xxx/CVE-2021-24663.json +++ b/2021/24xxx/CVE-2021-24663.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24663", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24663", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Simple School Staff Directory <= 1.1 - Admin+ Arbitrary File Upload" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Simple Schools Staff Directory", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.1", + "version_value": "1.1" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Simple Schools Staff Directory WordPress plugin through 1.1 does not validate uploaded logo pictures to ensure that are indeed images, allowing high privilege users such as admin to upload arbitrary file like PHP, leading to RCE" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/8b5b5b57-50c5-4cd8-9171-168c3e9df46a", + "name": "https://wpscan.com/vulnerability/8b5b5b57-50c5-4cd8-9171-168c3e9df46a" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-434 Unrestricted Upload of File with Dangerous Type", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Chuang Li" + } + ], + "source": { + "discovery": "UNKNOWN" + } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24741.json b/2021/24xxx/CVE-2021-24741.json index 6b0afbe2701..9a9b1641563 100644 --- a/2021/24xxx/CVE-2021-24741.json +++ b/2021/24xxx/CVE-2021-24741.json @@ -1,18 +1,85 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24741", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24741", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Support Board < 3.3.4 - Multiple Unauthenticated SQL Injections" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Support Board", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.3.4", + "version_value": "3.3.4" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Support Board WordPress plugin before 3.3.4 does not escape multiple POST parameters (such as status_code, department, user_id, conversation_id, conversation_status_code, and recipient_id) before using them in SQL statements, leading to SQL injections which are exploitable by unauthenticated users." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/ccf293ec-7607-412b-b662-5e237b8690ca", + "name": "https://wpscan.com/vulnerability/ccf293ec-7607-412b-b662-5e237b8690ca" + }, + { + "refsource": "MISC", + "url": "https://medium.com/@lijohnjefferson/multiple-sql-injection-unauthenticated-in-support-board-v-3-3-3-3e9b4214a4f9", + "name": "https://medium.com/@lijohnjefferson/multiple-sql-injection-unauthenticated-in-support-board-v-3-3-3-3e9b4214a4f9" + }, + { + "refsource": "MISC", + "url": "https://board.support/changes", + "name": "https://board.support/changes" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-89 SQL Injection", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "John Jefferson Li" + } + ], + "source": { + "discovery": "UNKNOWN" + } } \ No newline at end of file