admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-08 11:37:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

Adds CVEs

Browse Source
This commit is contained in:
erwanlr 2022-03-21 19:42:09 +01:00
parent 3f9dd260f9
commit 93ad261d16
18 changed files with 1326 additions and 325 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
2021/24xxx/CVE-2021-24761.json
View File

@ -1,73 +1,75 @@
{ {
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2021-24761", "ID": "CVE-2021-24761",
"ASSIGNER": "contact@wpscan.com", "ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC", "STATE": "PUBLIC",
"TITLE": "Error Log Viewer <= 1.1.1 - Arbitrary Text File Deletion via CSRF" "TITLE": "Error Log Viewer < 1.1.2 - Arbitrary Text File Deletion via CSRF"
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
"data_version": "4.0", "data_version": "4.0",
"generator": "WPScan CVE Generator", "generator": "WPScan CVE Generator",
"affects": { "affects": {
"vendor": { "vendor": {
"vendor_data": [ "vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Error Log Viewer WordPress plugin through 1.1.1 does not perform nonce check when deleting a log file and does not have path traversal prevention, which could allow attackers to make a logged in admin delete arbitrary text files on the web server."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/c14e1ba6-fc00-4150-b541-0d6740fee4d2",
"name": "https://wpscan.com/vulnerability/c14e1ba6-fc00-4150-b541-0d6740fee4d2"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"credit": [
{ {
"lang": "eng", "vendor_name": "Unknown",
"value": "apple502j" "product": {
"product_data": [
{
"product_name": "Error Log Viewer by BestWebSoft",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.1.2",
"version_value": "1.1.2"
}
]
}
}
]
}
} }
], ]
"source": {
"discovery": "EXTERNAL"
} }
} },
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Error Log Viewer WordPress plugin before 1.1.2 does not perform nonce check when deleting a log file and does not have path traversal prevention, which could allow attackers to make a logged in admin delete arbitrary text files on the web server."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/c14e1ba6-fc00-4150-b541-0d6740fee4d2",
"name": "https://wpscan.com/vulnerability/c14e1ba6-fc00-4150-b541-0d6740fee4d2"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "apple502j"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

87
2021/24xxx/CVE-2021-24905.json
View File

@ -1,18 +1,75 @@
{ {
"data_type": "CVE", "CVE_data_meta": {
"data_format": "MITRE", "ID": "CVE-2021-24905",
"data_version": "4.0", "ASSIGNER": "contact@wpscan.com",
"CVE_data_meta": { "STATE": "PUBLIC",
"ID": "CVE-2021-24905", "TITLE": "Advanced Contact form 7 DB < 1.8.7 - Subscriber+ Arbitrary File Deletion"
"ASSIGNER": "cve@mitre.org", },
"STATE": "RESERVED" "data_format": "MITRE",
}, "data_type": "CVE",
"description": { "data_version": "4.0",
"description_data": [ "generator": "WPScan CVE Generator",
{ "affects": {
"lang": "eng", "vendor": {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "vendor_data": [
} {
] "vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Advanced Contact form 7 DB",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.8.7",
"version_value": "1.8.7"
}
]
}
}
]
}
}
]
} }
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Advanced Contact form 7 DB WordPress plugin before 1.8.7 does not have authorisation nor CSRF checks in the acf7_db_edit_scr_file_delete AJAX action, and does not validate the file to be deleted, allowing any authenticated user to delete arbitrary files on the web server. For example, removing the wp-config.php allows attackers to trigger WordPress setup again, gain administrator privileges and execute arbitrary code or display arbitrary content to the users."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/cf022415-6614-4b95-913b-802186766ae6",
"name": "https://wpscan.com/vulnerability/cf022415-6614-4b95-913b-802186766ae6"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-284 Improper Access Control",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Krzysztof Zając"
}
],
"source": {
"discovery": "EXTERNAL"
}
} }

