admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-merge PR#1307

Browse Source 
Auto-merge PR#1307
This commit is contained in:
CVE Team 2021-04-12 10:10:20 -04:00 committed by GitHub
commit 7bfc674636
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
21 changed files with 1995 additions and 315 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

97
2021/24xxx/CVE-2021-24197.json
View File

@ -1,18 +1,85 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24197",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24197",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "wpDataTables < 3.4.2 - Improper Access Control leading to Table Permission Takeover"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "wpDataTables",
"product": {
"product_data": [
{
"product_name": "wpDataTables Tables & Table Charts",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.4.2",
"version_value": "3.4.2"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wpDataTables Tables & Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tamper the parameters to access the data of another user that are present in the same table by taking over the user permissions on the table through formdata[wdt_ID] parameter. By exploiting this issue an attacker is able to access and manage the data of all users in the same table."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/a56c04a4-dda0-4a7f-a525-d0349a1fda2b",
"name": "https://wpscan.com/vulnerability/a56c04a4-dda0-4a7f-a525-d0349a1fda2b"
},
{
"refsource": "MISC",
"url": "https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/",
"name": "https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/"
},
{
"refsource": "MISC",
"url": "https://wpdatatables.com/help/whats-new-changelog/",
"name": "https://wpdatatables.com/help/whats-new-changelog/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-284 Improper Access Control",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Veno Eivazian, Massimiliano Ferraresi"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

97
2021/24xxx/CVE-2021-24198.json
View File

@ -1,18 +1,85 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24198",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24198",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "wpDataTables < 3.4.2 - Improper Access Control leading to Table Data Deletion"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "wpDataTables",
"product": {
"product_data": [
{
"product_name": "wpDataTables Tables & Table Charts",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.4.2",
"version_value": "3.4.2"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wpDataTables Tables & Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tamper the parameters to delete the data of another user that are present in the same table through id_key and id_val parameters. By exploiting this issue an attacker is able to delete the data of all users in the same table."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/d953bc62-8a6f-445b-a556-bc25cdd200e3",
"name": "https://wpscan.com/vulnerability/d953bc62-8a6f-445b-a556-bc25cdd200e3"
},
{
"refsource": "MISC",
"url": "https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/",
"name": "https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/"
},
{
"refsource": "MISC",
"url": "https://wpdatatables.com/help/whats-new-changelog/",
"name": "https://wpdatatables.com/help/whats-new-changelog/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-284 Improper Access Control",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Veno Eivazian, Massimiliano Ferraresi"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

97
2021/24xxx/CVE-2021-24199.json
View File

@ -1,18 +1,85 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24199",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24199",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "wpDataTables < 3.4.2 - Blind SQL Injection via start Parameter"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "wpDataTables",
"product": {
"product_data": [
{
"product_name": "wpDataTables Tables & Table Charts",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.4.2",
"version_value": "3.4.2"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wpDataTables Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=get_wdtable&table_id=1, on the 'start' HTTP POST parameter. This allows an attacker to access all the data in the database and obtain access to the WordPress application."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/5c98c2d6-d002-4cff-9d6f-633cb3ec6280",
"name": "https://wpscan.com/vulnerability/5c98c2d6-d002-4cff-9d6f-633cb3ec6280"
},
{
"refsource": "MISC",
"url": "https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/",
"name": "https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/"
},
{
"refsource": "MISC",
"url": "https://wpdatatables.com/help/whats-new-changelog/",
"name": "https://wpdatatables.com/help/whats-new-changelog/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-89 SQL Injection",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Veno Eivazian, Massimiliano Ferraresi"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

97
2021/24xxx/CVE-2021-24200.json
View File

@ -1,18 +1,85 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24200",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24200",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "wpDataTables < 3.4.2 - Blind SQL Injection via length Parameter"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "wpDataTables",
"product": {
"product_data": [
{
"product_name": "wpDataTables Tables & Table Charts",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.4.2",
"version_value": "3.4.2"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wpDataTables Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=get_wdtable&table_id=1, on the 'length' HTTP POST parameter. This allows an attacker to access all the data in the database and obtain access to the WordPress application."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/21aa7e18-0162-45bf-a5c6-ceee64ffa1f9",
"name": "https://wpscan.com/vulnerability/21aa7e18-0162-45bf-a5c6-ceee64ffa1f9"
},
{
"refsource": "MISC",
"url": "https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/",
"name": "https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/"
},
{
"refsource": "MISC",
"url": "https://wpdatatables.com/help/whats-new-changelog/",
"name": "https://wpdatatables.com/help/whats-new-changelog/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-89 SQL Injection",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Veno Eivazian, Massimiliano Ferraresi"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

