diff --git a/2020/19xxx/CVE-2020-19143.json b/2020/19xxx/CVE-2020-19143.json index e4d3b42c8b7..affa6b5227f 100644 --- a/2020/19xxx/CVE-2020-19143.json +++ b/2020/19xxx/CVE-2020-19143.json @@ -56,6 +56,16 @@ "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2851", "refsource": "MISC", "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2851" + }, + { + "refsource": "MISC", + "name": "https://gitlab.com/libtiff/libtiff/-/issues/158", + "url": "https://gitlab.com/libtiff/libtiff/-/issues/158" + }, + { + "refsource": "MISC", + "name": "https://gitlab.com/libtiff/libtiff/-/merge_requests/119", + "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/119" } ] } diff --git a/2020/19xxx/CVE-2020-19144.json b/2020/19xxx/CVE-2020-19144.json index 9ab1408026f..53409f41931 100644 --- a/2020/19xxx/CVE-2020-19144.json +++ b/2020/19xxx/CVE-2020-19144.json @@ -56,6 +56,11 @@ "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2852", "refsource": "MISC", "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2852" + }, + { + "refsource": "MISC", + "name": "https://gitlab.com/libtiff/libtiff/-/issues/159", + "url": "https://gitlab.com/libtiff/libtiff/-/issues/159" } ] } diff --git a/2021/38xxx/CVE-2021-38326.json b/2021/38xxx/CVE-2021-38326.json index 7b8b3e52ab1..5b6ca17af64 100644 --- a/2021/38xxx/CVE-2021-38326.json +++ b/2021/38xxx/CVE-2021-38326.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "AKA": "Wordfence", + "ASSIGNER": "security@wordfence.com", + "DATE_PUBLIC": "2021-09-09T16:20:00.000Z", "ID": "CVE-2021-38326", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Post Title Counter <= 1.1 Reflected Cross-Site Scripting" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Post Title Counter", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.1", + "version_value": "1.1" + } + ] + } + } + ] + }, + "vendor_name": "Post Title Counter" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "p7e4" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Post Title Counter WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the notice parameter found in the ~/post-title-counter.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.1." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38326", + "name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38326" + }, + { + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/browser/post-title-counter/tags/1.1/post-title-counter.php#L87", + "name": "https://plugins.trac.wordpress.org/browser/post-title-counter/tags/1.1/post-title-counter.php#L87" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Uninstall plugin from WordPress site." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38327.json b/2021/38xxx/CVE-2021-38327.json index 8255987a44b..ba893a919e0 100644 --- a/2021/38xxx/CVE-2021-38327.json +++ b/2021/38xxx/CVE-2021-38327.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "AKA": "Wordfence", + "ASSIGNER": "security@wordfence.com", + "DATE_PUBLIC": "2021-09-09T16:20:00.000Z", "ID": "CVE-2021-38327", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "YouTube Video Inserter <= 1.2.1.0 Reflected Cross-Site Scripting" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "YouTube Video Inserter ", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.2.1.0", + "version_value": "1.2.1.0" + } + ] + } + } + ] + }, + "vendor_name": "YouTube Video Inserter " + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "p7e4" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The YouTube Video Inserter WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[\"PHP_SELF\"] value in the ~/adminUI/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.1.0." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38327", + "name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38327" + }, + { + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/browser/youtube-video-inserter/trunk/adminUI/settings.php#L67", + "name": "https://plugins.trac.wordpress.org/browser/youtube-video-inserter/trunk/adminUI/settings.php#L67" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Uninstall plugin from WordPress site." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38328.json b/2021/38xxx/CVE-2021-38328.json index 1913fed0cb9..042796ccc8e 100644 --- a/2021/38xxx/CVE-2021-38328.json +++ b/2021/38xxx/CVE-2021-38328.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "AKA": "Wordfence", + "ASSIGNER": "security@wordfence.com", + "DATE_PUBLIC": "2021-09-09T16:20:00.000Z", "ID": "CVE-2021-38328", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": " Notices <= 6.1 Reflected Cross-Site Scripting" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": " Notices ", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "6.1", + "version_value": "6.1" + } + ] + } + } + ] + }, + "vendor_name": " Notices " + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "p7e4" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Notices WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[\"PHP_SELF\"] value in the ~/notices.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 6.1." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38328", + "name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38328" + }, + { + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/browser/notices/trunk/notices.php?rev=606181#L353", + "name": "https://plugins.trac.wordpress.org/browser/notices/trunk/notices.php?rev=606181#L353" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Uninstall plugin from WordPress site." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38329.json b/2021/38xxx/CVE-2021-38329.json index 23f8bbf6683..d975c8506dd 100644 --- a/2021/38xxx/CVE-2021-38329.json +++ b/2021/38xxx/CVE-2021-38329.