87
2021/25xxx/CVE-2021-25019.json
View File

@ -1,18 +1,75 @@
{ {
"data_type": "CVE", "CVE_data_meta": {
"data_format": "MITRE", "ID": "CVE-2021-25019",
"data_version": "4.0", "ASSIGNER": "contact@wpscan.com",
"CVE_data_meta": { "STATE": "PUBLIC",
"ID": "CVE-2021-25019", "TITLE": "SEO Plugin by Squirrly SEO < 11.1.12 - Reflected Cross-Site Scripting"
"ASSIGNER": "cve@mitre.org", },
"STATE": "RESERVED" "data_format": "MITRE",
}, "data_type": "CVE",
"description": { "data_version": "4.0",
"description_data": [ "generator": "WPScan CVE Generator",
{ "affects": {
"lang": "eng", "vendor": {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "vendor_data": [
} {
] "vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "SEO Plugin by Squirrly SEO",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "11.1.12",
"version_value": "11.1.12"
}
]
}
}
]
}
}
]
} }
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SEO Plugin by Squirrly SEO WordPress plugin before 11.1.12 does not escape the type parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/cea0ce4b-886a-47cc-8653-a297e9759d09",
"name": "https://wpscan.com/vulnerability/cea0ce4b-886a-47cc-8653-a297e9759d09"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Krzysztof Zając"
}
],
"source": {
"discovery": "EXTERNAL"
}
} }

87
2022/0xxx/CVE-2022-0229.json
View File

@ -1,18 +1,75 @@
{ {
"data_type": "CVE", "CVE_data_meta": {
"data_format": "MITRE", "ID": "CVE-2022-0229",
"data_version": "4.0", "ASSIGNER": "contact@wpscan.com",
"CVE_data_meta": { "STATE": "PUBLIC",
"ID": "CVE-2022-0229", "TITLE": "miniOrange's Google Authenticator < 5.5 - Unauthenticated Arbitrary Options Deletion"
"ASSIGNER": "cve@mitre.org", },
"STATE": "RESERVED" "data_format": "MITRE",
}, "data_type": "CVE",
"description": { "data_version": "4.0",
"description_data": [ "generator": "WPScan CVE Generator",
{ "affects": {
"lang": "eng", "vendor": {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "vendor_data": [
} {
] "vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "miniOrange's Google Authenticator WordPress Two Factor Authentication (2FA , MFA, OTP SMS and Email) | Passwordless login",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.5",
"version_value": "5.5"
}
]
}
}
]
}
}
]
} }
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The miniOrange's Google Authenticator WordPress plugin before 5.5 does not have proper authorisation and CSRF checks when handling the reconfigureMethod, and does not validate the parameters passed to it properly. As a result, unauthenticated users could delete arbitrary options from the blog, making it unusable."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/d70c5335-4c01-448d-85fc-f8e75b104351",
"name": "https://wpscan.com/vulnerability/d70c5335-4c01-448d-85fc-f8e75b104351"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-862 Missing Authorization",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Krzysztof Zając"
}
],
"source": {
"discovery": "EXTERNAL"
}
} }

87
2022/0xxx/CVE-2022-0364.json
View File

@ -1,18 +1,75 @@
{ {
"data_type": "CVE", "CVE_data_meta": {
"data_format": "MITRE", "ID": "CVE-2022-0364",
"data_version": "4.0", "ASSIGNER": "contact@wpscan.com",
"CVE_data_meta": { "STATE": "PUBLIC",
"ID": "CVE-2022-0364", "TITLE": "Modern Events Calendar Lite < 6.4.0 - Contributor+ Stored Cross Site Scripting"
"ASSIGNER": "cve@mitre.org", },
"STATE": "RESERVED" "data_format": "MITRE",
}, "data_type": "CVE",
"description": { "data_version": "4.0",
"description_data": [ "generator": "WPScan CVE Generator",
{ "affects": {
"lang": "eng", "vendor": {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "vendor_data": [
} {
] "vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Modern Events Calendar Lite",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "6.4.0",
"version_value": "6.4.0"
}
]
}
}
]
}
}
]
} }
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Modern Events Calendar Lite WordPress plugin before 6.4.0 does not sanitize and escape some of the Hourly Schedule parameters which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/0eb40cd5-838e-4b53-994d-22cf7c8a6c50",
"name": "https://wpscan.com/vulnerability/0eb40cd5-838e-4b53-994d-22cf7c8a6c50"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Rohan Chaudhari"
}
],
"source": {
"discovery": "EXTERNAL"
}
} }