97
2021/24xxx/CVE-2021-24213.json
View File

@ -1,18 +1,85 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24213",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24213",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "GiveWP < 2.10.0 - Reflected Cross Site Scripting (XSS)"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GiveWP",
"product": {
"product_data": [
{
"product_name": "GiveWP Donation Plugin and Fundraising Platform",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_name": "2.4.0",
"version_value": "2.4.0"
},
{
"version_affected": "<",
"version_name": "2.10.0",
"version_value": "2.10.0"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The GiveWP Donation Plugin and Fundraising Platform WordPress plugin before 2.10.0 was affected by a reflected Cross-Site Scripting vulnerability inside of the administration panel, via the 's' GET parameter on the Donors page."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/da4ab508-a423-4c7f-a1d4-42ec6f989309",
"name": "https://wpscan.com/vulnerability/da4ab508-a423-4c7f-a1d4-42ec6f989309"
},
{
"refsource": "MISC",
"url": "https://bentl.ee/posts/cve-givewp/",
"name": "https://bentl.ee/posts/cve-givewp/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Austin Bentley"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

92
2021/24xxx/CVE-2021-24215.json
View File

@ -1,18 +1,80 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24215",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24215",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Controlled Admin Access < 1.5.2 - Improper Access Control & Privilege Escalation"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Controlled Admin Access",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.5.2",
"version_value": "1.5.2"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Improper Access Control vulnerability was discovered in the Controlled Admin Access WordPress plugin before 1.5.2. Uncontrolled access to the website customization functionality and global CMS settings, like /wp-admin/customization.php and /wp-admin/options.php, can lead to a complete compromise of the target resource."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/eec0f29f-a985-4285-8eed-d1855d204a20",
"name": "https://wpscan.com/vulnerability/eec0f29f-a985-4285-8eed-d1855d204a20"
},
{
"refsource": "MISC",
"url": "https://m0ze.ru/vulnerability/[2021-03-18]-[WordPress]-[CWE-284]-Controlled-Admin-Access-WordPress-Plugin-v1.4.0.txt",
"name": "https://m0ze.ru/vulnerability/[2021-03-18]-[WordPress]-[CWE-284]-Controlled-Admin-Access-WordPress-Plugin-v1.4.0.txt"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-284 Improper Access Control",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "m0ze"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

92
2021/24xxx/CVE-2021-24217.json
View File

@ -1,18 +1,80 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24217",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24217",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Facebook for WordPress < 3.0.0 - PHP Object Injection with POP Chain"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Facebook for WordPress",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.0.0",
"version_value": "3.0.0"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The run_action function of the Facebook for WordPress plugin before 3.0.0 deserializes user supplied data making it possible for PHP objects to be supplied creating an Object Injection vulnerability. There was also a useable magic method in the plugin that could be used to achieve remote code execution."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/509f2754-a1a1-4142-9126-ae023a88533a",
"name": "https://wpscan.com/vulnerability/509f2754-a1a1-4142-9126-ae023a88533a"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/03/two-vulnerabilities-patched-in-facebook-for-wordpress-plugin/",
"name": "https://www.wordfence.com/blog/2021/03/two-vulnerabilities-patched-in-facebook-for-wordpress-plugin/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-502 Deserialization of Untrusted Data",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Chloe Chamberland"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

