admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 11:06:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Adds CVEs

Browse Source
This commit is contained in:
erwanlr 2022-09-19 15:54:44 +02:00
parent 63f0a7f532
commit 5fb3f720e1
16 changed files with 969 additions and 213 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
2021/25xxx/CVE-2021-25002.json
View File

@ -3,7 +3,7 @@
"ID": "CVE-2021-25002",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Tipsacarrier <= 1.4.4.2 - Unauthenticated Orders Disclosure"
"TITLE": "Tipsacarrier < 1.5.0.5 - Unauthenticated Orders Disclosure"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -21,9 +21,9 @@
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.4.4.2",
"version_value": "1.4.4.2"
"version_affected": "<",
"version_name": "1.5.0.5",
"version_value": "1.5.0.5"
}
]
}
@ -38,7 +38,7 @@
"description_data": [
{
"lang": "eng",
"value": "The Tipsacarrier WordPress plugin through 1.4.4.2 does not have any authorisation check in place some functions, which could allow unauthenticated users to access Orders data which could be used to retrieve the client full address, name and phone via tracking URL"
"value": "The Tipsacarrier WordPress plugin before 1.5.0.5 does not have any authorisation check in place some functions, which could allow unauthenticated users to access Orders data which could be used to retrieve the client full address, name and phone via tracking URL"
}
]
},

11
2021/25xxx/CVE-2021-25118.json
View File

@ -3,7 +3,7 @@
"ID": "CVE-2021-25118",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Yoast SEO < 17.3 - Unauthenticated Full Path Disclosure"
"TITLE": "Yoast SEO 16.7-17.2 - Unauthenticated Full Path Disclosure"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -20,6 +20,11 @@
"product_name": "Yoast SEO",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_name": "16.7",
"version_value": "16.7"
},
{
"version_affected": "<",
"version_name": "17.3",
@ -38,7 +43,7 @@
"description_data": [
{
"lang": "eng",
"value": "The Yoast SEO WordPress plugin before 17.3 discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints which could help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities."
"value": "The Yoast SEO WordPress plugin (from versions 16.7 until 17.2) discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints which could help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities."
}
]
},
@ -77,4 +82,4 @@
"source": {
"discovery": "EXTERNAL"
}
}
}

12
2022/1xxx/CVE-2022-1095.json
View File

@ -3,7 +3,7 @@
"ID": "CVE-2022-1095",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Mihdan: No External Links <= 4.8.0 - Admin+ Stored Cross-Site Scripting"
"TITLE": "Mihdan: No External Links < 5.0.2 - Admin+ Stored Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -21,9 +21,9 @@
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "4.8.0",
"version_value": "4.8.0"
"version_affected": "<",
"version_name": "5.0.2",
"version_value": "5.0.2"
}
]
}
@ -38,7 +38,7 @@
"description_data": [
{
"lang": "eng",
"value": "The Mihdan: No External Links WordPress plugin through 4.8.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
"value": "The Mihdan: No External Links WordPress plugin before 5.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
]
},
@ -56,7 +56,7 @@
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"value": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "eng"
}
]

89
2022/1xxx/CVE-2022-1580.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-1580",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2022-1580",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Site Offline < 1.5.3 - Access Bypass"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Site Offline Or Coming Soon Or Maintenance Mode",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.5.3",
"version_value": "1.5.3"
}
]
}
}
]
}
}
]
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Site Offline Or Coming Soon Or Maintenance Mode WordPress plugin before 1.5.3 prevents users from accessing a website but does not do so if the URL contained certain keywords. Adding those keywords to the URL's query string would bypass the plugin's main feature."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/7b6f91cd-5a00-49ca-93ff-db7220d2630a",
"name": "https://wpscan.com/vulnerability/7b6f91cd-5a00-49ca-93ff-db7220d2630a"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Daniel Ruf"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

