From 602c1bfca6623ca497bd5fcec2d08e4edc73b27d Mon Sep 17 00:00:00 2001 From: erwanlr Date: Mon, 10 Oct 2022 19:33:55 +0200 Subject: [PATCH] Adds CVEs --- 2021/25xxx/CVE-2021-25044.json | 87 +++++++++++++++++++++----- 2022/2xxx/CVE-2022-2350.json | 95 +++++++++++++++++++++++----- 2022/2xxx/CVE-2022-2448.json | 89 +++++++++++++++++++++----- 2022/2xxx/CVE-2022-2554.json | 87 +++++++++++++++++++++----- 2022/2xxx/CVE-2022-2629.json | 87 +++++++++++++++++++++----- 2022/2xxx/CVE-2022-2823.json | 87 +++++++++++++++++++++----- 2022/2xxx/CVE-2022-2891.json | 87 +++++++++++++++++++++----- 2022/2xxx/CVE-2022-2981.json | 87 +++++++++++++++++++++----- 2022/3xxx/CVE-2022-3136.json | 87 +++++++++++++++++++++----- 2022/3xxx/CVE-2022-3137.json | 87 +++++++++++++++++++++----- 2022/3xxx/CVE-2022-3154.json | 111 ++++++++++++++++++++++++++++----- 2022/3xxx/CVE-2022-3207.json | 87 +++++++++++++++++++++----- 2022/3xxx/CVE-2022-3208.json | 87 +++++++++++++++++++++----- 2022/3xxx/CVE-2022-3209.json | 87 +++++++++++++++++++++----- 2022/3xxx/CVE-2022-3220.json | 87 +++++++++++++++++++++----- 15 files changed, 1113 insertions(+), 226 deletions(-) diff --git a/2021/25xxx/CVE-2021-25044.json b/2021/25xxx/CVE-2021-25044.json index 1d827ab85e4..10b8b163d0d 100644 --- a/2021/25xxx/CVE-2021-25044.json +++ b/2021/25xxx/CVE-2021-25044.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-25044", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-25044", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Cryptocurrency Pricing list and Ticker <= 1.5 - Reflected Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Cryptocurrency Pricing list and Ticker", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.5", + "version_value": "1.5" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Cryptocurrency Pricing list and Ticker WordPress plugin through 1.5 does not sanitise and escape the ccpw_setpage parameter before outputting it back in pages where its shortcode is embed, leading to a Reflected Cross-Site Scripting issue" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/dc1507c1-8894-4ab6-b25f-c5e26a425b03", + "name": "https://wpscan.com/vulnerability/dc1507c1-8894-4ab6-b25f-c5e26a425b03" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-Site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Jeremie Amsellem" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2350.json b/2022/2xxx/CVE-2022-2350.json index d4824d8e94c..d5d6faf24cf 100644 --- a/2022/2xxx/CVE-2022-2350.json +++ b/2022/2xxx/CVE-2022-2350.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-2350", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-2350", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Disable User Login <= 1.0.1 - Unauthenticated Settings Update" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Disable User Login", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.0.1", + "version_value": "1.0.1" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Disable User Login WordPress plugin through 1.0.1 does not have authorisation and CSRF checks when updating its settings, allowing unauthenticated attackers to block (or unblock) users at will." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/de28543b-c110-4a9f-bfe9-febccfba3a96", + "name": "https://wpscan.com/vulnerability/de28543b-c110-4a9f-bfe9-febccfba3a96" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-862 Missing Authorization", + "lang": "eng" + } + ] + }, + { + "description": [ + { + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Rafshanzani Suhada" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2448.json b/2022/2xxx/CVE-2022-2448.json index 548fbfd7cf5..48b1647fedd 100644 --- a/2022/2xxx/CVE-2022-2448.json +++ b/2022/2xxx/CVE-2022-2448.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-2448", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-2448", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "reSmush.it Image Optimizer < 0.4.6 - Admin+ Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "reSmush.it : the only free Image Optimizer & compress plugin", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0.4.6", + "version_value": "0.4.6" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The reSmush.it WordPress plugin before 0.4.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when unfiltered_html is disallowed." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/a4599942-2878-4da4-b55d-077775323b61", + "name": "https://wpscan.com/vulnerability/a4599942-2878-4da4-b55d-077775323b61" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-Site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Raad Haddad of Cloudyrion GmbH" + } + ], + "source": { + "discovery": "EXTERNAL" + } +} diff --git a/2022/2xxx/CVE-2022-2554.json b/2022/2xxx/CVE-2022-2554.json index 83b8ebe6e4b..b8d75ed4fd5 100644 --- a/2022/2xxx/CVE-2022-2554.json +++ b/2022/2xxx/CVE-2022-2554.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-2554", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-2554", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Enable Media Replace < 4.0.0 - Admin+ Path Traversal" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Enable Media Replace", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "4.0.0", + "version_value": "4.0.0" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Enable Media Replace WordPress plugin before 4.0.0 does not ensure that renamed files are moved to the Upload folder, which could allow high privilege users such as admin to move them outside to the web root directory via a path traversal attack for example" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/5872f4bf-f423-4ace-b8b6-d4cc4f6ca8d9", + "name": "https://wpscan.com/vulnerability/5872f4bf-f423-4ace-b8b6-d4cc4f6ca8d9" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Raad Haddad of Cloudyrion GmbH" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2629.json b/2022/2xxx/CVE-2022-2629.json index ed16ba2c707..16386a3e8bb 100644 --- a/2022/2xxx/CVE-2022-2629.json +++ b/2022/2xxx/CVE-2022-2629.