97
2021/24xxx/CVE-2021-24218.json
View File

@ -1,18 +1,85 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24218",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24218",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Facebook for WordPress 3.0.0-3.0.3 - CSRF to Stored XSS and Settings Deletion"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Facebook for WordPress",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_name": "3.0.0",
"version_value": "3.0.0"
},
{
"version_affected": "<",
"version_name": "3.0.4",
"version_value": "3.0.4"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wp_ajax_save_fbe_settings and wp_ajax_delete_fbe_settings AJAX actions of the Facebook for WordPress plugin before 3.0.4 were vulnerable to CSRF due to a lack of nonce protection. The settings in the saveFbeSettings function had no sanitization allowing for script tags to be saved."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/169d21fc-d191-46ff-82e8-9ac887aed8a4",
"name": "https://wpscan.com/vulnerability/169d21fc-d191-46ff-82e8-9ac887aed8a4"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/03/two-vulnerabilities-patched-in-facebook-for-wordpress-plugin/",
"name": "https://www.wordfence.com/blog/2021/03/two-vulnerabilities-patched-in-facebook-for-wordpress-plugin/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Chloe Chamberland"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

338
2021/24xxx/CVE-2021-24219.json
View File

@ -1,18 +1,326 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24219",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24219",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": " All Thrive Themes and Plugins - Unauthenticated Option Update"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Thrive Themes",
"product": {
"product_data": [
{
"product_name": "Thrive Optimize",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.4.13.3",
"version_value": "1.4.13.3"
}
]
}
},
{
"product_name": "Thrive Comments",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.4.15.3",
"version_value": "1.4.15.3"
}
]
}
},
{
"product_name": "Thrive Headline Optimizer",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.3.7.3",
"version_value": "1.3.7.3"
}
]
}
},
{
"product_name": "Thrive Leads",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.3.9.4",
"version_value": "2.3.9.4"
}
]
}
},
{
"product_name": "Thrive Ultimatum",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.3.9.4",
"version_value": "2.3.9.4"
}
]
}
},
{
"product_name": "Thrive Quiz Builder",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.3.9.4",
"version_value": "2.3.9.4"
}
]
}
},
{
"product_name": "Thrive Apprentice",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.3.9.4",
"version_value": "2.3.9.4"
}
]
}
},
{
"product_name": "Thrive Visual Editor",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.6.7.4",
"version_value": "2.6.7.4"
}
]
}
},
{
"product_name": "Thrive Dashboard",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.3.9.3",
"version_value": "2.3.9.3"
}
]
}
},
{
"product_name": "Thrive Ovation",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.4.5",
"version_value": "2.4.5"
}
]
}
},
{
"product_name": "Thrive Clever Widgets",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.57.1",
"version_value": "1.57.1"
}
]
}
},
{
"product_name": "Rise by Thrive Themes",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.0.0",
"version_value": "2.0.0"
}
]
}
},
{
"product_name": "Ignition by Thrive Themes",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.0.0",
"version_value": "2.0.0"
}
]
}
},
{
"product_name": "Luxe by Thrive Themes",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.0.0",
"version_value": "2.0.0"
}
]
}
},
{
"product_name": "FocusBlog by Thrive Themes",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.0.0",
"version_value": "2.0.0"
}
]
}
},
{
"product_name": "Minus by Thrive Themes",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.0.0",
"version_value": "2.0.0"
}
]
}
},
{
"product_name": "Squared by Thrive Themes",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.0.0",
"version_value": "2.0.0"
}
]
}
},
{
"product_name": "Voice",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.0.0",
"version_value": "2.0.0"
}
]
}
},
{
"product_name": "Performag by Thrive Themes",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.0.0",
"version_value": "2.0.0"
}
]
}
},
{
"product_name": "Pressive by Thrive Themes",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.0.0",
"version_value": "2.0.0"
}
]
}
},
{
"product_name": "Storied by Thrive Themes",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.0.0",
"version_value": "2.0.0"
}
]
}
},
{
"product_name": "Thrive Themes Builder",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.2.4",
"version_value": "2.2.4"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Thrive Optimize WordPress plugin before 1.4.13.3, Thrive Comments WordPress plugin before 1.4.15.3, Thrive Headline Optimizer WordPress plugin before 1.3.7.3, Thrive Leads WordPress plugin before 2.3.9.4, Thrive Ultimatum WordPress plugin before 2.3.9.4, Thrive Quiz Builder WordPress plugin before 2.3.9.4, Thrive Apprentice WordPress plugin before 2.3.9.4, Thrive Visual Editor WordPress plugin before 2.6.7.4, Thrive Dashboard WordPress plugin before 2.3.9.3, Thrive Ovation WordPress plugin before 2.4.5, Thrive Clever Widgets WordPress plugin before 1.57.1 and Rise by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, FocusBlog by Thrive Themes WordPress theme before 2.0.0, Minus by Thrive Themes WordPress theme before 2.0.0, Squared by Thrive Themes WordPress theme before 2.0.0, Voice WordPress theme before 2.0.0, Performag by Thrive Themes WordPress theme before 2.0.0, Pressive by Thrive Themes WordPress theme before 2.0.0, Storied by Thrive Themes WordPress theme before 2.0.0, Thrive Themes Builder WordPress theme before 2.2.4 register a REST API endpoint associated with Zapier functionality. While this endpoint was intended to require an API key in order to access, it was possible to access it by supplying an empty api_key parameter in vulnerable versions if Zapier was not enabled. Attackers could use this endpoint to add arbitrary data to a predefined option in the wp_options table."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/35acd2d8-85fc-4af5-8f6c-224fa7d92900",
"name": "https://wpscan.com/vulnerability/35acd2d8-85fc-4af5-8f6c-224fa7d92900"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/03/recently-patched-vulnerability-in-thrive-themes-actively-exploited-in-the-wild",
"name": "https://www.wordfence.com/blog/2021/03/recently-patched-vulnerability-in-thrive-themes-actively-exploited-in-the-wild"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-284 Improper Access Control",
"lang": "eng"
}
]
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