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "AKA": "Wordfence", + "ASSIGNER": "security@wordfence.com", + "DATE_PUBLIC": "2021-09-09T16:20:00.000Z", "ID": "CVE-2021-38329", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "DJ EmailPublish <= 1.7.2 Reflected Cross-Site Scripting" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DJ EmailPublish", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.7.2", + "version_value": "1.7.2" + } + ] + } + } + ] + }, + "vendor_name": "DJ EmailPublish" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "p7e4" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The DJ EmailPublish WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[\"PHP_SELF\"] value in the ~/dj-email-publish.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.7.2." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38329", + "name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38329" + }, + { + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/browser/dj-email-publish/tags/1.7.2/dj-email-publish.php#L259", + "name": "https://plugins.trac.wordpress.org/browser/dj-email-publish/tags/1.7.2/dj-email-publish.php#L259" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Uninstall plugin from WordPress site." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38330.json b/2021/38xxx/CVE-2021-38330.json index bc65162eb36..72856fd7993 100644 --- a/2021/38xxx/CVE-2021-38330.json +++ b/2021/38xxx/CVE-2021-38330.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "AKA": "Wordfence", + "ASSIGNER": "security@wordfence.com", + "DATE_PUBLIC": "2021-09-09T16:20:00.000Z", "ID": "CVE-2021-38330", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Yet Another bol.com Plugin <= 1.4 Reflected Cross-Site Scripting" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Yet Another bol.com Plugin", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.4", + "version_value": "1.4" + } + ] + } + } + ] + }, + "vendor_name": "Yet Another bol.com Plugin " + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "p7e4" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Yet Another bol.com Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[\"PHP_SELF\"] value in the ~/yabp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38330", + "name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38330" + }, + { + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/browser/yabp/tags/1.4/yabp.php#L454", + "name": "https://plugins.trac.wordpress.org/browser/yabp/tags/1.4/yabp.php#L454" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Uninstall plugin from WordPress site." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38331.json b/2021/38xxx/CVE-2021-38331.json index c6764f66a59..861753a5b93 100644 --- a/2021/38xxx/CVE-2021-38331.json +++ b/2021/38xxx/CVE-2021-38331.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "AKA": "Wordfence", + "ASSIGNER": "security@wordfence.com", + "DATE_PUBLIC": "2021-09-09T16:20:00.000Z", "ID": "CVE-2021-38331", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WP-T-Wap <= 1.13.2 Reflected Cross-Site Scripting" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WP-T-Wap ", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.13.2", + "version_value": "1.13.2" + } + ] + } + } + ] + }, + "vendor_name": "WP-T-Wap " + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "p7e4" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WP-T-Wap WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the posted parameter found in the ~/wap/writer.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.13.2." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38331", + "name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38331" + }, + { + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/browser/wp-t-wap/tags/1.13.3/wap/writer.php#L34", + "name": "https://plugins.trac.wordpress.org/browser/wp-t-wap/tags/1.13.3/wap/writer.php#L34" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Uninstall plugin from WordPress site." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38332.json b/2021/38xxx/CVE-2021-38332.json index a2af6862d59..cfd2e657f52 100644 --- a/2021/38xxx/CVE-2021-38332.json +++ b/2021/38xxx/CVE-2021-38332.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "AKA": "Wordfence", + "ASSIGNER": "security@wordfence.com", + "DATE_PUBLIC": "2021-09-09T16:20:00.000Z", "ID": "CVE-2021-38332", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "On Page SEO + Whatsapp Chat Button <= 1.0.1 Reflected Cross-Site Scripting" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "On Page SEO + Whatsapp Chat Button", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.0.1", + "version_value": "1.0.1" + } + ] + } + } + ] + }, + "vendor_name": "On Page SEO + Whatsapp Chat Button" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "p7e4" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The On Page SEO + Whatsapp Chat Button Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[\"PHP_SELF\"] value in the ~/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.1." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38332", + "name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38332" + }, + { + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/browser/ops-robots-txt/tags/1.0.0/settings.php#L175", + "name": "https://plugins.trac.wordpress.org/browser/ops-robots-txt/tags/1.0.0/settings.php#L175" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Uninstall plugin from WordPress site." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38333.json b/2021/38xxx/CVE-2021-38333.json index 1ecfb65c93a..180862cde4b 100644 --- a/2021/38xxx/CVE-2021-38333.json +++ b/2021/38xxx/CVE-2021-38333.