admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Adds CVEs

Browse Source
This commit is contained in:
erwanlr 2021-05-17 13:09:56 +02:00
parent 844953f90f
commit 8bf1b4eae6
13 changed files with 987 additions and 204 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

89
2021/24xxx/CVE-2021-24288.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24288",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24288",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "AcyMailing < 7.5.0 - Unauthenticated Open Redirect"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "AcyMailing",
"product": {
"product_data": [
{
"product_name": "Newsletter via SMTP, Sendinblue, Sendgrid, Mailgun - AcyMailing SMTP Newsletter",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "7.5.0",
"version_value": "7.5.0"
}
]
}
}
]
}
}
]
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "When subscribing using AcyMailing, the 'redirect' parameter isn't properly sanitized. Turning the request from POST to GET, an attacker can craft a link containing a potentially malicious landing page and send it to the victim."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/56628862-1687-4862-9ed4-145d8dfbca97",
"name": "https://wpscan.com/vulnerability/56628862-1687-4862-9ed4-145d8dfbca97"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Viktor Markopoulos"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

94
2021/24xxx/CVE-2021-24289.json
View File

@ -1,18 +1,80 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24289",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24289",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Store Locator Plus <= 5.5.14 - Authenticated Privilege Escalation"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Store Locator Plus",
"product": {
"product_data": [
{
"product_name": "Store Locator Plus for WordPress",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "5.5.14",
"version_value": "5.5.14"
}
]
}
}
]
}
}
]
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is functionality in the Store Locator Plus for WordPress plugin through 5.5.14 that made it possible for authenticated users to update their user meta data to become an administrator on any site using the plugin."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/078e93cd-7cf2-4e23-8171-58d44e354d62",
"name": "https://wpscan.com/vulnerability/078e93cd-7cf2-4e23-8171-58d44e354d62"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/severe-unpatched-vulnerabilities-leads-to-closure-of-store-locator-plus-plugin/",
"name": "https://www.wordfence.com/blog/2021/04/severe-unpatched-vulnerabilities-leads-to-closure-of-store-locator-plus-plugin/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-269 Improper Privilege Management",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Chloe Chamberland"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

94
2021/24xxx/CVE-2021-24290.json
View File

@ -1,18 +1,80 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24290",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24290",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Store Locator Plus <= 5.5.15 - Unauthenticated Stored Cross-Site Scripting (XSS)"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Store Locator Plus®",
"product": {
"product_data": [
{
"product_name": "Store Locator Plus for WordPress",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "5.5.15",
"version_value": "5.5.15"
}
]
}
}
]
}
}
]
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "There are several endpoints in the Store Locator Plus for WordPress plugin through 5.5.15 that could allow unauthenticated attackers the ability to inject malicious JavaScript into pages."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/dc368484-f2fe-4c76-ba3d-e00e7f633719",
"name": "https://wpscan.com/vulnerability/dc368484-f2fe-4c76-ba3d-e00e7f633719"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/severe-unpatched-vulnerabilities-leads-to-closure-of-store-locator-plus-plugin",
"name": "https://www.wordfence.com/blog/2021/04/severe-unpatched-vulnerabilities-leads-to-closure-of-store-locator-plus-plugin"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Chloe Chamberland"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

106
2021/24xxx/CVE-2021-24292.json
View File

@ -1,18 +1,92 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24292",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24292",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Happy Addons for Elementor Free < 2.24.0 and Pro < 1.17.0 - Contributor+ Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "weDevs",
"product": {
"product_data": [
{
"product_name": "Happy Addons for Elementor",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.24.0",
"version_value": "2.24.0"
}
]
}
},
{
"product_name": "Happy Addons Pro for Elementor",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.17.0",
"version_value": "1.17.0"
}
]
}
}
]
}
}
]
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Happy Addons for Elementor WordPress plugin before 2.24.0, Happy Addons Pro for Elementor WordPress plugin before 1.17.0 have a number of widgets that are vulnerable to stored Cross-Site Scripting(XSS) by lower-privileged users such as contributors, all via a similar method: The “Card” widget accepts a “title_tag” parameter. Although the element control lists a fixed set of possible html tags, it is possible to send a save_builder request with the “heading_tag” set to “script”, and the actual “title” parameter set to JavaScript to be executed within the script tags added by the “heading_tag” parameter."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/0f20e098-8106-451f-9448-d35a79f03077",
"name": "https://wpscan.com/vulnerability/0f20e098-8106-451f-9448-d35a79f03077"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