194
2021/24xxx/CVE-2021-24220.json
View File

@ -1,18 +1,182 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24220",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24220",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "All Thrive Themes Legacy Themes < 2.0.0 - Unauthenticated Arbitrary File Upload and Option Deletion"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Thrive Themes",
"product": {
"product_data": [
{
"product_name": "Rise by Thrive Themes",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.0.0",
"version_value": "2.0.0"
}
]
}
},
{
"product_name": "Luxe by Thrive Themes",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.0.0",
"version_value": "2.0.0"
}
]
}
},
{
"product_name": "Minus by Thrive Themes",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.0.0",
"version_value": "2.0.0"
}
]
}
},
{
"product_name": "Ignition by Thrive Themes",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.0.0",
"version_value": "2.0.0"
}
]
}
},
{
"product_name": "FocusBlog by Thrive Themes",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.0.0",
"version_value": "2.0.0"
}
]
}
},
{
"product_name": "Squared by Thrive Themes",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.0.0",
"version_value": "2.0.0"
}
]
}
},
{
"product_name": "Voice",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.0.0",
"version_value": "2.0.0"
}
]
}
},
{
"product_name": "Performag by Thrive Themes",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.0.0",
"version_value": "2.0.0"
}
]
}
},
{
"product_name": "Pressive by Thrive Themes",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.0.0",
"version_value": "2.0.0"
}
]
}
},
{
"product_name": "Storied by Thrive Themes",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.0.0",
"version_value": "2.0.0"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Thrive “Legacy” Rise by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, Minus by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes WordPress theme before 2.0.0, FocusBlog by Thrive Themes WordPress theme before 2.0.0, Squared by Thrive Themes WordPress theme before 2.0.0, Voice WordPress theme before 2.0.0, Performag by Thrive Themes WordPress theme before 2.0.0, Pressive by Thrive Themes WordPress theme before 2.0.0, Storied by Thrive Themes WordPress theme before 2.0.0 register a REST API endpoint to compress images using the Kraken image optimization engine. By supplying a crafted request in combination with data inserted using the Option Update vulnerability, it was possible to use this endpoint to retrieve malicious code from a remote URL and overwrite an existing file on the site with it or create a new file.This includes executable PHP files that contain malicious code."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/a2424354-2639-4f53-a24f-afc11f6c4cac",
"name": "https://wpscan.com/vulnerability/a2424354-2639-4f53-a24f-afc11f6c4cac"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/03/recently-patched-vulnerability-in-thrive-themes-actively-exploited-in-the-wild",
"name": "https://www.wordfence.com/blog/2021/03/recently-patched-vulnerability-in-thrive-themes-actively-exploited-in-the-wild"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "eng"
}
]
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