87
2022/1xxx/CVE-2022-1591.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-1591",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2022-1591",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "WordPress Ping Optimizer < 2.35.1.3.0 - Arbitrary Settings Update via CSRF"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "WordPress Ping Optimizer",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.35.1.3.0",
"version_value": "2.35.1.3.0"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WordPress Ping Optimizer WordPress plugin before 2.35.1.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/b1a52c7e-3422-40dd-af5a-ea4c622a87aa",
"name": "https://wpscan.com/vulnerability/b1a52c7e-3422-40dd-af5a-ea4c622a87aa"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Daniel Ruf"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

87
2022/2xxx/CVE-2022-2567.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2567",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2022-2567",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Form Builder CP < 1.2.32 - Admin+ Stored Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Form Builder CP",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.2.32",
"version_value": "1.2.32"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Form Builder CP WordPress plugin before 1.2.32 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/dfa21dde-a9fc-4a35-9602-c3fde907ca54",
"name": "https://wpscan.com/vulnerability/dfa21dde-a9fc-4a35-9602-c3fde907ca54"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Chinmay Vishwas Divekar"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

87
2022/2xxx/CVE-2022-2709.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2709",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2022-2709",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Float to Top Button <= 2.3.6 - Admin+ Stored Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Float to Top Button",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "2.3.6",
"version_value": "2.3.6"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Float to Top Button WordPress plugin through 2.3.6 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/1c551234-9c59-41a0-ab74-beea2d27df6b",
"name": "https://wpscan.com/vulnerability/1c551234-9c59-41a0-ab74-beea2d27df6b"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Asif Nawaz Minhas"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

87
2022/2xxx/CVE-2022-2710.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2710",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2022-2710",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Scroll To Top < 1.4.1 - Admin+ Stored Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Scroll To Top",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.4.1",
"version_value": "1.4.1"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Scroll To Top WordPress plugin before 1.4.1 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/f730f584-2370-49f9-a094-a5bc521671c1",
"name": "https://wpscan.com/vulnerability/f730f584-2370-49f9-a094-a5bc521671c1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Asif Nawaz Minhas"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

87
2022/2xxx/CVE-2022-2753.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2753",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2022-2753",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Ketchup Restaurant Reservations <= 1.0.0 - Unauthenticated Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Ketchup Restaurant Reservations",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.0.0",
"version_value": "1.0.0"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 does not sanitise and escape some of the reservation user inputs, allowing unauthenticated attackers to perform Cross-Site Scripting attacks logged in admin viewing the malicious reservation made"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/3c6cc46e-e18a-4f34-ac09-f30ca74a1182",
"name": "https://wpscan.com/vulnerability/3c6cc46e-e18a-4f34-ac09-f30ca74a1182"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Bastijn Ouwendijk"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

87
2022/2xxx/CVE-2022-2754.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2754",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2022-2754",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Ketchup Restaurant Reservations <= 1.0.0 - Unauthenticated Blind SQLi"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Ketchup Restaurant Reservations",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.0.0",
"version_value": "1.0.0"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 does not validate and escape some reservation parameters before using them in SQL statements, which could allow unauthenticated attackers to perform SQL Injection attacks"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/e3c6d137-ff6e-432a-a21a-b36dc81f73c5",
"name": "https://wpscan.com/vulnerability/e3c6d137-ff6e-432a-a21a-b36dc81f73c5"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-89 SQL Injection",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Bastijn Ouwendijk"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

87
2022/2xxx/CVE-2022-2840.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2840",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2022-2840",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Zephyr Project Manager < 3.2.5 - Multiple Unauthenticated SQLi"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Zephyr Project Manager",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.2.5",
"version_value": "3.2.5"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Zephyr Project Manager WordPress plugin before 3.2.5 does not sanitise and escape various parameters before using them in SQL statements via various AJAX actions available to both unauthenticated and authenticated users, leading to SQL injections"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/13d8be88-c3b7-4d6e-9792-c98b801ba53c",
"name": "https://wpscan.com/vulnerability/13d8be88-c3b7-4d6e-9792-c98b801ba53c"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-89 SQL Injection",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Rizacan TUFAN"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