87
2022/0xxx/CVE-2022-0423.json
View File

@ -1,18 +1,75 @@
{ {
"data_type": "CVE", "CVE_data_meta": {
"data_format": "MITRE", "ID": "CVE-2022-0423",
"data_version": "4.0", "ASSIGNER": "contact@wpscan.com",
"CVE_data_meta": { "STATE": "PUBLIC",
"ID": "CVE-2022-0423", "TITLE": "3D FlipBook < 1.12.1 - Subscriber+ Stored Cross-Site Scripting"
"ASSIGNER": "cve@mitre.org", },
"STATE": "RESERVED" "data_format": "MITRE",
}, "data_type": "CVE",
"description": { "data_version": "4.0",
"description_data": [ "generator": "WPScan CVE Generator",
{ "affects": {
"lang": "eng", "vendor": {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "vendor_data": [
} {
] "vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "3D FlipBook PDF Flipbook Viewer, Flipbook Image Gallery",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.12.1",
"version_value": "1.12.1"
}
]
}
}
]
}
}
]
} }
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The 3D FlipBook WordPress plugin before 1.12.1 does not have authorisation and CSRF checks when updating its settings, and does not have any sanitisation/escaping, allowing any authenticated users, such as subscriber to put Cross-Site Scripting payloads in all pages with a 3d flipbook."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/7dde0b9d-9b86-4961-b005-a11b6ffba952",
"name": "https://wpscan.com/vulnerability/7dde0b9d-9b86-4961-b005-a11b6ffba952"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Krzysztof Zając"
}
],
"source": {
"discovery": "EXTERNAL"
}
} }

87
2022/0xxx/CVE-2022-0590.json
View File

@ -1,18 +1,75 @@
{ {
"data_type": "CVE", "CVE_data_meta": {
"data_format": "MITRE", "ID": "CVE-2022-0590",
"data_version": "4.0", "ASSIGNER": "contact@wpscan.com",
"CVE_data_meta": { "STATE": "PUBLIC",
"ID": "CVE-2022-0590", "TITLE": "BulletProof Security < 5.8 - Admin+ Stored Cross-Site Scripting (XSS)"
"ASSIGNER": "cve@mitre.org", },
"STATE": "RESERVED" "data_format": "MITRE",
}, "data_type": "CVE",
"description": { "data_version": "4.0",
"description_data": [ "generator": "WPScan CVE Generator",
{ "affects": {
"lang": "eng", "vendor": {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "vendor_data": [
} {
] "vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "BulletProof Security",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.8",
"version_value": "5.8"
}
]
}
}
]
}
}
]
} }
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The BulletProof Security WordPress plugin before 5.8 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/08b66b69-3c69-4a1e-9c0a-5697e31bc04e",
"name": "https://wpscan.com/vulnerability/08b66b69-3c69-4a1e-9c0a-5697e31bc04e"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Mika"
}
],
"source": {
"discovery": "EXTERNAL"
}
} }