92
2021/24xxx/CVE-2021-24221.json
View File

@ -1,18 +1,80 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24221",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24221",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Quiz And Survey Master < 7.1.12 - Authenticated SQL injection via shortcode"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Quiz And Survey Master Best Quiz, Exam and Survey Plugin for WordPress",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "7.1.12",
"version_value": "7.1.12"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Quiz And Survey Master Best Quiz, Exam and Survey Plugin for WordPress plugin before 7.1.12 did not sanitise the result_id GET parameter on pages with the [qsm_result] shortcode without id attribute, concatenating it in a SQL statement and leading to an SQL injection. The lowest role allowed to use this shortcode in post or pages being author, such user could gain unauthorised access to the DBMS. If the shortcode (without the id attribute) is embed on a public page or post, then unauthenticated users could exploit the injection."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/3b52b25c-82a1-41c7-83ac-92e244f7c5ab",
"name": "https://wpscan.com/vulnerability/3b52b25c-82a1-41c7-83ac-92e244f7c5ab"
},
{
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/changeset/2479603/",
"name": "https://plugins.trac.wordpress.org/changeset/2479603/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-89 SQL Injection",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Nguyen Van Khanh - SunCSR (Sun* Cyber Security Research)"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

92
2021/24xxx/CVE-2021-24222.json
View File

@ -1,18 +1,80 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24222",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24222",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "WP-Curricul Vitea Free <= 6.3 - Unauthenticated Arbitrary File Upload to RCE"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "WP-Curriculo Vitae Free",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "6.3",
"version_value": "6.3"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WP-Curriculo Vitae Free WordPress plugin through 6.3 suffers from an arbitrary file upload issue in page where the [formCadastro] is embed. The form allows unauthenticated user to register and submit files for their profile picture as well as resume, without any file extension restriction, leading to RCE."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/4d715de6-8595-4da9-808a-04a28e409900",
"name": "https://wpscan.com/vulnerability/4d715de6-8595-4da9-808a-04a28e409900"
},
{
"refsource": "MISC",
"url": "https://github.com/jinhuang1102/CVE-ID-Reports/blob/145fc4e34c9b9799275c8e19d6b02f544c88126b/WP_Curriculo_Free.md",
"name": "https://github.com/jinhuang1102/CVE-ID-Reports/blob/145fc4e34c9b9799275c8e19d6b02f544c88126b/WP_Curriculo_Free.md"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Jin Huang"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

92
2021/24xxx/CVE-2021-24223.json
View File

@ -1,18 +1,80 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24223",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24223",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "N5 Upload Form <= 1.0 - Unauthenticated Arbitrary File Upload to RCE"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "N5 Upload Form",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.0",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The N5 Upload Form WordPress plugin through 1.0 suffers from an arbitrary file upload issue in page where a Form from the plugin is embed, as any file can be uploaded. The uploaded filename might be hard to guess as it's generated with md5(uniqid(rand())), however, in the case of misconfigured servers with Directory listing enabled, accessing it is trivial."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/d7a72183-0cd1-45de-b98b-2e295b27e5db",
"name": "https://wpscan.com/vulnerability/d7a72183-0cd1-45de-b98b-2e295b27e5db"
},
{
"refsource": "MISC",
"url": "https://github.com/jinhuang1102/CVE-ID-Reports/blob/12863f80ced5361e2e2c3f7209566ab3730aa37b/N5_upload.md",
"name": "https://github.com/jinhuang1102/CVE-ID-Reports/blob/12863f80ced5361e2e2c3f7209566ab3730aa37b/N5_upload.md"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Jin Huang"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

92
2021/24xxx/CVE-2021-24224.json
View File

@ -1,18 +1,80 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24224",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24224",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Easy Form Builder <= 1.0 - Authenticated Arbitrary File Upload"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Easy Form Builder",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.0",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The EFBP_verify_upload_file AJAX action of the Easy Form Builder WordPress plugin through 1.0, available to authenticated users, does not have any security in place to verify uploaded files, allowing low privilege users to upload arbitrary files, leading to RCE."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/ed0c054b-54bf-4df8-9015-c76704c93484",
"name": "https://wpscan.com/vulnerability/ed0c054b-54bf-4df8-9015-c76704c93484"
},
{
"refsource": "MISC",
"url": "https://github.com/jinhuang1102/CVE-ID-Reports/blob/e4c33529b20fa70e3a764ff9b1125839fb9900b5/Easy%20Form%20Builder.md",
"name": "https://github.com/jinhuang1102/CVE-ID-Reports/blob/e4c33529b20fa70e3a764ff9b1125839fb9900b5/Easy%20Form%20Builder.md"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Jin Huang"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