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "AKA": "Wordfence", + "ASSIGNER": "security@wordfence.com", + "DATE_PUBLIC": "2021-09-09T16:20:00.000Z", "ID": "CVE-2021-38333", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WP Scrippets <= 1.5.1 Reflected Cross-Site Scripting" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WP Scrippets", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.5.1", + "version_value": "1.5.1" + } + ] + } + } + ] + }, + "vendor_name": "WP Scrippets" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "p7e4" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WP Scrippets WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[\"PHP_SELF\"] value in the ~/wp-scrippets.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.5.1." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38333", + "name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38333" + }, + { + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/browser/wp-scrippets/tags/1.5.1/wp-scrippets.php#L123", + "name": "https://plugins.trac.wordpress.org/browser/wp-scrippets/tags/1.5.1/wp-scrippets.php#L123" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Uninstall plugin from WordPress site." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38334.json b/2021/38xxx/CVE-2021-38334.json index d38ac7e23fb..c39ea4bea25 100644 --- a/2021/38xxx/CVE-2021-38334.json +++ b/2021/38xxx/CVE-2021-38334.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "AKA": "Wordfence", + "ASSIGNER": "security@wordfence.com", + "DATE_PUBLIC": "2021-09-09T16:20:00.000Z", "ID": "CVE-2021-38334", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WP Design Maps & Places <= 1.2 Reflected Cross-Site Scripting" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WP Design Maps & Places", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.2", + "version_value": "1.2" + } + ] + } + } + ] + }, + "vendor_name": "WP Design Maps & Places" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "p7e4" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WP Design Maps & Places WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the filename parameter found in the ~/wpdmp-admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38334", + "name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38334" + }, + { + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/browser/wp-design-maps-places/tags/1.2/wpdmp-admin.php#L192", + "name": "https://plugins.trac.wordpress.org/browser/wp-design-maps-places/tags/1.2/wpdmp-admin.php#L192" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Uninstall plugin from WordPress site." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38335.json b/2021/38xxx/CVE-2021-38335.json index 82f11354dbf..f340ac206ae 100644 --- a/2021/38xxx/CVE-2021-38335.json +++ b/2021/38xxx/CVE-2021-38335.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "AKA": "Wordfence", + "ASSIGNER": "security@wordfence.com", + "DATE_PUBLIC": "2021-09-09T16:20:00.000Z", "ID": "CVE-2021-38335", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Wise Agent Capture Forms <= 1.0 Reflected Cross-Site Scripting" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Wise Agent Capture Forms ", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.0", + "version_value": "1.0" + } + ] + } + } + ] + }, + "vendor_name": "Wise Agent Capture Forms " + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "p7e4" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Wise Agent Capture Forms WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[\"PHP_SELF\"] value in the ~/WiseAgentCaptureForm.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38335", + "name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38335" + }, + { + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/browser/wiseagentleadform/tags/2.0/WiseAgentCaptureForm.php#L44", + "name": "https://plugins.trac.wordpress.org/browser/wiseagentleadform/tags/2.0/WiseAgentCaptureForm.php#L44" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Uninstall plugin from WordPress site." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38336.json b/2021/38xxx/CVE-2021-38336.json index 3f9660e5893..8a5e239884b 100644 --- a/2021/38xxx/CVE-2021-38336.json +++ b/2021/38xxx/CVE-2021-38336.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "AKA": "Wordfence", + "ASSIGNER": "security@wordfence.com", + "DATE_PUBLIC": "2021-09-09T16:20:00.000Z", "ID": "CVE-2021-38336", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Edit Comments XT <= 1.0 Reflected Cross-Site Scripting" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Edit Comments XT ", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.0", + "version_value": "1.0" + } + ] + } + } + ] + }, + "vendor_name": "Edit Comments XT" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "p7e4" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Edit Comments XT WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[\"PHP_SELF\"] value in the ~/edit-comments-xt.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38336", + "name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38336" + }, + { + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/browser/edit-comments-xt/tags/1.0/edit-comments-xt.php#L249", + "name": "https://plugins.trac.wordpress.org/browser/edit-comments-xt/tags/1.0/edit-comments-xt.php#L249" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Uninstall plugin from WordPress site." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38337.json b/2021/38xxx/CVE-2021-38337.json index 4fab24289b4..32805ca5e41 100644 --- a/2021/38xxx/CVE-2021-38337.json +++ b/2021/38xxx/CVE-2021-38337.