From 833664ef12fec7fde4ff9dd2ff8277bce5c289ad Mon Sep 17 00:00:00 2001 From: erwanlr Date: Mon, 24 May 2021 10:43:51 +0200 Subject: [PATCH] Adds CVEs --- 2021/24xxx/CVE-2021-24294.json | 89 ++++++++++++++++++++++++++------ 2021/24xxx/CVE-2021-24296.json | 89 ++++++++++++++++++++++++++------ 2021/24xxx/CVE-2021-24297.json | 89 ++++++++++++++++++++++++++------ 2021/24xxx/CVE-2021-24298.json | 94 ++++++++++++++++++++++++++++------ 2021/24xxx/CVE-2021-24300.json | 89 ++++++++++++++++++++++++++------ 2021/24xxx/CVE-2021-24301.json | 89 ++++++++++++++++++++++++++------ 2021/24xxx/CVE-2021-24302.json | 89 ++++++++++++++++++++++++++------ 2021/24xxx/CVE-2021-24305.json | 94 ++++++++++++++++++++++++++++------ 2021/24xxx/CVE-2021-24306.json | 89 ++++++++++++++++++++++++++------ 2021/24xxx/CVE-2021-24307.json | 94 ++++++++++++++++++++++++++++------ 2021/24xxx/CVE-2021-24308.json | 94 ++++++++++++++++++++++++++++------ 2021/24xxx/CVE-2021-24332.json | 92 +++++++++++++++++++++++++++------ 12 files changed, 900 insertions(+), 191 deletions(-) diff --git a/2021/24xxx/CVE-2021-24294.json b/2021/24xxx/CVE-2021-24294.json index 4cec2015e9a..7cd324728d0 100644 --- a/2021/24xxx/CVE-2021-24294.json +++ b/2021/24xxx/CVE-2021-24294.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24294", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24294", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "DSGVO All in one for WP < 4.0 - Unauthenticated Stored Cross-Site Scripting (XSS)" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Michael Leithold", + "product": { + "product_data": [ + { + "product_name": "DSGVO All in one for WP", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "4.0", + "version_value": "4.0" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The dsgvoaio_write_log AJAX action of the DSGVO All in one for WP WordPress plugin before 4.0 did not sanitise or escape some POST parameter submitted before outputting them in the Log page in the administrator dashboard (wp-admin/admin.php?page=dsgvoaiofree-show-log). This could allow unauthenticated attackers to gain unauthorised access by using an XSS payload to create a rogue administrator account, which will be trigged when an administrator will view the logs." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/43b8cfb4-f875-432b-8e3b-52653fdee87c", + "name": "https://wpscan.com/vulnerability/43b8cfb4-f875-432b-8e3b-52653fdee87c" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "dc11" + } + ], + "source": { + "discovery": "UNKNOWN" + } +} diff --git a/2021/24xxx/CVE-2021-24296.json b/2021/24xxx/CVE-2021-24296.json index 743bd58f8cf..0f79e2f6d9a 100644 --- a/2021/24xxx/CVE-2021-24296.json +++ b/2021/24xxx/CVE-2021-24296.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24296", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24296", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "WP Customer Reviews < 3.5.6 - Authenticated Stored Cross-Site Scripting (XSS)" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Go Web Solutions", + "product": { + "product_data": [ + { + "product_name": "WP Customer Reviews", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.5.6", + "version_value": "3.5.6" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WP Customer Reviews WordPress plugin before 3.5.6 did not sanitise some of its settings, allowing high privilege users such as administrators to set XSS payloads in them which will then be triggered in pages where reviews are enabled" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/c450f54a-3372-49b2-8ad8-68d5cc0dd49e", + "name": "https://wpscan.com/vulnerability/c450f54a-3372-49b2-8ad8-68d5cc0dd49e" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Truoc Phan from Techlab Corporation" + } + ], + "source": { + "discovery": "UNKNOWN" + } +} diff --git a/2021/24xxx/CVE-2021-24297.json b/2021/24xxx/CVE-2021-24297.json index 7308b761780..de0a49f4b1a 100644 --- a/2021/24xxx/CVE-2021-24297.json +++ b/2021/24xxx/CVE-2021-24297.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24297", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24297", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Goto < 2.1 - Reflected Cross-Site Scripting (XSS)" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Goto", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.1", + "version_value": "2.1" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Goto WordPress theme before 2.1 did not properly sanitize the formvalue JSON POST parameter in its tl_filter AJAX action, leading to an unauthenticated Reflected Cross-site Scripting (XSS) vulnerability." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/a64a3b2e-7924-47aa-96e8-3aa02a6cdccc", + "name": "https://wpscan.com/vulnerability/a64a3b2e-7924-47aa-96e8-3aa02a6cdccc" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Truoc Phan from Techlab Corporation" + } + ], + "source": { + "discovery": "UNKNOWN" + } +} diff --git a/2021/24xxx/CVE-2021-24298.json b/2021/24xxx/CVE-2021-24298.json index 20ca2288ee0..37935eb17e6 100644 --- a/2021/24xxx/CVE-2021-24298.json +++ b/2021/24xxx/CVE-2021-24298.json @@ -1,18 +1,80 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24298", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24298", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Simple Giveaways < 2.36.2 - Unauthenticated Reflected Cross-Site Scripting (XSS)" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Igor Benic", + "product": { + "product_data": [ + { + "product_name": "Simple Giveaways – Grow your business, email lists and traffic with contests", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.36.2", + "version_value": "2.36.2" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The method and share GET parameters of the Giveaway pages were not sanitised, validated or escaped before being output back in the pages, thus leading to reflected XSS" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/30aebded-3eb3-4dda-90b5-12de5e622c91", + "name": "https://wpscan.com/vulnerability/30aebded-3eb3-4dda-90b5-12de5e622c91" + }, + { + "refsource": "MISC", + "url": "https://codevigilant.com/disclosure/2021/wp-plugin-giveasap-xss/", + "name": "https://codevigilant.com/disclosure/2021/wp-plugin-giveasap-xss/" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Shreya Pohekar of Codevigilant Project" + } + ], + "source": { + "discovery": "UNKNOWN" + } +} diff --git a/2021/24xxx/CVE-2021-24300.json b/2021/24xxx/CVE-2021-24300.json index c9a7363388e..075bbd35df9 100644 --- a/2021/24xxx/CVE-2021-24300.json +++ b/2021/24xxx/CVE-2021-24300.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24300", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24300", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "PickPlugins Product Slider for WooCommerce < 1.13.22 - Reflected Cross-Site Scripting (XSS)" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PickPlugins", + "product": { + "product_data": [ + { + "product_name": "PickPlugins Product Slider for WooCommerce", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.13.22", + "version_value": "1.13.22" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The slider import search feature of the PickPlugins Product Slider for WooCommerce WordPress plugin before 1.13.22 did not properly sanitised the keyword GET parameter, leading to reflected Cross-Site Scripting issue" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/5fbbc7ad-3f1a-48a1-b2eb-e57f153eb837", + "name": "https://wpscan.com/vulnerability/5fbbc7ad-3f1a-48a1-b2eb-e57f153eb837" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "0xB9" + } + ], + "source": { + "discovery": "UNKNOWN" + } +} diff --git a/2021/24xxx/CVE-2021-24301.json b/2021/24xxx/CVE-2021-24301.json index f58bf70a761..c1be8a50bf2 100644 --- a/2021/24xxx/CVE-2021-24301.json +++ b/2021/24xxx/CVE-2021-24301.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24301", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24301", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Hotjar Connecticator <= 1.1.1 - Authenticated Stored Cross-Site Scripting (XSS)" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Blue Medicine Labs", + "product": { + "product_data": [ + { + "product_name": "Hotjar Connecticator", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.1.1", + "version_value": "1.1.1" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Hotjar Connecticator WordPress plugin through 1.1.1 is vulnerable to Stored Cross-Site Scripting (XSS) in the 'hotjar script' textarea. The request did include a CSRF nonce that was properly verified by the server and this vulnerability could only be exploited by administrator users." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/eb8e2b9d-f153-49c9-862a-5c016934f9ad", + "name": "https://wpscan.com/vulnerability/eb8e2b9d-f153-49c9-862a-5c016934f9ad" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Kishore Hariram" + } + ], + "source": { + "discovery": "UNKNOWN" + } +} diff --git a/2021/24xxx/CVE-2021-24302.json b/2021/24xxx/CVE-2021-24302.json index 99c66538daa..27a1985b38b 100644 --- a/2021/24xxx/CVE-2021-24302.json +++ b/2021/24xxx/CVE-2021-24302.