admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 11:06:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-06-07 13:00:41 +00:00
parent 72f42597f6
commit 9a772c5e80
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
6 changed files with 598 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

90
2020/36xxx/CVE-2020-36705.json
View File

@ -1,17 +1,99 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-36705",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Adning Advertising plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the _ning_upload_image function in versions up to, and including, 1.5.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "tunafish",
"product": {
"product_data": [
{
"product_name": "Adning Advertising",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.5.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4a263b74-e9ae-4fd2-be9b-9b8e9eee5982?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4a263b74-e9ae-4fd2-be9b-9b8e9eee5982?source=cve"
},
{
"url": "https://codecanyon.net/item/wp-pro-advertising-system-all-in-one-ad-manager/269693",
"refsource": "MISC",
"name": "https://codecanyon.net/item/wp-pro-advertising-system-all-in-one-ad-manager/269693"
},
{
"url": "https://blog.nintechnet.com/critical-vulnerability-in-adning-advertising-plugin-actively-exploited-in-the-wild/",
"refsource": "MISC",
"name": "https://blog.nintechnet.com/critical-vulnerability-in-adning-advertising-plugin-actively-exploited-in-the-wild/"
},
{
"url": "https://www.wordfence.com/blog/2020/07/critical-vulnerabilities-patched-in-adning-advertising-plugin/",
"refsource": "MISC",
"name": "https://www.wordfence.com/blog/2020/07/critical-vulnerabilities-patched-in-adning-advertising-plugin/"
},
{
"url": "https://wpscan.com/vulnerability/e9873fe3-fc06-4a52-aa32-6922cab7830c",
"refsource": "MISC",
"name": "https://wpscan.com/vulnerability/e9873fe3-fc06-4a52-aa32-6922cab7830c"
}
]
},
"credits": [
{
"lang": "en",
"value": "Jerome Bruandet"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
}
]
}

85
2020/36xxx/CVE-2020-36728.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-36728",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Adning Advertising plugin for WordPress is vulnerable to file deletion via path traversal in versions up to, and including, 1.5.5. This allows unauthenticated attackers to delete arbitrary files which can be used to reset and gain full control of a site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "tunafish",
"product": {
"product_data": [
{
"product_name": "Adning Advertising",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.5.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e7506429-7f8a-45b5-b1b0-6fdb39599ee5?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e7506429-7f8a-45b5-b1b0-6fdb39599ee5?source=cve"
},
{
"url": "https://blog.nintechnet.com/critical-vulnerability-in-adning-advertising-plugin-actively-exploited-in-the-wild/",
"refsource": "MISC",
"name": "https://blog.nintechnet.com/critical-vulnerability-in-adning-advertising-plugin-actively-exploited-in-the-wild/"
},
{
"url": "https://www.wordfence.com/blog/2020/07/critical-vulnerabilities-patched-in-adning-advertising-plugin/",
"refsource": "MISC",
"name": "https://www.wordfence.com/blog/2020/07/critical-vulnerabilities-patched-in-adning-advertising-plugin/"
},
{
"url": "https://codecanyon.net/item/wp-pro-advertising-system-all-in-one-ad-manager/269693",
"refsource": "MISC",
"name": "https://codecanyon.net/item/wp-pro-advertising-system-all-in-one-ad-manager/269693"
}
]
},
"credits": [
{
"lang": "en",
"value": "Jerome Bruandet"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
}
]
}