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "AKA": "Wordfence", + "ASSIGNER": "security@wordfence.com", + "DATE_PUBLIC": "2021-09-09T16:20:00.000Z", "ID": "CVE-2021-38337", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "RSVPMaker Excel <= 1.1 Reflected Cross-Site Scripting" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "RSVPMaker Excel ", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.1", + "version_value": "1.1" + } + ] + } + } + ] + }, + "vendor_name": "RSVPMaker Excel " + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "p7e4" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The RSVPMaker Excel WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[\"PHP_SELF\"] value in the ~/phpexcel/PHPExcel/Shared/JAMA/docs/download.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.1." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38337", + "name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38337" + }, + { + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/browser/rsvpmaker-excel/tags/1.2/phpexcel/PHPExcel/Shared/JAMA/docs/download.php#L61", + "name": "https://plugins.trac.wordpress.org/browser/rsvpmaker-excel/tags/1.2/phpexcel/PHPExcel/Shared/JAMA/docs/download.php#L61" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Uninstall plugin from WordPress site." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38338.json b/2021/38xxx/CVE-2021-38338.json index ac28f0fea4b..354834dcd31 100644 --- a/2021/38xxx/CVE-2021-38338.json +++ b/2021/38xxx/CVE-2021-38338.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "AKA": "Wordfence", + "ASSIGNER": "security@wordfence.com", + "DATE_PUBLIC": "2021-09-09T16:20:00.000Z", "ID": "CVE-2021-38338", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Border Loading Bar <= 1.0.1 Reflected Cross-Site Scripting" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Border Loading Bar", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.0.1", + "version_value": "1.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Border Loading Bar" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "p7e4" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Border Loading Bar WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the `f` and `t` parameter found in the ~/titan-framework/iframe-googlefont-preview.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.1." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38338", + "name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38338" + }, + { + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/browser/border-loading-bar/trunk/titan-framework/iframe-googlefont-preview.php#L39", + "name": "https://plugins.trac.wordpress.org/browser/border-loading-bar/trunk/titan-framework/iframe-googlefont-preview.php#L39" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Uninstall plugin from WordPress site." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38339.json b/2021/38xxx/CVE-2021-38339.json index 0e25aa323a6..9b658e2149b 100644 --- a/2021/38xxx/CVE-2021-38339.json +++ b/2021/38xxx/CVE-2021-38339.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "AKA": "Wordfence", + "ASSIGNER": "security@wordfence.com", + "DATE_PUBLIC": "2021-09-09T16:20:00.000Z", "ID": "CVE-2021-38339", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Simple Matted Thumbnails <= 1.01 Reflected Cross-Site Scripting" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Simple Matted Thumbnails ", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.01", + "version_value": "1.01" + } + ] + } + } + ] + }, + "vendor_name": "Simple Matted Thumbnails " + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "p7e4" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Simple Matted Thumbnails WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[\"PHP_SELF\"] value in the ~/simple-matted-thumbnail.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.01." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38339", + "name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38339" + }, + { + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/browser/simple-matted-thumbnails/tags/1.01/simple-matted-thumbnail.php#L122", + "name": "https://plugins.trac.wordpress.org/browser/simple-matted-thumbnails/tags/1.01/simple-matted-thumbnail.php#L122" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Uninstall plugin from WordPress site." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38340.json b/2021/38xxx/CVE-2021-38340.json index fee28a62700..89eb3a6e232 100644 --- a/2021/38xxx/CVE-2021-38340.json +++ b/2021/38xxx/CVE-2021-38340.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "AKA": "Wordfence", + "ASSIGNER": "security@wordfence.com", + "DATE_PUBLIC": "2021-09-09T16:20:00.000Z", "ID": "CVE-2021-38340", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Wordpress Simple Shop <= 1.2 Reflected Cross-Site Scripting" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Wordpress Simple Shop ", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.2", + "version_value": "1.2" + } + ] + } + } + ] + }, + "vendor_name": "Wordpress Simple Shop " + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "p7e4" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Wordpress Simple Shop WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the update_row parameter found in the ~/includes/add_product.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38340", + "name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38340" + }, + { + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/browser/webful-simple-grocery-shop/trunk/includes/add_product.php#L80", + "name": "https://plugins.trac.wordpress.org/browser/webful-simple-grocery-shop/trunk/includes/add_product.php#L80" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Uninstall plugin from WordPress site." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38341.json b/2021/38xxx/CVE-2021-38341.json index c72ae23445e..4945c404265 100644 --- a/2021/38xxx/CVE-2021-38341.json +++ b/2021/38xxx/CVE-2021-38341.