From 807950970ae537b92e24c13aebddc57550f4ed73 Mon Sep 17 00:00:00 2001 From: erwanlr Date: Mon, 31 Oct 2022 17:07:32 +0100 Subject: [PATCH] Adds CVEs --- 2022/2xxx/CVE-2022-2167.json | 87 ++++++++++++++++++++++++------ 2022/2xxx/CVE-2022-2190.json | 87 ++++++++++++++++++++++++------ 2022/2xxx/CVE-2022-2627.json | 87 ++++++++++++++++++++++++------ 2022/3xxx/CVE-2022-3096.json | 95 ++++++++++++++++++++++++++------ 2022/3xxx/CVE-2022-3237.json | 87 ++++++++++++++++++++++++------ 2022/3xxx/CVE-2022-3254.json | 87 ++++++++++++++++++++++++------ 2022/3xxx/CVE-2022-3334.json | 87 ++++++++++++++++++++++++------ 2022/3xxx/CVE-2022-3357.json | 87 ++++++++++++++++++++++++------ 2022/3xxx/CVE-2022-3360.json | 87 ++++++++++++++++++++++++------ 2022/3xxx/CVE-2022-3366.json | 101 +++++++++++++++++++++++++++++------ 2022/3xxx/CVE-2022-3374.json | 87 ++++++++++++++++++++++++------ 2022/3xxx/CVE-2022-3380.json | 87 ++++++++++++++++++++++++------ 2022/3xxx/CVE-2022-3408.json | 87 ++++++++++++++++++++++++------ 2022/3xxx/CVE-2022-3419.json | 95 ++++++++++++++++++++++++++------ 2022/3xxx/CVE-2022-3420.json | 87 ++++++++++++++++++++++++------ 2022/3xxx/CVE-2022-3440.json | 87 ++++++++++++++++++++++++------ 2022/3xxx/CVE-2022-3441.json | 87 ++++++++++++++++++++++++------ 17 files changed, 1253 insertions(+), 256 deletions(-) diff --git a/2022/2xxx/CVE-2022-2167.json b/2022/2xxx/CVE-2022-2167.json index e979eedbff6..5995568ac67 100644 --- a/2022/2xxx/CVE-2022-2167.json +++ b/2022/2xxx/CVE-2022-2167.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-2167", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-2167", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Newspaper < 12 - Reflected Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Newspaper", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "12", + "version_value": "12" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/ad35fbae-1e90-47a0-b1d2-f8d91a5db90e", + "name": "https://wpscan.com/vulnerability/ad35fbae-1e90-47a0-b1d2-f8d91a5db90e" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-Site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Truoc Phan from Techlab Corporation" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2190.json b/2022/2xxx/CVE-2022-2190.json index ff3be1d0315..85e31ecc185 100644 --- a/2022/2xxx/CVE-2022-2190.json +++ b/2022/2xxx/CVE-2022-2190.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-2190", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-2190", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Envira Gallery Lite < 1.8.4.7 - Reflected Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Gallery Plugin for WordPress – Envira Photo Gallery", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.8.4.7", + "version_value": "1.8.4.7" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Gallery Plugin for WordPress plugin before 1.8.4.7 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/1af4beb6-ba16-429b-acf2-43f9594f5ace", + "name": "https://wpscan.com/vulnerability/1af4beb6-ba16-429b-acf2-43f9594f5ace" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-Site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "ZhongFu Su(JrXnm) of WuHan University" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2627.json b/2022/2xxx/CVE-2022-2627.json index c8e547627ac..05a4ddc31f6 100644 --- a/2022/2xxx/CVE-2022-2627.json +++ b/2022/2xxx/CVE-2022-2627.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-2627", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-2627", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Newspaper < 12 - Reflected Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Newspaper", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "12", + "version_value": "12" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/038327d0-568f-4011-9b7e-3da39e8b6aea", + "name": "https://wpscan.com/vulnerability/038327d0-568f-4011-9b7e-3da39e8b6aea" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-Site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Ramon Dunker" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3096.json b/2022/3xxx/CVE-2022-3096.json index 1346393fb87..aca37935b67 100644 --- a/2022/3xxx/CVE-2022-3096.json +++ b/2022/3xxx/CVE-2022-3096.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-3096", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-3096", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "WP Total Hacks <= 4.7.2 - Subscriber+ Arbitrary Options Update to Stored XSS" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "WP Total Hacks", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "4.7.2", + "version_value": "4.7.2" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WP Total Hacks WordPress plugin through 4.7.2 does not prevent low privilege users from modifying the plugin's settings. This could allow users such as subscribers to perform Stored Cross-Site Scripting attacks against other users, like administrators, due to the lack of sanitisation and escaping as well." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/46996537-a874-4b2e-9cd7-7d0832f9704d", + "name": "https://wpscan.com/vulnerability/46996537-a874-4b2e-9cd7-7d0832f9704d" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-862 Missing Authorization", + "lang": "eng" + } + ] + }, + { + "description": [ + { + "value": "CWE-79 Cross-Site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Daniel Ruf" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3237.json b/2022/3xxx/CVE-2022-3237.json index 026cd9a4234..286760ced52 100644 --- a/2022/3xxx/CVE-2022-3237.json +++ b/2022/3xxx/CVE-2022-3237.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-3237", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-3237", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "WP Contact Slider < 2.4.8 - Admin+ Stored Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "WP Contact Slider", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.4.8", + "version_value": "2.4.8" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WP Contact Slider WordPress plugin before 2.4.8 does not sanitize and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/cd2fd6cd-a839-4de8-af28-b5134873c40e", + "name": "https://wpscan.com/vulnerability/cd2fd6cd-a839-4de8-af28-b5134873c40e" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-Site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Asif Nawaz Minhas" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3254.json b/2022/3xxx/CVE-2022-3254.json index a60c7101ae0..145ba009fb7 100644 --- a/2022/3xxx/CVE-2022-3254.json +++ b/2022/3xxx/CVE-2022-3254.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-3254", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-3254", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "AWP Classifieds Plugin < 4.3 - Unauthenticated SQLi" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "WordPress Classifieds Plugin – Ad Directory & Listings by AWP Classifieds", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "4.3", + "version_value": "4.3" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WordPress Classifieds Plugin WordPress plugin before 4.3 does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users and when a specific premium module is active, leading to a SQL injection" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/546c47c2-5b4b-46db-b754-c6b43aef2660", + "name": "https://wpscan.com/vulnerability/546c47c2-5b4b-46db-b754-c6b43aef2660" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-89 SQL Injection", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "cydave" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3334.json b/2022/3xxx/CVE-2022-3334.json index 09c9f143946..065f0aa8f18 100644 --- a/2022/3xxx/CVE-2022-3334.json +++ b/2022/3xxx/CVE-2022-3334.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-3334", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-3334", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Easy WP SMTP < 1.5.0 - Admin+ PHP Objection Injection" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Easy WP SMTP", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.5.0", + "version_value": "1.5.0" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Easy WP SMTP WordPress plugin before 1.5.0 unserialises the content of an imported file, which could lead to PHP object injection issue when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/0e735502-eaa2-4047-949e-bc8eb6b39fc9", + "name": "https://wpscan.com/vulnerability/0e735502-eaa2-4047-949e-bc8eb6b39fc9" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-502 Deserialization of Untrusted Data", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Nguyen Duy Quoc Khanh" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3357.json b/2022/3xxx/CVE-2022-3357.json index a0e89595a24..98b41beb4e0 100644 --- a/2022/3xxx/CVE-2022-3357.json +++ b/2022/3xxx/CVE-2022-3357.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-3357", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-3357", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Smart Slider 3 < 3.5.1.11 - PHP Object Injection" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Smart Slider 3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.5.1.11", + "version_value": "3.5.1.11" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Smart Slider 3 WordPress plugin before 3.5.1.11 unserialises the content of an imported file, which could lead to PHP object injection issues when a user import (intentionally or not) a malicious file, and a suitable gadget chain is present on the site." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/2e28a4e7-e7d3-485c-949c-e300e5b66cbd", + "name": "https://wpscan.com/vulnerability/2e28a4e7-e7d3-485c-949c-e300e5b66cbd" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-502 Deserialization of Untrusted Data", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Nguyen Duy Quoc Khanh" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3360.json b/2022/3xxx/CVE-2022-3360.json index 89cc473fcf2..ab902502830 100644 --- a/2022/3xxx/CVE-2022-3360.json +++ b/2022/3xxx/CVE-2022-3360.