From 74cc696a39e00bc9c1c527b456418e066f42de3e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 6 Feb 2023 20:01:16 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/0xxx/CVE-2023-0173.json | 71 ++++++++++++++++++++++++++++--- 2023/0xxx/CVE-2023-0174.json | 71 ++++++++++++++++++++++++++++--- 2023/0xxx/CVE-2023-0176.json | 71 ++++++++++++++++++++++++++++--- 2023/0xxx/CVE-2023-0178.json | 71 ++++++++++++++++++++++++++++--- 2023/0xxx/CVE-2023-0234.json | 81 +++++++++++++++++++++++++++++++++--- 2023/0xxx/CVE-2023-0236.json | 71 ++++++++++++++++++++++++++++--- 2023/0xxx/CVE-2023-0252.json | 71 ++++++++++++++++++++++++++++--- 2023/0xxx/CVE-2023-0282.json | 71 ++++++++++++++++++++++++++++--- 8 files changed, 538 insertions(+), 40 deletions(-) diff --git a/2023/0xxx/CVE-2023-0173.json b/2023/0xxx/CVE-2023-0173.json index 1228714c6f0..de25bb0d3fc 100644 --- a/2023/0xxx/CVE-2023-0173.json +++ b/2023/0xxx/CVE-2023-0173.json @@ -1,18 +1,79 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-0173", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Drag & Drop Sales Funnel Builder for WordPress plugin before 2.6.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Drag & Drop Sales Funnel Builder for WordPress", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/c543b6e2-a7c0-4ba7-a308-e9951dd59fb9", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/c543b6e2-a7c0-4ba7-a308-e9951dd59fb9" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Lana Codes" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2023/0xxx/CVE-2023-0174.json b/2023/0xxx/CVE-2023-0174.json index e2e4377ab61..eae023345b5 100644 --- a/2023/0xxx/CVE-2023-0174.json +++ b/2023/0xxx/CVE-2023-0174.json @@ -1,18 +1,79 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-0174", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WP VR WordPress plugin before 8.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "WP VR", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/6b53d0e6-def9-4907-bd2b-884b2afa52b3", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/6b53d0e6-def9-4907-bd2b-884b2afa52b3" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Lana Codes" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2023/0xxx/CVE-2023-0176.json b/2023/0xxx/CVE-2023-0176.json index 07a78ab810d..9feffe1af27 100644 --- a/2023/0xxx/CVE-2023-0176.json +++ b/2023/0xxx/CVE-2023-0176.json @@ -1,18 +1,79 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-0176", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Giveaways and Contests by RafflePress WordPress plugin before 1.11.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Giveaways and Contests by RafflePress", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/a762c25b-5c47-400e-8964-407cf4c94e9f", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/a762c25b-5c47-400e-8964-407cf4c94e9f" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Lana Codes" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2023/0xxx/CVE-2023-0178.json b/2023/0xxx/CVE-2023-0178.json index c9d790eb323..87cb1635186 100644 --- a/2023/0xxx/CVE-2023-0178.json +++ b/2023/0xxx/CVE-2023-0178.json @@ -1,18 +1,79 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-0178", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Annual Archive WordPress plugin before 1.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Annual Archive", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/cc308e15-7937-4d41-809d-74f8c13bee23", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/cc308e15-7937-4d41-809d-74f8c13bee23" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Lana Codes" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2023/0xxx/CVE-2023-0234.json b/2023/0xxx/CVE-2023-0234.json index e1cf91e20ab..48b898e6d88 100644 --- a/2023/0xxx/CVE-2023-0234.json +++ b/2023/0xxx/CVE-2023-0234.json @@ -1,18 +1,89 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-0234", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The SiteGround Security WordPress plugin before 1.3.1 does not properly sanitize user input before using it in an SQL query, leading to an authenticated SQL injection issue." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "SiteGround Security", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/namah-age/CVEs/blob/master/1.md", + "refsource": "MISC", + "name": "https://github.com/namah-age/CVEs/blob/master/1.md" + }, + { + "url": "https://www.siteground.com/viewtos/responsible_disclosure_policy?scid=4&lang=en", + "refsource": "MISC", + "name": "https://www.siteground.com/viewtos/responsible_disclosure_policy?scid=4&lang=en" + }, + { + "url": "https://wpscan.com/vulnerability/acf3e369-1290-4b3f-83bf-2209b9dd06e1", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/acf3e369-1290-4b3f-83bf-2209b9dd06e1" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "So Sakaguchi" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2023/0xxx/CVE-2023-0236.json b/2023/0xxx/CVE-2023-0236.json index 1fade5ec8b7..3736851fc77 100644 --- a/2023/0xxx/CVE-2023-0236.json +++ b/2023/0xxx/CVE-2023-0236.json @@ -1,18 +1,79 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-0236", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Tutor LMS WordPress plugin before 2.0.10 does not sanitise and escape the reset_key and user_id parameters before outputting then back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Tutor LMS", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/503835db-426d-4b49-85f7-c9a20d6ff5b8", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/503835db-426d-4b49-85f7-c9a20d6ff5b8" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "So Sakaguchi" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2023/0xxx/CVE-2023-0252.json b/2023/0xxx/CVE-2023-0252.json index 3ff9a1618cb..d3bea2e14e0 100644 --- a/2023/0xxx/CVE-2023-0252.json +++ b/2023/0xxx/CVE-2023-0252.json @@ -1,18 +1,79 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-0252", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Contextual Related Posts WordPress plugin before 3.3.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Contextual Related Posts", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/5754a4fd-1adf-47aa-976f-3b28750058c2", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/5754a4fd-1adf-47aa-976f-3b28750058c2" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Lana Codes" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2023/0xxx/CVE-2023-0282.json b/2023/0xxx/CVE-2023-0282.json index 912acfe9b61..5d86070af49 100644 --- a/2023/0xxx/CVE-2023-0282.json +++ b/2023/0xxx/CVE-2023-0282.json @@ -1,18 +1,79 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-0282", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The YourChannel WordPress plugin before 1.2.2 does not sanitize and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "YourChannel: Everything you want in a YouTube plugin.", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/93693d45-5217-4571-bae5-aab8878cfe62", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/93693d45-5217-4571-bae5-aab8878cfe62" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Lana Codes" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file