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24302", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24302", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Hana Flv Player <= 3.1.3 - Authenticated Stored Cross-Site Scripting (XSS)" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HanaDaddy", + "product": { + "product_data": [ + { + "product_name": "Hana Flv Player", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "3.1.3", + "version_value": "3.1.3" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Hana Flv Player WordPress plugin through 3.1.3 is vulnerable to an Authenticated Stored Cross-Site Scripting (XSS) vulnerability within the 'Default Skin' field." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/372a66ca-1c3c-4429-86a5-81dbdaa9ec7d", + "name": "https://wpscan.com/vulnerability/372a66ca-1c3c-4429-86a5-81dbdaa9ec7d" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Kishore Hariram" + } + ], + "source": { + "discovery": "UNKNOWN" + } +} diff --git a/2021/24xxx/CVE-2021-24305.json b/2021/24xxx/CVE-2021-24305.json index 72c804b8eab..29b23d795ef 100644 --- a/2021/24xxx/CVE-2021-24305.json +++ b/2021/24xxx/CVE-2021-24305.json @@ -1,18 +1,80 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24305", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24305", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Target First Plugin 2.0 - Unauthenticated Stored XSS via Licence Key" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "TargetFirst", + "product": { + "product_data": [ + { + "product_name": "Target First Plugin", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_name": "2.0", + "version_value": "2.0" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Target First WordPress Plugin v2.0, also previously known as Watcheezy, suffers from a critical unauthenticated stored XSS vulnerability. An attacker could change the licence key value through a POST on any URL with the 'weeWzKey' parameter that will be save as the 'weeID option and is not sanitized." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/4d55d1f5-a7b8-4029-942d-7a13e2498f64", + "name": "https://wpscan.com/vulnerability/4d55d1f5-a7b8-4029-942d-7a13e2498f64" + }, + { + "refsource": "MISC", + "url": "https://www.targetfirst.com/", + "name": "https://www.targetfirst.com/" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Vincent MICHEL" + } + ], + "source": { + "discovery": "UNKNOWN" + } +} diff --git a/2021/24xxx/CVE-2021-24306.json b/2021/24xxx/CVE-2021-24306.json index aea8faf20e0..6ccc03a6310 100644 --- a/2021/24xxx/CVE-2021-24306.json +++ b/2021/24xxx/CVE-2021-24306.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24306", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24306", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Ultimate Member < 2.1.20 - Authenticated Reflected Cross-Site Scripting (XSS)" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Ultimate Member", + "product": { + "product_data": [ + { + "product_name": "Ultimate Member – User Profile, User Registration, Login & Membership Plugin", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.1.20", + "version_value": "2.1.20" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Ultimate Member – User Profile, User Registration, Login & Membership Plugin WordPress plugin before 2.1.20 did not properly sanitise, validate or encode the query string when generating a link to edit user's own profile, leading to an authenticated reflected Cross-Site Scripting issue. Knowledge of the targeted username is required to exploit this, and attackers would then need to make the related logged in user open a malicious link." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/35516555-c50c-486a-886c-df49c9e51e2c", + "name": "https://wpscan.com/vulnerability/35516555-c50c-486a-886c-df49c9e51e2c" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "riki aji" + } + ], + "source": { + "discovery": "UNKNOWN" + } +} diff --git a/2021/24xxx/CVE-2021-24307.json b/2021/24xxx/CVE-2021-24307.json index 7ada6d805c8..a647c586422 100644 --- a/2021/24xxx/CVE-2021-24307.json +++ b/2021/24xxx/CVE-2021-24307.json @@ -1,18 +1,80 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24307", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24307", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "All in One SEO Pack < 4.1.0.2 - Admin RCE via