87
2022/0xxx/CVE-2022-0591.json
View File

@ -1,18 +1,75 @@
{ {
"data_type": "CVE", "CVE_data_meta": {
"data_format": "MITRE", "ID": "CVE-2022-0591",
"data_version": "4.0", "ASSIGNER": "contact@wpscan.com",
"CVE_data_meta": { "STATE": "PUBLIC",
"ID": "CVE-2022-0591", "TITLE": "Formcraft3 < 3.8.28 - Unauthenticated SSRF"
"ASSIGNER": "cve@mitre.org", },
"STATE": "RESERVED" "data_format": "MITRE",
}, "data_type": "CVE",
"description": { "data_version": "4.0",
"description_data": [ "generator": "WPScan CVE Generator",
{ "affects": {
"lang": "eng", "vendor": {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "vendor_data": [
} {
] "vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "FormCraft",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.8.28",
"version_value": "3.8.28"
}
]
}
}
]
}
}
]
} }
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FormCraft WordPress plugin before 3.8.28 does not validate the URL parameter in the formcraft3_get AJAX action, leading to SSRF issues exploitable by unauthenticated users"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/b5303e63-d640-4178-9237-d0f524b13d47",
"name": "https://wpscan.com/vulnerability/b5303e63-d640-4178-9237-d0f524b13d47"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Brandon James Roldan"
}
],
"source": {
"discovery": "EXTERNAL"
}
} }

87
2022/0xxx/CVE-2022-0616.json
View File

@ -1,18 +1,75 @@
{ {
"data_type": "CVE", "CVE_data_meta": {
"data_format": "MITRE", "ID": "CVE-2022-0616",
"data_version": "4.0", "ASSIGNER": "contact@wpscan.com",
"CVE_data_meta": { "STATE": "PUBLIC",
"ID": "CVE-2022-0616", "TITLE": "Amelia < 1.0.46 - Arbitrary Customer Deletion via CSRF"
"ASSIGNER": "cve@mitre.org", },
"STATE": "RESERVED" "data_format": "MITRE",
}, "data_type": "CVE",
"description": { "data_version": "4.0",
"description_data": [ "generator": "WPScan CVE Generator",
{ "affects": {
"lang": "eng", "vendor": {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "vendor_data": [
} {
] "vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Amelia Events & Appointments Booking Calendar",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.0.47",
"version_value": "1.0.47"
}
]
}
}
]
}
}
]
} }
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Amelia WordPress plugin before 1.0.47 does not have CSRF check in place when deleting customers, which could allow attackers to make a logged in admin delete arbitrary customers via a CSRF attack"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/7c63d76e-34ca-4778-8784-437d446c16e0",
"name": "https://wpscan.com/vulnerability/7c63d76e-34ca-4778-8784-437d446c16e0"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Muhamad Hidayat"
}
],
"source": {
"discovery": "EXTERNAL"
}
} }

87
2022/0xxx/CVE-2022-0627.json
View File

@ -1,18 +1,75 @@
{ {
"data_type": "CVE", "CVE_data_meta": {
"data_format": "MITRE", "ID": "CVE-2022-0627",
"data_version": "4.0", "ASSIGNER": "contact@wpscan.com",
"CVE_data_meta": { "STATE": "PUBLIC",
"ID": "CVE-2022-0627", "TITLE": "Amelia < 1.0.46 - Reflected Cross-Site Scripting"
"ASSIGNER": "cve@mitre.org", },
"STATE": "RESERVED" "data_format": "MITRE",
}, "data_type": "CVE",
"description": { "data_version": "4.0",
"description_data": [ "generator": "WPScan CVE Generator",
{ "affects": {
"lang": "eng", "vendor": {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "vendor_data": [
} {
] "vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Amelia Events & Appointments Booking Calendar",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.0.47",
"version_value": "1.0.47"
}
]
}
}
]
}
}
]
} }
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Amelia WordPress plugin before 1.0.47 does not sanitize and escape the code parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/fd8c720a-a94a-438f-b686-3a734e3c24e4",
"name": "https://wpscan.com/vulnerability/fd8c720a-a94a-438f-b686-3a734e3c24e4"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ran Crane"
}
],
"source": {
"discovery": "EXTERNAL"
}
} }