92
2021/24xxx/CVE-2021-24225.json
View File

@ -1,18 +1,80 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24225",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24225",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Advanced Booking Calendar < 1.6.7 - Authenticated Reflected Cross-Site Scripting (XSS)"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Advanced Booking Calendar",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.6.7",
"version_value": "1.6.7"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Advanced Booking Calendar WordPress plugin before 1.6.7 did not sanitise the calId GET parameter in the \"Seasons & Calendars\" page before outputing it in an A tag, leading to a reflected XSS issue"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/25ca8af5-ab48-4e6d-b2ef-fc291742f1d5",
"name": "https://wpscan.com/vulnerability/25ca8af5-ab48-4e6d-b2ef-fc291742f1d5"
},
{
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/changeset/2503971/",
"name": "https://plugins.trac.wordpress.org/changeset/2503971/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "iohex"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

92
2021/24xxx/CVE-2021-24226.json
View File

@ -1,18 +1,80 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24226",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24226",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "AccessAlly < 3.5.7 - $_SERVER Superglobal Leakage"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "AccessAlly",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_name": "3.5.6",
"version_value": "3.5.6"
},
{
"version_affected": "<",
"version_name": "3.5.7",
"version_value": "3.5.7"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the AccessAlly WordPress plugin before 3.5.7, the file \"resource/frontend/product/product-shortcode.php\" responsible for the [accessally_order_form] shortcode is dumping serialize($_SERVER), which contains all environment variables. The leakage occurs on all public facing pages containing the [accessally_order_form] shortcode, no login or administrator role is required."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/8e3e89fd-e380-4108-be23-00e87fbaad16",
"name": "https://wpscan.com/vulnerability/8e3e89fd-e380-4108-be23-00e87fbaad16"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-200 Information Exposure",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Till Krüss"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

92
2021/24xxx/CVE-2021-24227.json
View File

@ -1,18 +1,80 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24227",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24227",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Patreon WordPress < 1.7.0 - Unauthenticated Local File Disclosure"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Patreon WordPress",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.7.0",
"version_value": "1.7.0"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Jetpack Scan team identified a Local File Disclosure vulnerability in the Patreon WordPress plugin before 1.7.0 that could be abused by anyone visiting the site. Using this attack vector, an attacker could leak important internal files like wp-config.php, which contains database credentials and cryptographic keys used in the generation of nonces and cookies."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/f62df02d-7678-440f-84a1-ddbf09364016",
"name": "https://wpscan.com/vulnerability/f62df02d-7678-440f-84a1-ddbf09364016"
},
{
"refsource": "MISC",
"url": "https://jetpack.com/2021/03/26/vulnerabilities-found-in-patreon-wordpress-plugin/",
"name": "https://jetpack.com/2021/03/26/vulnerabilities-found-in-patreon-wordpress-plugin/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-200 Information Exposure",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "George Stephanis, Fioravante Souza, Miguel Neto, Benedict Singer and Marc Montpas"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

92
2021/24xxx/CVE-2021-24228.json
View File

@ -1,18 +1,80 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24228",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24228",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Patreon WordPress < 1.7.2 - Reflected XSS on Login Form"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Patreon WordPress",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.7.2",
"version_value": "1.7.2"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Jetpack Scan team identified a Reflected Cross-Site Scripting in the Login Form of the Patreon WordPress plugin before 1.7.2. The WordPress login form (wp-login.php) is hooked by the plugin and offers to allow users to authenticate on the site using their Patreon account. Unfortunately, some of the error logging logic behind the scene allowed user-controlled input to be reflected on the login page, unsanitized."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/7a5fadb1-3f1c-4779-8ff6-356fccb5269b",
"name": "https://wpscan.com/vulnerability/7a5fadb1-3f1c-4779-8ff6-356fccb5269b"
},
{
"refsource": "MISC",
"url": "https://jetpack.com/2021/03/26/vulnerabilities-found-in-patreon-wordpress-plugin/",
"name": "https://jetpack.com/2021/03/26/vulnerabilities-found-in-patreon-wordpress-plugin/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "George Stephanis, Fioravante Souza, Miguel Neto, Benedict Singer and Marc Montpas"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