94
2021/24xxx/CVE-2021-24295.json
View File

@ -1,18 +1,80 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24295",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24295",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Time-based Blind SQL Injection in Spam protection, AntiSpam, FireWall by CleanTalk < 5.153.4"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "СleanTalk",
"product": {
"product_data": [
{
"product_name": "Spam protection, AntiSpam, FireWall by CleanTalk",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.153.4",
"version_value": "5.153.4"
}
]
}
}
]
}
}
]
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was possible to exploit an Unauthenticated Time-Based Blind SQL Injection vulnerability in the Spam protection, AntiSpam, FireWall by CleanTalk WordPress Plugin before 5.153.4. The update_log function in lib/Cleantalk/ApbctWP/Firewall/SFW.php included a vulnerable query that could be injected via the User-Agent Header by manipulating the cookies set by the Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin before 5.153.4, sending an initial request to obtain a ct_sfw_pass_key cookie and then manually setting a separate ct_sfw_passed cookie and disallowing it from being reset."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/152171fc-888c-4275-a118-5a1e664ef28b",
"name": "https://wpscan.com/vulnerability/152171fc-888c-4275-a118-5a1e664ef28b"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/05/sql-injection-vulnerability-patched-in-cleantalk-antispam-plugin/",
"name": "https://www.wordfence.com/blog/2021/05/sql-injection-vulnerability-patched-in-cleantalk-antispam-plugin/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-89 SQL Injection",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

89
2021/24xxx/CVE-2021-24299.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24299",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24299",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "ReDi Restaurant Reservations < 21.0426 - Unauthenticated Stored Cross-Site Scripting (XSS)"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Reservation Diary",
"product": {
"product_data": [
{
"product_name": "ReDi Restaurant Reservation",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "21.0426",
"version_value": "21.0426"
}
]
}
}
]
}
}
]
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ReDi Restaurant Reservation WordPress plugin before 21.0426 provides the functionality to let users make restaurant reservations. These reservations are stored and can be listed on an 'Upcoming' page provided by the plugin. An unauthenticated user can fill in the form to make a restaurant reservation. The form to make a restaurant reservation field called 'Comment' does not use proper input validation and can be used to store XSS payloads. The XSS payloads will be executed when the plugin user goes to the 'Upcoming' page, which is an external website https://upcoming.reservationdiary.eu/ loaded in an iframe, and the stored reservation with XSS payload is loaded."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/fd6ce00b-8c5f-4180-b648-f47b37303670",
"name": "https://wpscan.com/vulnerability/fd6ce00b-8c5f-4180-b648-f47b37303670"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Bastijn Ouwendijk"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

94
2021/24xxx/CVE-2021-24314.json
View File

@ -1,18 +1,80 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24314",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24314",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Goto < 2.1 - Unauthenticated Blind SQL Injection"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "BoostifyThemes",
"product": {
"product_data": [
{
"product_name": "Goto",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.1",
"version_value": "2.1"
}
]
}
}
]
}
}
]
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Goto WordPress theme before 2.1 did not sanitise, validate of escape the keywords GET parameter from its listing page before using it in a SQL statement, leading to an Unauthenticated SQL injection issue"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/1cc6dc17-b019-49dd-8149-c8bba165eb30",
"name": "https://wpscan.com/vulnerability/1cc6dc17-b019-49dd-8149-c8bba165eb30"
},
{
"refsource": "MISC",
"url": "https://m0ze.ru/vulnerability/%5B2021-03-24%5D-%5BWordPress%5D-%5BCWE-89%5D-Goto-WordPress-Theme-v2.0.txt",
"name": "https://m0ze.ru/vulnerability/%5B2021-03-24%5D-%5BWordPress%5D-%5BCWE-89%5D-Goto-WordPress-Theme-v2.0.txt"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-89 SQL Injection",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "m0ze"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