94
2022/0xxx/CVE-2022-0628.json
View File

@ -1,18 +1,80 @@
{ {
"data_type": "CVE", "CVE_data_meta": {
"data_format": "MITRE", "ID": "CVE-2022-0628",
"data_version": "4.0", "ASSIGNER": "contact@wpscan.com",
"CVE_data_meta": { "STATE": "PUBLIC",
"ID": "CVE-2022-0628", "TITLE": "AP Mega Menu < 3.0.8 - Reflected Cross-Site Scripting"
"ASSIGNER": "cve@mitre.org", },
"STATE": "RESERVED" "data_format": "MITRE",
}, "data_type": "CVE",
"description": { "data_version": "4.0",
"description_data": [ "generator": "WPScan CVE Generator",
{ "affects": {
"lang": "eng", "vendor": {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "vendor_data": [
} {
] "vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Mega Menu Plugin for WordPress AP Mega Menu",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.0.8",
"version_value": "3.0.8"
}
]
}
}
]
}
}
]
} }
} },
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Mega Menu WordPress plugin before 3.0.8 does not sanitize and escape the _wpnonce parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/af9787ee-c496-4f02-a22c-c8f8a97ad902",
"name": "https://wpscan.com/vulnerability/af9787ee-c496-4f02-a22c-c8f8a97ad902"
},
{
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2684307",
"name": "https://plugins.trac.wordpress.org/changeset/2684307"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ran Crane"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

92
2022/0xxx/CVE-2022-0640.json
View File

@ -1,18 +1,80 @@
{ {
"data_type": "CVE", "CVE_data_meta": {
"data_format": "MITRE", "ID": "CVE-2022-0640",
"data_version": "4.0", "ASSIGNER": "contact@wpscan.com",
"CVE_data_meta": { "STATE": "PUBLIC",
"ID": "CVE-2022-0640", "TITLE": "AP Pricing Tables Lite < 1.1.5 - Reflected Cross-Site Scripting"
"ASSIGNER": "cve@mitre.org", },
"STATE": "RESERVED" "data_format": "MITRE",
}, "data_type": "CVE",
"description": { "data_version": "4.0",
"description_data": [ "generator": "WPScan CVE Generator",
{ "affects": {
"lang": "eng", "vendor": {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "vendor_data": [
} {
] "vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Pricing Table Builder AP Pricing Tables Lite",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.1.5",
"version_value": "1.1.5"
}
]
}
}
]
}
}
]
} }
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Pricing Table Builder WordPress plugin before 1.1.5 does not sanitize and escape the postid parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/f8405e06-9cf3-4acb-aebb-e80fb402daa9",
"name": "https://wpscan.com/vulnerability/f8405e06-9cf3-4acb-aebb-e80fb402daa9"
},
{
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2684253",
"name": "https://plugins.trac.wordpress.org/changeset/2684253"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ran Crane"
}
],
"source": {
"discovery": "EXTERNAL"
}
} }

87
2022/0xxx/CVE-2022-0681.json
View File

@ -1,18 +1,75 @@
{ {
"data_type": "CVE", "CVE_data_meta": {
"data_format": "MITRE", "ID": "CVE-2022-0681",
"data_version": "4.0", "ASSIGNER": "contact@wpscan.com",
"CVE_data_meta": { "STATE": "PUBLIC",
"ID": "CVE-2022-0681", "TITLE": "Simple Membership < 4.1.0 - Arbitrary Transaction Deletion via CSRF"
"ASSIGNER": "cve@mitre.org", },
"STATE": "RESERVED" "data_format": "MITRE",
}, "data_type": "CVE",
"description": { "data_version": "4.0",
"description_data": [ "generator": "WPScan CVE Generator",
{ "affects": {
"lang": "eng", "vendor": {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "vendor_data": [
} {
] "vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Simple Membership",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4.1.0",
"version_value": "4.1.0"
}
]
}
}
]
}
}
]
} }
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Simple Membership WordPress plugin before 4.1.0 does not have CSRF check in place when deleting Transactions, which could allow attackers to make a logged in admin delete arbitrary transactions via a CSRF attack"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/c5765816-4439-4c14-a847-044248ada0ef",
"name": "https://wpscan.com/vulnerability/c5765816-4439-4c14-a847-044248ada0ef"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "muhamad hidayat"
}
],
"source": {
"discovery": "EXTERNAL"
}
} }