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-2629", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-2629", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Top Bar < 3.0.4 - Admin+ Stored Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Top Bar", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.0.4", + "version_value": "3.0.4" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Top Bar WordPress plugin before 3.0.4 does not sanitise and escape some of its settings before outputting them in frontend pages, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/25a0d41f-3b6f-4d18-b4d5-767ac60ee8a8", + "name": "https://wpscan.com/vulnerability/25a0d41f-3b6f-4d18-b4d5-767ac60ee8a8" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-Site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Asif Nawaz Minhas" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2823.json b/2022/2xxx/CVE-2022-2823.json index 20f566aa6c2..d7ac2a6f0a0 100644 --- a/2022/2xxx/CVE-2022-2823.json +++ b/2022/2xxx/CVE-2022-2823.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-2823", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-2823", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Slider, Gallery, and Carousel by MetaSlider < 3.27.9 - Admin+ Stored Cross Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Plugin", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.27.9", + "version_value": "3.27.9" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.27.9 does not sanitise and escape some of its Gallery Image parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/c88c85b3-2830-4354-99fd-af6bce6bb4ef", + "name": "https://wpscan.com/vulnerability/c88c85b3-2830-4354-99fd-af6bce6bb4ef" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-Site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Anurag Bhoir" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2891.json b/2022/2xxx/CVE-2022-2891.json index dce194fc922..6d2262d2c99 100644 --- a/2022/2xxx/CVE-2022-2891.json +++ b/2022/2xxx/CVE-2022-2891.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-2891", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-2891", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "WP 2FA < 2.3.0 - Time-Based Side-Channel Attack" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "WP 2FA – Two-factor authentication for WordPress", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.3.0", + "version_value": "2.3.0" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WP 2FA WordPress plugin before 2.3.0 uses comparison operators that don't mitigate time-based attacks, which could be abused to leak information about the authentication codes being compared." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/301b3dce-2584-46ec-92ed-1c0626522120", + "name": "https://wpscan.com/vulnerability/301b3dce-2584-46ec-92ed-1c0626522120" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-200 Information Exposure", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Calvin Alkan" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2981.json b/2022/2xxx/CVE-2022-2981.json index 97e6af3ea73..4a6f6fc4d37 100644 --- a/2022/2xxx/CVE-2022-2981.json +++ b/2022/2xxx/CVE-2022-2981.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-2981", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-2981", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Download Monitor < 4.5.98 - Admin+ Arbitrary File Download" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Download Monitor", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "4.5.98", + "version_value": "4.5.98" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Download Monitor WordPress plugin before 4.5.98 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/30ce32ce-161c-4388-8d22-751350b7b305", + "name": "https://wpscan.com/vulnerability/30ce32ce-161c-4388-8d22-751350b7b305" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-552 Files or Directories Accessible to External Parties", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Raad Haddad of Cloudyrion GmbH" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3136.json b/2022/3xxx/CVE-2022-3136.json index 502cc32bf82..bcd81fd7f3c 100644 --- a/2022/3xxx/CVE-2022-3136.json +++ b/2022/3xxx/CVE-2022-3136.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-3136", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-3136", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Social Rocket < 1.3.3 - Admin+ Stored Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Social Rocket – Social Sharing Plugin", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.3.3", + "version_value": "1.3.3" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Social Rocket WordPress plugin before 1.3.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/913d7e78-23f6-4b0d-aca3-17051a2dc649", + "name": "https://wpscan.com/vulnerability/913d7e78-23f6-4b0d-aca3-17051a2dc649" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-Site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Asif Nawaz Minhas" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3137.json b/2022/3xxx/CVE-2022-3137.json index 69e05b29e85..c92f4bd22c5 100644 --- a/2022/3xxx/CVE-2022-3137.json +++ b/2022/3xxx/CVE-2022-3137.