87
2022/2xxx/CVE-2022-2958.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2958",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2022-2958",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "BadgeOS < 3.7.1.3 - Subscriber+ SQLi"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "BadgeOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.7.1.3",
"version_value": "3.7.1.3"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The BadgeOS WordPress plugin before 3.7.1.3 does not sanitise and escape parameters before using them in SQL statements via AJAX actions available to any authenticated users, leading to SQL Injections"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/8743534f-8ebd-496a-99bc-5052a8bac86a",
"name": "https://wpscan.com/vulnerability/8743534f-8ebd-496a-99bc-5052a8bac86a"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-89 SQL Injection",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "cydave"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

89
2022/3xxx/CVE-2022-3021.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3021",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2022-3021",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Slickr Flickr <= 2.8.1 - Admin+ Stored Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Slickr Flickr",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "2.8.1",
"version_value": "2.8.1"
}
]
}
}
]
}
}
]
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Slickr Flickr WordPress plugin through 2.8.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/3c5ff229-85c2-49c2-8fb9-6419a8002a4e",
"name": "https://wpscan.com/vulnerability/3c5ff229-85c2-49c2-8fb9-6419a8002a4e"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Kishore Hariram"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

87
2022/3xxx/CVE-2022-3036.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3036",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2022-3036",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Gettext override translations < 2.0.0 - Admin+ Stored Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Gettext override translations",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.0.0",
"version_value": "2.0.0"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Gettext override translations WordPress plugin before 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/0dbc85dd-736c-492e-9db8-acb7195771aa",
"name": "https://wpscan.com/vulnerability/0dbc85dd-736c-492e-9db8-acb7195771aa"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Su Xue Ming"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

94
2022/3xxx/CVE-2022-3141.json
View File

@ -1,18 +1,80 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3141",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2022-3141",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Translatepress Multilinugal < 2.3.3 - Admin+ SQLi"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Translate Multilingual sites TranslatePress",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.3.3",
"version_value": "2.3.3"
}
]
}
}
]
}
}
]
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Translate Multilingual sites WordPress plugin before 2.3.3 is vulnerable to an authenticated SQL injection. By adding a new language (via the settings page) containing specific special characters, the backticks in the SQL query can be surpassed and a time-based blind payload can be injected."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/1fa355d1-cca8-4b27-9d21-0b420a2e1bf3",
"name": "https://wpscan.com/vulnerability/1fa355d1-cca8-4b27-9d21-0b420a2e1bf3"
},
{
"refsource": "MISC",
"url": "https://medium.com/@elias.hohl/authenticated-sql-injection-vulnerability-in-translatepress-multilingual-wordpress-plugin-effc08eda514",
"name": "https://medium.com/@elias.hohl/authenticated-sql-injection-vulnerability-in-translatepress-multilingual-wordpress-plugin-effc08eda514"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-89 SQL Injection",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Elias Hohl"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

94
2022/3xxx/CVE-2022-3142.json
View File

@ -1,18 +1,80 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3142",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2022-3142",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "NEX-Forms < 7.9.7 - Authenticated SQLi"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "NEX-Forms Ultimate Form Builder Contact forms and much more",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "7.9.7",
"version_value": "7.9.7"
}
]
}
}
]
}
}
]
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The NEX-Forms WordPress plugin before 7.9.7 does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. The attack can be executed by anyone who is permitted to view the forms statistics chart, by default administrators, however can be configured otherwise via the plugin settings."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/8acc0fc6-efe6-4662-b9ac-6342a7823328",
"name": "https://wpscan.com/vulnerability/8acc0fc6-efe6-4662-b9ac-6342a7823328"
},
{
"refsource": "MISC",
"url": "https://medium.com/@elias.hohl/authenticated-sql-injection-vulnerability-in-nex-forms-wordpress-plugin-35b8558dd0f5",
"name": "https://medium.com/@elias.hohl/authenticated-sql-injection-vulnerability-in-nex-forms-wordpress-plugin-35b8558dd0f5"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-89 SQL Injection",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Elias Hohl"
}
],
"source": {
"discovery": "EXTERNAL"
}
}