87
2022/0xxx/CVE-2022-0687.json
View File

@ -1,18 +1,75 @@
{ {
"data_type": "CVE", "CVE_data_meta": {
"data_format": "MITRE", "ID": "CVE-2022-0687",
"data_version": "4.0", "ASSIGNER": "contact@wpscan.com",
"CVE_data_meta": { "STATE": "PUBLIC",
"ID": "CVE-2022-0687", "TITLE": "Amelia < 1.0.46 - Manager+ RCE"
"ASSIGNER": "cve@mitre.org", },
"STATE": "RESERVED" "data_format": "MITRE",
}, "data_type": "CVE",
"description": { "data_version": "4.0",
"description_data": [ "generator": "WPScan CVE Generator",
{ "affects": {
"lang": "eng", "vendor": {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "vendor_data": [
} {
] "vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Amelia Events & Appointments Booking Calendar",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.0.47",
"version_value": "1.0.47"
}
]
}
}
]
}
}
]
} }
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Amelia WordPress plugin before 1.0.47 stores image blobs into actual files whose extension is controlled by the user, which may lead to PHP backdoors being uploaded onto the site. This vulnerability can be exploited by logged-in users with the custom \"Amelia Manager\" role."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/3cf05815-9b74-4491-a935-d69a0834146c",
"name": "https://wpscan.com/vulnerability/3cf05815-9b74-4491-a935-d69a0834146c"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-94 Improper Control of Generation of Code ('Code Injection')",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "qerogram"
}
],
"source": {
"discovery": "EXTERNAL"
}
} }

92
2022/0xxx/CVE-2022-0694.json
View File

@ -1,18 +1,80 @@
{ {
"data_type": "CVE", "CVE_data_meta": {
"data_format": "MITRE", "ID": "CVE-2022-0694",
"data_version": "4.0", "ASSIGNER": "contact@wpscan.com",
"CVE_data_meta": { "STATE": "PUBLIC",
"ID": "CVE-2022-0694", "TITLE": "Advanced Booking Calendar < 1.7.0 - Unauthenticated SQL Injection"
"ASSIGNER": "cve@mitre.org", },
"STATE": "RESERVED" "data_format": "MITRE",
}, "data_type": "CVE",
"description": { "data_version": "4.0",
"description_data": [ "generator": "WPScan CVE Generator",
{ "affects": {
"lang": "eng", "vendor": {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "vendor_data": [
} {
] "vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Advanced Booking Calendar",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.7.0",
"version_value": "1.7.0"
}
]
}
}
]
}
}
]
} }
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Advanced Booking Calendar WordPress plugin before 1.7.0 does not validate and escape the calendar parameter before using it in a SQL statement via the abc_booking_getSingleCalendar AJAX action (available to both unauthenticated and authenticated users), leading to an unauthenticated SQL injection"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/990d1b0a-dbd1-42d0-9a40-c345407c6fe0",
"name": "https://wpscan.com/vulnerability/990d1b0a-dbd1-42d0-9a40-c345407c6fe0"
},
{
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2682086",
"name": "https://plugins.trac.wordpress.org/changeset/2682086"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-89 SQL Injection",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "cydave"
}
],
"source": {
"discovery": "EXTERNAL"
}
} }