94
2021/24xxx/CVE-2021-24315.json
View File

@ -1,18 +1,80 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24315",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24315",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Give WP < 2.10.4 - Authenticated Stored Cross-Site Scripting (XSS)"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GiveWP",
"product": {
"product_data": [
{
"product_name": "GiveWP Donation Plugin and Fundraising Platform",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.10.4",
"version_value": "2.10.4"
}
]
}
}
]
}
}
]
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The GiveWP Donation Plugin and Fundraising Platform WordPress plugin before 2.10.4 did not sanitise or escape the Background Image field of its Stripe Checkout Setting and Logo field in its Email settings, leading to authenticated (admin+) Stored XSS issues."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/006b37c9-641c-4676-a315-9b6053e001d2",
"name": "https://wpscan.com/vulnerability/006b37c9-641c-4676-a315-9b6053e001d2"
},
{
"refsource": "MISC",
"url": "https://m0ze.ru/vulnerability/%5B2021-04-02%5D-%5BWordPress%5D-%5BCWE-79%5D-GiveWP-WordPress-Plugin-v2.10.3.txt",
"name": "https://m0ze.ru/vulnerability/%5B2021-04-02%5D-%5BWordPress%5D-%5BCWE-79%5D-GiveWP-WordPress-Plugin-v2.10.3.txt"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "m0ze"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

89
2021/24xxx/CVE-2021-24323.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24323",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24323",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Woocommerce < 5.2.0 - Authenticated Stored Cross-Site Scripting (XSS)"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Automattic",
"product": {
"product_data": [
{
"product_name": "WooCommerce",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.2.0",
"version_value": "5.2.0"
}
]
}
}
]
}
}
]
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "When taxes are enabled, the \"Additional tax classes\" field was not properly sanitised or escaped before being output back in the admin dashboard, allowing high privilege users such as admin to use XSS payloads even when the unfiltered_html is disabled"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/6d262555-7ae4-4e36-add6-4baa34dc3010",
"name": "https://wpscan.com/vulnerability/6d262555-7ae4-4e36-add6-4baa34dc3010"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "m0ze"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

87
2021/24xxx/CVE-2021-24324.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24324",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24324",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "404 SEO Redirection <= 1.3 - CSRF to Stored Cross-Site Scripting (XSS)"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "404 SEO Redirection",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.3",
"version_value": "1.3"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The 404 SEO Redirection WordPress plugin through 1.3 is lacking CSRF checks in all its settings, allowing attackers to make a logged in user change the plugin's settings. Due to the lack of sanitisation and escaping in some fields, it could also lead to Stored Cross-Site Scripting issues"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/63a24890-3735-4016-b4b7-4b070a842664",
"name": "https://wpscan.com/vulnerability/63a24890-3735-4016-b4b7-4b070a842664"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "m0ze"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

87
2021/24xxx/CVE-2021-24325.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24325",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24325",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "404 SEO Redirection <= 1.3 - Reflected Cross-Site Scripting (XSS)"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "404 SEO Redirection",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.3",
"version_value": "1.3"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The tab parameter of the settings page of the 404 SEO Redirection WordPress plugin through 1.3 is vulnerable to a reflected Cross-Site Scripting (XSS) issue as user input is not properly sanitised or escaped before being output in an attribute."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/96e9a7fd-9ab8-478e-9420-4bca2a0b23a1",
"name": "https://wpscan.com/vulnerability/96e9a7fd-9ab8-478e-9420-4bca2a0b23a1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "m0ze"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

87
2021/24xxx/CVE-2021-24326.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24326",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24326",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "All 404 Redirect to Homepage < 1.21 - Authenticated Reflected Cross-Site Scripting (XSS)"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "All 404 Redirect to Homepage",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.21",
"version_value": "1.21"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The tab parameter of the settings page of the All 404 Redirect to Homepage WordPress plugin before 1.21 was vulnerable to an authenticated reflected Cross-Site Scripting (XSS) issue as user input was not properly sanitised before being output in an attribute."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/63d6ca03-e0df-40db-9839-531c13619094",
"name": "https://wpscan.com/vulnerability/63d6ca03-e0df-40db-9839-531c13619094"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "m0ze"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

87
2021/24xxx/CVE-2021-24327.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24327",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24327",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "SEO Redirection < 6.4 - Authenticated Stored Cross-Site Scripting (XSS)"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "SEO Redirection Plugin 301 Redirect Manager",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "6.4",
"version_value": "6.4"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SEO Redirection Plugin 301 Redirect Manager WordPress plugin before 6.4 did not sanitise the Redirect From and Redirect To fields when creating a new redirect in the dashboard, allowing high privilege users (even with the unfiltered_html disabled) to set XSS payloads"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/ca8068f7-dcf0-44fd-841d-d02987220d79",
"name": "https://wpscan.com/vulnerability/ca8068f7-dcf0-44fd-841d-d02987220d79"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "m0ze"
}
],
"source": {
"discovery": "UNKNOWN"
}
}