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-3360", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-3360", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "LearnPress < 4.1.7.2 - Unauthenticated PHP Object Injection via REST API" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "LearnPress – WordPress LMS Plugin", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "4.1.7.2", + "version_value": "4.1.7.2" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The LearnPress WordPress plugin before 4.1.7.2 unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution (RCE). To successfully exploit this vulnerability attackers must have knowledge of the site secrets, allowing them to generate a valid hash via the wp_hash() function." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/acea7a54-a964-4127-a93f-f38f883074e3", + "name": "https://wpscan.com/vulnerability/acea7a54-a964-4127-a93f-f38f883074e3" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-502 Deserialization of Untrusted Data", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Nguyen Duy Quoc Khanh" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3366.json b/2022/3xxx/CVE-2022-3366.json index d356c461699..3f7d5674fdc 100644 --- a/2022/3xxx/CVE-2022-3366.json +++ b/2022/3xxx/CVE-2022-3366.json @@ -1,18 +1,87 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-3366", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-3366", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "PublishPress Capabilities < 2.5.2 - Admin+ PHP Objection Injection" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "PublishPress Capabilities – User Role Access, Editor Permissions, Admin Menus", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.5.2", + "version_value": "2.5.2" + } + ] + } + }, + { + "product_name": "PublishPress Capabilities Pro", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.5.2", + "version_value": "2.5.2" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PublishPress Capabilities WordPress plugin before 2.5.2, PublishPress Capabilities Pro WordPress plugin before 2.5.2 unserializes the content of imported files, which could lead to PHP object injection attacks by administrators, on multisite WordPress configurations. Successful exploitation in this case requires other plugins with a suitable gadget chain to be present on the site." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/72639924-e7a7-4f7d-bd50-015d05ffd4fb", + "name": "https://wpscan.com/vulnerability/72639924-e7a7-4f7d-bd50-015d05ffd4fb" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-502 Deserialization of Untrusted Data", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Nguyen Pham Viet Nam" + } + ], + "source": { + "discovery": "EXTERNAL" + } +} diff --git a/2022/3xxx/CVE-2022-3374.json b/2022/3xxx/CVE-2022-3374.json index 8be5d495300..34d3b00da8b 100644 --- a/2022/3xxx/CVE-2022-3374.json +++ b/2022/3xxx/CVE-2022-3374.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-3374", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-3374", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Ocean Extra < 2.0.5 - Admin+ PHP Objection Injection" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Ocean Extra", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.0.5", + "version_value": "2.0.5" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Ocean Extra WordPress plugin before 2.0.5 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import (intentionally or not) a malicious Customizer Styling file and a suitable gadget chain is present on the blog." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/22fd3f28-9036-4bd5-ad98-ff78bd1b51bc", + "name": "https://wpscan.com/vulnerability/22fd3f28-9036-4bd5-ad98-ff78bd1b51bc" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-502 Deserialization of Untrusted Data", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Nguyen Duy Quoc Khanh" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3380.json b/2022/3xxx/CVE-2022-3380.json index 472d6bea82d..5c172cbb9f7 100644 --- a/2022/3xxx/CVE-2022-3380.json +++ b/2022/3xxx/CVE-2022-3380.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-3380", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-3380", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Customizer Export/Import < 0.9.5 - Admin+ PHP Objection Injection" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Customizer Export/Import", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0.9.5", + "version_value": "0.9.5" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Customizer Export/Import WordPress plugin before 0.9.5 unserializes the content of an imported file, which could lead to PHP object injection issues when an admin imports (intentionally or not) a malicious file and a suitable gadget chain is present on the blog." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/a42272a2-f9ce-4aab-9a94-8a4d85008746", + "name": "https://wpscan.com/vulnerability/a42272a2-f9ce-4aab-9a94-8a4d85008746" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-502 Deserialization of Untrusted Data", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Nguyen Duy Quoc Khanh" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3408.json b/2022/3xxx/CVE-2022-3408.json index 11c063437d5..35e2bd71572 100644 --- a/2022/3xxx/CVE-2022-3408.json +++ b/2022/3xxx/CVE-2022-3408.