92
2022/0xxx/CVE-2022-0739.json
View File

@ -1,18 +1,80 @@
{ {
"data_type": "CVE", "CVE_data_meta": {
"data_format": "MITRE", "ID": "CVE-2022-0739",
"data_version": "4.0", "ASSIGNER": "contact@wpscan.com",
"CVE_data_meta": { "STATE": "PUBLIC",
"ID": "CVE-2022-0739", "TITLE": "BookingPress < 1.0.11 - Unauthenticated SQL Injection"
"ASSIGNER": "cve@mitre.org", },
"STATE": "RESERVED" "data_format": "MITRE",
}, "data_type": "CVE",
"description": { "data_version": "4.0",
"description_data": [ "generator": "WPScan CVE Generator",
{ "affects": {
"lang": "eng", "vendor": {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "vendor_data": [
} {
] "vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "BookingPress Appointments Booking Calendar Plugin and Online Scheduling Plugin",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.0.11",
"version_value": "1.0.11"
}
]
}
}
]
}
}
]
} }
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The BookingPress WordPress plugin before 1.0.11 fails to properly sanitize user supplied POST data before it is used in a dynamically constructed SQL query via the bookingpress_front_get_category_services AJAX action (available to unauthenticated users), leading to an unauthenticated SQL Injection"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/388cd42d-b61a-42a4-8604-99b812db2357",
"name": "https://wpscan.com/vulnerability/388cd42d-b61a-42a4-8604-99b812db2357"
},
{
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2684789",
"name": "https://plugins.trac.wordpress.org/changeset/2684789"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-89 SQL Injection",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "cydave"
}
],
"source": {
"discovery": "EXTERNAL"
}
} }

92
2022/0xxx/CVE-2022-0747.json
View File

@ -1,18 +1,80 @@
{ {
"data_type": "CVE", "CVE_data_meta": {
"data_format": "MITRE", "ID": "CVE-2022-0747",
"data_version": "4.0", "ASSIGNER": "contact@wpscan.com",
"CVE_data_meta": { "STATE": "PUBLIC",
"ID": "CVE-2022-0747", "TITLE": "Infographic Maker - iList < 4.3.8 - Unauthenticated SQL Injection"
"ASSIGNER": "cve@mitre.org", },
"STATE": "RESERVED" "data_format": "MITRE",
}, "data_type": "CVE",
"description": { "data_version": "4.0",
"description_data": [ "generator": "WPScan CVE Generator",
{ "affects": {
"lang": "eng", "vendor": {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "vendor_data": [
} {
] "vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Infographic Maker iList",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4.3.8",
"version_value": "4.3.8"
}
]
}
}
]
}
}
]
} }
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Infographic Maker WordPress plugin before 4.3.8 does not validate and escape the post_id parameter before using it in a SQL statement via the qcld_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL Injection"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/a8575322-c2cf-486a-9c37-71a22167aac3",
"name": "https://wpscan.com/vulnerability/a8575322-c2cf-486a-9c37-71a22167aac3"
},
{
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2684336",
"name": "https://plugins.trac.wordpress.org/changeset/2684336"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-89 SQL Injection",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "cydave"
}
],
"source": {
"discovery": "EXTERNAL"
}
} }

92
2022/0xxx/CVE-2022-0760.json
View File

@ -1,18 +1,80 @@
{ {
"data_type": "CVE", "CVE_data_meta": {
"data_format": "MITRE", "ID": "CVE-2022-0760",
"data_version": "4.0", "ASSIGNER": "contact@wpscan.com",
"CVE_data_meta": { "STATE": "PUBLIC",
"ID": "CVE-2022-0760", "TITLE": "Simple Link Directory < 7.7.2 - Unauthenticated SQL injection"
"ASSIGNER": "cve@mitre.org", },
"STATE": "RESERVED" "data_format": "MITRE",
}, "data_type": "CVE",
"description": { "data_version": "4.0",
"description_data": [ "generator": "WPScan CVE Generator",
{ "affects": {
"lang": "eng", "vendor": {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "vendor_data": [
} {
] "vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Simple Link Directory",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "7.7.2",
"version_value": "7.7.2"
}
]
}
}
]
}
}
]
} }
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Simple Link Directory WordPress plugin before 7.7.2 does not validate and escape the post_id parameter before using it in a SQL statement via the qcopd_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL Injection"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/1c83ed73-ef02-45c0-a9ab-68a3468d2210",
"name": "https://wpscan.com/vulnerability/1c83ed73-ef02-45c0-a9ab-68a3468d2210"
},
{
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2684915",
"name": "https://plugins.trac.wordpress.org/changeset/2684915"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-89 SQL Injection",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "cydave"
}
],
"source": {
"discovery": "EXTERNAL"
}
} }