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "AKA": "Wordfence", + "ASSIGNER": "security@wordfence.com", + "DATE_PUBLIC": "2021-09-09T16:20:00.000Z", "ID": "CVE-2021-38341", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WooCommerce Payment Gateway Per Category <= 2.0.10 Reflected Cross-Site Scripting" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WooCommerce Payment Gateway Per Category", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "2.0.10 ", + "version_value": "2.0.10 " + } + ] + } + } + ] + }, + "vendor_name": "WooCommerce Payment Gateway Per Category" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "p7e4" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WooCommerce Payment Gateway Per Category WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[\"PHP_SELF\"] value in the ~/includes/plugin_settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.10." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38341", + "name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38341" + }, + { + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/browser/wc-payment-gateway-per-category/tags/2.0.10/includes/plugin_settings.php#L31", + "name": "https://plugins.trac.wordpress.org/browser/wc-payment-gateway-per-category/tags/2.0.10/includes/plugin_settings.php#L31" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Uninstall plugin from WordPress site." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38347.json b/2021/38xxx/CVE-2021-38347.json index e9e7849bc02..2dcc6b82063 100644 --- a/2021/38xxx/CVE-2021-38347.json +++ b/2021/38xxx/CVE-2021-38347.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "AKA": "Wordfence", + "ASSIGNER": "security@wordfence.com", + "DATE_PUBLIC": "2021-09-09T16:20:00.000Z", "ID": "CVE-2021-38347", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Custom Website Data <= 2.2 Reflected Cross-Site Scripting" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Custom Website Data", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "2.2", + "version_value": "2.2 " + } + ] + } + } + ] + }, + "vendor_name": "Custom Website Data" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "p7e4" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Custom Website Data WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter found in the ~/views/edit.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.2." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38347", + "name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38347" + }, + { + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/browser/simple-custom-website-data/tags/2.2/views/edit.php#L30", + "name": "https://plugins.trac.wordpress.org/browser/simple-custom-website-data/tags/2.2/views/edit.php#L30" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Uninstall plugin from WordPress site." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38348.json b/2021/38xxx/CVE-2021-38348.json index a07ce7d8c80..36c1d2227d9 100644 --- a/2021/38xxx/CVE-2021-38348.json +++ b/2021/38xxx/CVE-2021-38348.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "AKA": "Wordfence", + "ASSIGNER": "security@wordfence.com", + "DATE_PUBLIC": "2021-09-09T16:20:00.000Z", "ID": "CVE-2021-38348", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Advance Search <= 1.1.2 Reflected Cross-Site Scripting" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Advance Search", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.1.2", + "version_value": "1.1.2" + } + ] + } + } + ] + }, + "vendor_name": "Advance Search" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "p7e4" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Advance Search WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the wpas_id parameter found in the ~/inc/admin/views/html-advance-search-admin-options.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.1.2." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38348", + "name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38348" + }, + { + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/browser/advance-search/trunk/inc/admin/views/html-advance-search-admin-options.php#L88", + "name": "https://plugins.trac.wordpress.org/browser/advance-search/trunk/inc/admin/views/html-advance-search-admin-options.php#L88" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Uninstall plugin from WordPress site." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38349.json b/2021/38xxx/CVE-2021-38349.json index 754de8ded9d..ffd26a56f73 100644 --- a/2021/38xxx/CVE-2021-38349.json +++ b/2021/38xxx/CVE-2021-38349.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "AKA": "Wordfence", + "ASSIGNER": "security@wordfence.com", + "DATE_PUBLIC": "2021-09-09T16:20:00.000Z", "ID": "CVE-2021-38349", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Integration of Moneybird for WooCommerce <= 2.1.1 Reflected Cross-Site Scripting" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Integration of Moneybird for WooCommerce ", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "2.1.1", + "version_value": "2.1.1" + } + ] + } + } + ] + }, + "vendor_name": "Integration of Moneybird for WooCommerce " + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "p7e4" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Integration of Moneybird for WooCommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the error_description parameter found in the ~/templates/wcmb-admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.1." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38349", + "name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38349" + }, + { + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/browser/woo-moneybird/tags/2.1.1/templates/wcmb-admin.php#L8", + "name": "https://plugins.trac.wordpress.org/browser/woo-moneybird/tags/2.1.1/templates/wcmb-admin.php#L8" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Uninstall plugin from WordPress site." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38350.json b/2021/38xxx/CVE-2021-38350.json index 19dfd077204..3f5e37955d7 100644 --- a/2021/38xxx/CVE-2021-38350.json +++ b/2021/38xxx/CVE-2021-38350.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "AKA": "Wordfence", + "ASSIGNER": "security@wordfence.com", + "DATE_PUBLIC": "2021-09-09T16:20:00.000Z", "ID": "CVE-2021-38350", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "spideranalyse <= 0.0.1 Reflected Cross-Site Scripting" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "spideranalyse", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0.0.1 ", + "version_value": "0.0.1 " + } + ] + } + } + ] + }, + "vendor_name": "spideranalyse" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "p7e4" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The spideranalyse WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the date parameter found in the ~/analyse/index.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.0.1." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38350", + "name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38350" + }, + { + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/browser/spideranalyse/trunk/analyse/index.php#L33", + "name": "https://plugins.trac.wordpress.org/browser/spideranalyse/trunk/analyse/index.php#L33" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Uninstall plugin from WordPress site." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38351.json b/2021/38xxx/CVE-2021-38351.json index 3023c8fc877..fc7b08d90c9 100644 --- a/2021/38xxx/CVE-2021-38351.json +++ b/2021/38xxx/CVE-2021-38351.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "AKA": "Wordfence", + "ASSIGNER": "security@wordfence.com", + "DATE_PUBLIC": "2021-09-09T16:20:00.000Z", "ID": "CVE-2021-38351", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "OSD Subscribe <= 1.2.3 Reflected Cross-Site Scripting" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "OSD Subscribe", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.2.3", + "version_value": "1.2.3" + } + ] + } + } + ] + }, + "vendor_name": "OSD Subscribe" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "p7e4" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The OSD Subscribe WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the osd_subscribe_message parameter found in the ~/options/osd_subscribe_options_subscribers.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.3." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38351", + "name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38351" + }, + { + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/browser/osd-subscribe/tags/1.2.3/options/osd_subscribe_options_subscribers.php#L86", + "name": "https://plugins.trac.wordpress.org/browser/osd-subscribe/tags/1.2.3/options/osd_subscribe_options_subscribers.php#L86" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Uninstall plugin from WordPress site." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38352.json b/2021/38xxx/CVE-2021-38352.json index 46b98c41fc5..b842cd4088c 100644 --- a/2021/38xxx/CVE-2021-38352.json +++ b/2021/38xxx/CVE-2021-38352.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "AKA": "Wordfence", + "ASSIGNER": "security@wordfence.com", + "DATE_PUBLIC": "2021-09-09T16:20:00.000Z", "ID": "CVE-2021-38352", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Feedify \u2013 Web Push Notifications <= 2.1.8 Reflected Cross-Site Scripting" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Feedify \u2013 Web Push Notifications", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "2.1.8", + "version_value": "2.1.8" + } + ] + } + } + ] + }, + "vendor_name": "Feedify \u2013 Web Push Notifications" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "p7e4" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Feedify \u2013 Web Push Notifications WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the feedify_msg parameter found in the ~/includes/base.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.8." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38352", + "name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38352" + }, + { + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/browser/push-notification-by-feedify/tags/2.1.1/includes/base.php#L199", + "name": "https://plugins.trac.wordpress.org/browser/push-notification-by-feedify/tags/2.1.1/includes/base.php#L199" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Uninstall plugin from WordPress site." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38353.json b/2021/38xxx/CVE-2021-38353.json index f53bb746d71..bb15aabdc0c 100644 --- a/2021/38xxx/CVE-2021-38353.json +++ b/2021/38xxx/CVE-2021-38353.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "AKA": "Wordfence", + "ASSIGNER": "security@wordfence.com", + "DATE_PUBLIC": "2021-09-09T16:20:00.000Z", "ID": "CVE-2021-38353", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Dropdown and scrollable Text <= 2.0 Reflected Cross-Site Scripting" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Dropdown and scrollable Text", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "2.0", + "version_value": "2.0" + } + ] + } + } + ] + }, + "vendor_name": "Dropdown and scrollable Text" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "p7e4" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Dropdown and scrollable Text WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the content parameter found in the ~/index.