92
2021/24xxx/CVE-2021-24229.json
View File

@ -1,18 +1,80 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24229",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24229",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Patreon WordPress < 1.7.2 - Reflected XSS on patreon_save_attachment_patreon_level AJAX action"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Patreon WordPress",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.7.2",
"version_value": "1.7.2"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Jetpack Scan team identified a Reflected Cross-Site Scripting via the patreon_save_attachment_patreon_level AJAX action of the Patreon WordPress plugin before 1.7.2. This AJAX hook is used to update the pledge level required by Patreon subscribers to access a given attachment. This action is accessible for user accounts with the manage_options privilege (i.e.., only administrators). Unfortunately, one of the parameters used in this AJAX endpoint is not sanitized before being printed back to the user, so the risk it represents is the same as the previous XSS vulnerability."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/001755c4-add3-4566-a022-ab1f83546c1f",
"name": "https://wpscan.com/vulnerability/001755c4-add3-4566-a022-ab1f83546c1f"
},
{
"refsource": "MISC",
"url": "https://jetpack.com/2021/03/26/vulnerabilities-found-in-patreon-wordpress-plugin/",
"name": "https://jetpack.com/2021/03/26/vulnerabilities-found-in-patreon-wordpress-plugin/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "George Stephanis, Fioravante Souza, Miguel Neto, Benedict Singer and Marc Montpas"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

92
2021/24xxx/CVE-2021-24230.json
View File

@ -1,18 +1,80 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24230",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24230",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Patreon WordPress < 1.7.0 - CSRF to Overwrite/Create User Meta"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Patreon WordPress",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.7.0",
"version_value": "1.7.0"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Jetpack Scan team identified a Cross-Site Request Forgery vulnerability in the Patreon WordPress plugin before 1.7.0, allowing attackers to make a logged in user overwrite or create arbitrary user metadata on the victims account once visited. If exploited, this bug can be used to overwrite the “wp_capabilities” meta, which contains the affected user accounts roles and privileges. Doing this would essentially lock them out of the site, blocking them from accessing paid content."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/2deefa2d-3043-42e5-afef-a42c37703531",
"name": "https://wpscan.com/vulnerability/2deefa2d-3043-42e5-afef-a42c37703531"
},
{
"refsource": "MISC",
"url": "https://jetpack.com/2021/03/26/vulnerabilities-found-in-patreon-wordpress-plugin/",
"name": "https://jetpack.com/2021/03/26/vulnerabilities-found-in-patreon-wordpress-plugin/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "George Stephanis, Fioravante Souza, Miguel Neto, Benedict Singer and Marc Montpas"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

92
2021/24xxx/CVE-2021-24231.json
View File

@ -1,18 +1,80 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24231",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24231",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Patreon WordPress < 1.7.0 - CSRF to Disconnect Sites From Patreon"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Patreon WordPress",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.7.0",
"version_value": "1.7.0"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Jetpack Scan team identified a Cross-Site Request Forgery vulnerability in the Patreon WordPress plugin before 1.7.0, allowing attackers to make a logged administrator disconnect the site from Patreon by visiting a specially crafted link."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/f8ab6855-a319-47ac-82fb-58b181e77500",
"name": "https://wpscan.com/vulnerability/f8ab6855-a319-47ac-82fb-58b181e77500"
},
{
"refsource": "MISC",
"url": "https://jetpack.com/2021/03/26/vulnerabilities-found-in-patreon-wordpress-plugin/",
"name": "https://jetpack.com/2021/03/26/vulnerabilities-found-in-patreon-wordpress-plugin/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "George Stephanis, Fioravante Souza, Miguel Neto, Benedict Singer and Marc Montpas"
}
],
"source": {
"discovery": "UNKNOWN"
}
}