unserialize" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "All in One SEO Team", + "product": { + "product_data": [ + { + "product_name": "All in One SEO – Best WordPress SEO Plugin – Easily Improve Your SEO Rankings", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "4.1.0.2", + "version_value": "4.1.0.2" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The All in One SEO – Best WordPress SEO Plugin – Easily Improve Your SEO Rankings before 4.1.0.2 enables authenticated users with \"aioseo_tools_settings\" privilege (most of the time admin) to execute arbitrary code on the underlying host. Users can restore plugin's configuration by uploading a backup .ini file in the section \"Tool > Import/Export\". However, the plugin attempts to unserialize values of the .ini file. Moreover, the plugin embeds Monolog library which can be used to craft a gadget chain and thus trigger system command execution." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/ab2c94d2-f6c4-418b-bd14-711ed164bcf1", + "name": "https://wpscan.com/vulnerability/ab2c94d2-f6c4-418b-bd14-711ed164bcf1" + }, + { + "refsource": "MISC", + "url": "https://aioseo.com/changelog/", + "name": "https://aioseo.com/changelog/" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-94 Improper Control of Generation of Code ('Code Injection')", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Vincent MICHEL" + } + ], + "source": { + "discovery": "UNKNOWN" + } +} diff --git a/2021/24xxx/CVE-2021-24308.json b/2021/24xxx/CVE-2021-24308.json index 2781f70cf99..cfd63b2bfb2 100644 --- a/2021/24xxx/CVE-2021-24308.json +++ b/2021/24xxx/CVE-2021-24308.json @@ -1,18 +1,80 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24308", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24308", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "LifterLMS < 4.21.1 - Authenticated Stored XSS in Edit Profile" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "LifterLMS", + "product": { + "product_data": [ + { + "product_name": "LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for WordPress", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "4.21.1", + "version_value": "4.21.1" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The 'State' field of the Edit profile page of the LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for WordPress plugin before 4.21.1 is not properly sanitised when output in the About section of the profile page, leading to a stored Cross-Site Scripting issue. This could allow low privilege users (such as students) to elevate their privilege via an XSS attack when an admin will view their profile." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/f29f68a5-6575-441d-98c9-867145f2b082", + "name": "https://wpscan.com/vulnerability/f29f68a5-6575-441d-98c9-867145f2b082" + }, + { + "refsource": "MISC", + "url": "https://github.com/gocodebox/lifterlms/releases/tag/4.21.1", + "name": "https://github.com/gocodebox/lifterlms/releases/tag/4.21.1" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "captain_hook" + } + ], + "source": { + "discovery": "UNKNOWN" + } +} diff --git a/2021/24xxx/CVE-2021-24332.json b/2021/24xxx/CVE-2021-24332.json index e8d2db5345b..603b0588f6c 100644 --- a/2021/24xxx/CVE-2021-24332.json +++ b/2021/24xxx/CVE-2021-24332.json @@ -1,18 +1,80 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24332", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24332", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Autoptimize < 2.8.4 - Authenticated Stored Cross-Site Scripting (XSS)" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Autoptimize", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.8.4", + "version_value": "2.8.4" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Autoptimize WordPress plugin before 2.8.4 was missing proper escaping and sanitisation in some of its settings, allowing high privilege users to set XSS payloads in them, leading to stored Cross-Site Scripting issues" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/6678e064-ce21-4bb2-8c50-061073fb22fb", + "name": "https://wpscan.com/vulnerability/6678e064-ce21-4bb2-8c50-061073fb22fb" + }, + { + "refsource": "MISC", + "url": "https://m0ze.ru/vulnerability/[2021-04-01]-[WordPress]-[CWE-79]-Autoptimize-WordPress-Plugin-v2.8.3.txt", + "name": "https://m0ze.ru/vulnerability/[2021-04-01]-[WordPress]-[CWE-79]-Autoptimize-WordPress-Plugin-v2.8.3.txt" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "m0ze" + } + ], + "source": { + "discovery": "UNKNOWN" + } } \ No newline at end of file