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38353", + "name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38353" + }, + { + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/browser/dropdown-and-scrollable-text/trunk/index.php?rev=2307131#L176", + "name": "https://plugins.trac.wordpress.org/browser/dropdown-and-scrollable-text/trunk/index.php?rev=2307131#L176" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Uninstall plugin from WordPress site." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38354.json b/2021/38xxx/CVE-2021-38354.json index 108c8f7e296..bf5246a782f 100644 --- a/2021/38xxx/CVE-2021-38354.json +++ b/2021/38xxx/CVE-2021-38354.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "AKA": "Wordfence", + "ASSIGNER": "security@wordfence.com", + "DATE_PUBLIC": "2021-09-09T16:20:00.000Z", "ID": "CVE-2021-38354", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "GNU-Mailman Integration <= 1.0.6 Reflected Cross-Site Scripting" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GNU-Mailman Integration ", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.0.6", + "version_value": "1.0.6" + } + ] + } + } + ] + }, + "vendor_name": "GNU-Mailman Integration " + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "p7e4" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The GNU-Mailman Integration WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the gm_error parameter found in the ~/includes/admin/mailing-lists-page.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.6." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38354", + "name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38354" + }, + { + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/browser/gnu-mailman-integration/trunk/includes/admin/mailing-lists-page.php?rev=859898#L34", + "name": "https://plugins.trac.wordpress.org/browser/gnu-mailman-integration/trunk/includes/admin/mailing-lists-page.php?rev=859898#L34" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Uninstall plugin from WordPress site." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38355.json b/2021/38xxx/CVE-2021-38355.json index a97e4e3201a..bce0bd8821d 100644 --- a/2021/38xxx/CVE-2021-38355.json +++ b/2021/38xxx/CVE-2021-38355.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "AKA": "Wordfence", + "ASSIGNER": "security@wordfence.com", + "DATE_PUBLIC": "2021-09-09T16:20:00.000Z", "ID": "CVE-2021-38355", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Bug Library <= 2.0.3 Reflected Cross-Site Scripting" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Bug Library", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "2.0.3", + "version_value": "2.0.3" + } + ] + } + } + ] + }, + "vendor_name": "Bug Library" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "p7e4" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Bug Library WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the successimportcount parameter found in the ~/bug-library.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.3." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38355", + "name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38355" + }, + { + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/browser/bug-library/trunk/bug-library.php?rev=2571533#L1358", + "name": "https://plugins.trac.wordpress.org/browser/bug-library/trunk/bug-library.php?rev=2571533#L1358" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Uninstall plugin from WordPress site." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38357.json b/2021/38xxx/CVE-2021-38357.json index 4262123fd24..aae675faca0 100644 --- a/2021/38xxx/CVE-2021-38357.json +++ b/2021/38xxx/CVE-2021-38357.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "AKA": "Wordfence", + "ASSIGNER": "security@wordfence.com", + "DATE_PUBLIC": "2021-09-09T16:20:00.000Z", "ID": "CVE-2021-38357", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "SMS OVH <= 0.1 Reflected Cross-Site Scripting" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SMS OVH ", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0.1", + "version_value": "0.1" + } + ] + } + } + ] + }, + "vendor_name": "SMS OVH " + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "p7e4" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The SMS OVH WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the position parameter found in the ~/sms-ovh-sent.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.1." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38357", + "name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38357" + }, + { + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/browser/sms-ovh/trunk/sms-ovh-sent.php#L44", + "name": "https://plugins.trac.wordpress.org/browser/sms-ovh/trunk/sms-ovh-sent.php#L44" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Uninstall plugin from WordPress site." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38358.json b/2021/38xxx/CVE-2021-38358.json index 26131f812cd..dd1a09facea 100644 --- a/2021/38xxx/CVE-2021-38358.json +++ b/2021/38xxx/CVE-2021-38358.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "AKA": "Wordfence", + "ASSIGNER": "security@wordfence.com", + "DATE_PUBLIC": "2021-09-09T16:20:00.000Z", "ID": "CVE-2021-38358", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "MoolaMojo <= 0.7.4.1 Reflected Cross-Site Scripting" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MoolaMojo", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0.7.4.1 ", + "version_value": "0.7.4.1 " + } + ] + } + } + ] + }, + "vendor_name": "MoolaMojo" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "p7e4" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The MoolaMojo WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the classes parameter found in the ~/views/button-generator.html.