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-3137", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-3137", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "TaskBuilder < 1.0.8 - Subscriber+ Stored XSS via SVG file upload" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Taskbuilder – WordPress Project & Task Management plugin", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.0.8", + "version_value": "1.0.8" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Taskbuilder WordPress plugin before 1.0.8 does not validate and sanitise task's attachments, which could allow any authenticated user (such as subscriber) creating a task to perform Stored Cross-Site Scripting by attaching a malicious SVG file" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/524928d6-d4e9-4a2f-b410-46958da549d8", + "name": "https://wpscan.com/vulnerability/524928d6-d4e9-4a2f-b410-46958da549d8" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-Site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Rizacan Tufan" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3154.json b/2022/3xxx/CVE-2022-3154.json index 40d33cbfcd3..f38f2609a9f 100644 --- a/2022/3xxx/CVE-2022-3154.json +++ b/2022/3xxx/CVE-2022-3154.json @@ -1,18 +1,99 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-3154", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-3154", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Multiple Plugins from Viszt Peter - Multiple CSRF" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "TODO", + "product": { + "product_data": [ + { + "product_name": "Woo Billingo Plus", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "4.4.5.4", + "version_value": "4.4.5.4" + } + ] + } + }, + { + "product_name": "Integration for Billingo & Gravity Forms", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.0.4", + "version_value": "1.0.4" + } + ] + } + }, + { + "product_name": "Integration for Szamlazz.hu & Gravity Forms", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.2.7", + "version_value": "1.2.7" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Woo Billingo Plus WordPress plugin before 4.4.5.4, Integration for Billingo & Gravity Forms WordPress plugin before 1.0.4, Integration for Szamlazz.hu & Gravity Forms WordPress plugin before 1.2.7 are lacking CSRF checks in various AJAX actions, which could allow attackers to make logged in Shop Managers and above perform unwanted actions, such as deactivate the plugin's license" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/cda978b2-b31f-495d-8601-0aaa3e4b45cd", + "name": "https://wpscan.com/vulnerability/cda978b2-b31f-495d-8601-0aaa3e4b45cd" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Lana Codes" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3207.json b/2022/3xxx/CVE-2022-3207.json index 4c1548aaa98..95b0bd7b580 100644 --- a/2022/3xxx/CVE-2022-3207.json +++ b/2022/3xxx/CVE-2022-3207.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-3207", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-3207", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Simple File List < 4.4.12 - Admin+ Stored Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Simple File List", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "4.4.12", + "version_value": "4.4.12" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Simple File List WordPress plugin before 4.4.12 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/b57272ea-9a8a-482a-bbaa-5f202ca5b9aa", + "name": "https://wpscan.com/vulnerability/b57272ea-9a8a-482a-bbaa-5f202ca5b9aa" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-Site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Raad Haddad of Cloudyrion GmbH" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3208.json b/2022/3xxx/CVE-2022-3208.json index 1c4705f0e15..36121486dcd 100644 --- a/2022/3xxx/CVE-2022-3208.json +++ b/2022/3xxx/CVE-2022-3208.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-3208", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-3208", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Simple File List < 4.4.13 - Page Creation via CSRF" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Simple File List", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "4.4.12", + "version_value": "4.4.12" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Simple File List WordPress plugin before 4.4.12 does not implement nonce checks, which could allow attackers to make a logged in admin create new page and change it's content via a CSRF attack." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/80d475ca-b475-4789-8eef-9c4d880853b7", + "name": "https://wpscan.com/vulnerability/80d475ca-b475-4789-8eef-9c4d880853b7" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Raad Haddad of Cloudyrion GmbH" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3209.json b/2022/3xxx/CVE-2022-3209.json index 3a67c849048..cd09c4ad120 100644 --- a/2022/3xxx/CVE-2022-3209.json +++ b/2022/3xxx/CVE-2022-3209.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-3209", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-3209", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Soledad < 8.2.5 - Reflected Cross-site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "soledad", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "8.2.5", + "version_value": "8.2.5" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The soledad WordPress theme before 8.2.5 does not sanitise the {id,datafilter[type],...} parameters in its penci_more_slist_post_ajax AJAX action, leading to a Reflected Cross-Site Scripting (XSS) vulnerability." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/7a244fb1-fa0b-4294-9b51-588bf5d673a2", + "name": "https://wpscan.com/vulnerability/7a244fb1-fa0b-4294-9b51-588bf5d673a2" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-Site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Truoc Phan" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3220.json b/2022/3xxx/CVE-2022-3220.json index 5f762121aa9..6c8766631a0 100644 --- a/2022/3xxx/CVE-2022-3220.json +++ b/2022/3xxx/CVE-2022-3220.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-3220", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-3220", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Advanced Comment Form < 1.2.1 - Admin+ Authenticated Stored XSS" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Advanced Comment Form", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.2.1", + "version_value": "1.2.1" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Advanced Comment Form WordPress plugin before 1.2.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/cb6f4953-e68b-48f3-a821-a1d77e5476ef", + "name": "https://wpscan.com/vulnerability/cb6f4953-e68b-48f3-a821-a1d77e5476ef" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-Site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Asif Nawaz Minhas" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file