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-3408", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-3408", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "WP Word Count <= 3.2.3 - Admin+ Stored Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "WP Word Count", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "3.2.3", + "version_value": "3.2.3" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WP Word Count WordPress plugin through 3.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/395bc893-2067-4f76-b49f-9ed8e1e8f330", + "name": "https://wpscan.com/vulnerability/395bc893-2067-4f76-b49f-9ed8e1e8f330" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-Site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "lucy" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3419.json b/2022/3xxx/CVE-2022-3419.json index 89b150dda3a..3d297225705 100644 --- a/2022/3xxx/CVE-2022-3419.json +++ b/2022/3xxx/CVE-2022-3419.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-3419", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-3419", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Automatic User Roles Switcher < 1.1.2 - Subscriber+ Privilege Escalation" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Automatic User Roles Switcher", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.1.2", + "version_value": "1.1.2" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Automatic User Roles Switcher WordPress plugin before 1.1.2 does not have authorisation and proper CSRF checks, allowing any authenticated users like subscriber to add any role to themselves, such as administrator" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/5909a423-9841-449c-a569-f687c609817b", + "name": "https://wpscan.com/vulnerability/5909a423-9841-449c-a569-f687c609817b" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-269 Improper Privilege Management", + "lang": "eng" + } + ] + }, + { + "description": [ + { + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "WPScan" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3420.json b/2022/3xxx/CVE-2022-3420.json index 45026ff18e2..74a5bc053e9 100644 --- a/2022/3xxx/CVE-2022-3420.json +++ b/2022/3xxx/CVE-2022-3420.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-3420", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-3420", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Official Integration for Billingo < 3.4.0 - ShopManager+ Stored XSS" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Official Integration for Billingo", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.4.0", + "version_value": "3.4.0" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Official Integration for Billingo WordPress plugin before 3.4.0 does not sanitise and escape some of its settings, which could allow high privilege users with a role as low as Shop Manager to perform Stored Cross-Site Scripting attacks." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/ce5fac6e-8da1-4042-9cf8-7988613f92a5", + "name": "https://wpscan.com/vulnerability/ce5fac6e-8da1-4042-9cf8-7988613f92a5" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-Site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Lana Codes" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3440.json b/2022/3xxx/CVE-2022-3440.json index ccb77672fb8..84506e64068 100644 --- a/2022/3xxx/CVE-2022-3440.json +++ b/2022/3xxx/CVE-2022-3440.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-3440", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-3440", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Rock Convert < 2.6.0 - Reflected Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Rock Convert", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.11.0", + "version_value": "2.11.0" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Rock Convert WordPress plugin before 2.11.0 does not sanitise and escape an URL before outputting it back in an attribute when a specific widget is present on a page, leading to a Reflected Cross-Site Scripting" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/e39fcf30-1e69-4399-854c-4c5b6ccc22a2", + "name": "https://wpscan.com/vulnerability/e39fcf30-1e69-4399-854c-4c5b6ccc22a2" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-Site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "José Ricardo" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3441.json b/2022/3xxx/CVE-2022-3441.json index 8368bbe1c42..7cd2ac65f1b 100644 --- a/2022/3xxx/CVE-2022-3441.json +++ b/2022/3xxx/CVE-2022-3441.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-3441", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-3441", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Rock Convert < 2.11.0 - Admin+ Stored Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Rock Convert", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.11.0", + "version_value": "2.11.0" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Rock Convert WordPress plugin before 2.11.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/7b51b1f0-17ca-46b7-ada1-20bd926f3023", + "name": "https://wpscan.com/vulnerability/7b51b1f0-17ca-46b7-ada1-20bd926f3023" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-Site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "José Ricardo" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file