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.7.4.1." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38358", + "name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38358" + }, + { + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/browser/moolamojo/trunk/views/button-generator.html.php#L16", + "name": "https://plugins.trac.wordpress.org/browser/moolamojo/trunk/views/button-generator.html.php#L16" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Uninstall plugin from WordPress site." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38359.json b/2021/38xxx/CVE-2021-38359.json index 2259cb7e3ef..6bef49744bf 100644 --- a/2021/38xxx/CVE-2021-38359.json +++ b/2021/38xxx/CVE-2021-38359.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "AKA": "Wordfence", + "ASSIGNER": "security@wordfence.com", + "DATE_PUBLIC": "2021-09-09T16:20:00.000Z", "ID": "CVE-2021-38359", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WordPress InviteBox Plugin <= 1.4.1 Reflected Cross-Site Scripting" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WordPress InviteBox Plugin", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.4.1", + "version_value": "1.4.1" + } + ] + } + } + ] + }, + "vendor_name": "WordPress InviteBox Plugin" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "p7e4" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WordPress InviteBox Plugin for viral Refer-a-Friend Promotions WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the message parameter found in the ~/admin/admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4.1." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38359", + "name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38359" + }, + { + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/browser/refer-a-friend-widget-for-wp/tags/1.4.1/admin/admin.php#L75", + "name": "https://plugins.trac.wordpress.org/browser/refer-a-friend-widget-for-wp/tags/1.4.1/admin/admin.php#L75" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Uninstall plugin from WordPress site." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38360.json b/2021/38xxx/CVE-2021-38360.json index d83ecdf0572..6d279be40a2 100644 --- a/2021/38xxx/CVE-2021-38360.json +++ b/2021/38xxx/CVE-2021-38360.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "AKA": "Wordfence", + "ASSIGNER": "security@wordfence.com", + "DATE_PUBLIC": "2021-09-09T16:20:00.000Z", "ID": "CVE-2021-38360", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "wp-publications <= 0.0 Local File Include" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "wp-publications ", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0.0", + "version_value": "0.0" + } + ] + } + } + ] + }, + "vendor_name": "wp-publications " + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "p7e4" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The wp-publications WordPress plugin is vulnerable to restrictive local file inclusion via the Q_FILE parameter found in the ~/bibtexbrowser.php file which allows attackers to include local zip files and achieve remote code execution, in versions up to and including 0.0." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 8.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38360", + "name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38360" + }, + { + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/browser/wp-publications/trunk/bibtexbrowser.php?rev=1830330#L49", + "name": "https://plugins.trac.wordpress.org/browser/wp-publications/trunk/bibtexbrowser.php?rev=1830330#L49" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Uninstall plugin from WordPress site." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39371.json b/2021/39xxx/CVE-2021-39371.json index 914b76411bd..2854b677d8f 100644 --- a/2021/39xxx/CVE-2021-39371.json +++ b/2021/39xxx/CVE-2021-39371.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An XML external entity (XXE) injection in PyWPS before 4.5.0 allows an attacker to view files on the application server filesystem by assigning a path to the entity. OWSLib 0.24.1 may also be affected." + "value": "An XML external entity (XXE) injection in PyWPS before 4.4.5 allows an attacker to view files on the application server filesystem by assigning a path to the entity. OWSLib 0.24.1 may also be affected." } ] }, diff --git a/2021/40xxx/CVE-2021-40346.json b/2021/40xxx/CVE-2021-40346.json index 7c7bc9bb1ab..7af03673613 100644 --- a/2021/40xxx/CVE-2021-40346.json +++ b/2021/40xxx/CVE-2021-40346.json @@ -81,6 +81,11 @@ "refsource": "MISC", "name": "https://github.com/haproxy/haproxy/commit/3b69886f7dcc3cfb3d166309018e6cfec9ce2c95", "url": "https://github.com/haproxy/haproxy/commit/3b69886f7dcc3cfb3d166309018e6cfec9ce2c95" + }, + { + "refsource": "MLIST", + "name": "[cloudstack-dev] 20210910 CVE-2021-40346 (haproxy 2.x)", + "url": "https://lists.apache.org/thread.html/r284567dd7523f5823e2ce995f787ccd37b1cc4108779c50a97c79120@%3Cdev.cloudstack.apache.org%3E" } ] } diff --git a/2021/40xxx/CVE-2021-40373.json b/2021/40xxx/CVE-2021-40373.json index 30f63131fcc..be107e44b01 100644 --- a/2021/40xxx/CVE-2021-40373.json +++ b/2021/40xxx/CVE-2021-40373.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-40373", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-40373", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP code at the #tabs-information-page of core_main_config, and then executing that code via the index.php?app=main&inc=core_welcome URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/maikroservice/CVE-2021-40373", + "url": "https://github.com/maikroservice/CVE-2021-40373" + }, + { + "refsource": "CONFIRM", + "name": "https://playsms.org/2021/09/04/playsms-1-4-5-released/", + "url": "https://playsms.org/2021/09/04/playsms-1-4-5-released/" } ] }