260
2021/4xxx/CVE-2021-4337.json
View File

@ -1,17 +1,269 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-4337",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Sixteen XforWooCommerce Add-On Plugins for WordPress are vulnerable to authorization bypass due to a missing capability check on the wp_ajax_svx_ajax_factory function in various versions listed below. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to read, edit, or delete WordPress settings, plugin settings, and to arbitrarily list all users on a WordPress website. The plugins impacted are: Product Filter for WooCommerce < 8.2.0, Improved Product Options for WooCommerce < 5.3.0, Improved Sale Badges for WooCommerce < 4.4.0, Share, Print and PDF Products for WooCommerce < 2.8.0, Product Loops for WooCommerce < 1.7.0, XforWooCommerce < 1.7.0, Package Quantity Discount < 1.2.0, Price Commander for WooCommerce < 1.3.0, Comment and Review Spam Control for WooCommerce < 1.5.0, Add Product Tabs for WooCommerce < 1.5.0, Autopilot SEO for WooCommerce < 1.6.0, Floating Cart < 1.3.0, Live Search for WooCommerce < 2.1.0, Bulk Add to Cart for WooCommerce < 1.3.0, Live Product Editor for WooCommerce < 4.7.0, and Warranties and Returns for WooCommerce < 5.3.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "XforWooCommerce",
"product": {
"product_data": [
{
"product_name": "Product Filter for WooCommerce",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "*",
"version_value": "8.2.0"
}
]
}
},
{
"product_name": "Improved Sale Badges for WooCommerce",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "*",
"version_value": "4.4.0"
}
]
}
},
{
"product_name": "XforWooCommerce",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "*",
"version_value": "1.7.0"
}
]
}
},
{
"product_name": "Live Product Editor for WooCommerce",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "*",
"version_value": "4.7.0"
}
]
}
},
{
"product_name": "Warranties and Returns for WooCommerce",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "*",
"version_value": "5.3.0"
}
]
}
},
{
"product_name": "Price Commander for WooCommerce",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "*",
"version_value": "1.3.0"
}
]
}
},
{
"product_name": "Improved Product Options for WooCommerce",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "*",
"version_value": "5.3.0"
}
]
}
},
{
"product_name": "Comment and Review Spam Control for WooCommerce",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "*",
"version_value": "1.5.0"
}
]
}
},
{
"product_name": "Package Quantity Discount",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "*",
"version_value": "1.2.0"
}
]
}
},
{
"product_name": "Share, Print and PDF Products for WooCommerce",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "*",
"version_value": "2.8.0"
}
]
}
},
{
"product_name": "Bulk Add to Cart for WooCommerce",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "*",
"version_value": "1.3.0"
}
]
}
},
{
"product_name": "Live Search for WooCommerce",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "*",
"version_value": "2.1.0"
}
]
}
},
{
"product_name": "Floating Cart for WooCommerce",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "*",
"version_value": "1.3.0"
}
]
}
},
{
"product_name": "Add Product Tabs for WooCommerce",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "*",
"version_value": "1.5.0"
}
]
}
},
{
"product_name": "Product Loops for WooCommerce",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "*",
"version_value": "1.7.0"
}
]
}
},
{
"product_name": "Autopilot SEO for WooCommerce",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "*",
"version_value": "1.6.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/05481984-7c18-4ec7-8d7c-831809c3e86b?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/05481984-7c18-4ec7-8d7c-831809c3e86b?source=cve"
},
{
"url": "https://blog.nintechnet.com/16-woocommerce-product-add-ons-plugins-fixed-vulnerabilities/",
"refsource": "MISC",
"name": "https://blog.nintechnet.com/16-woocommerce-product-add-ons-plugins-fixed-vulnerabilities/"
},
{
"url": "https://xforwoocommerce.com/blog/change-log/xforwoocommerce-1-7-0/",
"refsource": "MISC",
"name": "https://xforwoocommerce.com/blog/change-log/xforwoocommerce-1-7-0/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Jerome Bruandet"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}

80
2021/4xxx/CVE-2021-4379.json
View File

@ -1,17 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-4379",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The WooCommerce Multi Currency plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wmc_bulk_fixed_price function in versions up to, and including, 2.1.17. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to make changes to product prices."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "villatheme",
"product": {
"product_data": [
{
"product_name": "WooCommerce Multi Currency",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "2.1.17"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e2318ae9-4115-442e-9293-a9251787c5f3?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e2318ae9-4115-442e-9293-a9251787c5f3?source=cve"
},
{
"url": "https://codecanyon.net/item/woocommerce-multi-currency/20948446",
"refsource": "MISC",
"name": "https://codecanyon.net/item/woocommerce-multi-currency/20948446"
},
{
"url": "https://blog.nintechnet.com/vulnerability-fixed-in-wordpress-woocommerce-multi-currency-plugin/",
"refsource": "MISC",
"name": "https://blog.nintechnet.com/vulnerability-fixed-in-wordpress-woocommerce-multi-currency-plugin/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Jerome Bruandet"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
}
]
}

85
2021/4xxx/CVE-2021-4380.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-4380",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Pinterest Automatic plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the 'wp_pinterest_automatic_parse_request' function and the 'process_form.php' script in versions up to, and including, 1.14.3. This makes it possible for unauthenticated attackers to update arbitrary options on a site that can be used to create new administrative user accounts or redirect unsuspecting site visitors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ValvePress",
"product": {
"product_data": [
{
"product_name": "Pinterest Automatic",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "4.14.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e4fdc902-4cfe-4116-a294-9a0fcb2de346?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e4fdc902-4cfe-4116-a294-9a0fcb2de346?source=cve"
},
{
"url": "https://blog.nintechnet.com/critical-vulnerability-fixed-in-wordpress-pinterest-automatic-plugin/",
"refsource": "MISC",
"name": "https://blog.nintechnet.com/critical-vulnerability-fixed-in-wordpress-pinterest-automatic-plugin/"
},
{
"url": "https://wpscan.com/vulnerability/ffd344fd-de2c-4f27-8932-41aa0a3c3d05",
"refsource": "MISC",
"name": "https://wpscan.com/vulnerability/ffd344fd-de2c-4f27-8932-41aa0a3c3d05"
},
{
"url": "https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-pinterest-automatic-pin-security-bypass-4-14-3/",
"refsource": "MISC",
"name": "https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-pinterest-automatic-pin-security-bypass-4-14-3/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Jerome Bruandet"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
}
]
}

18
2023/3xxx/CVE-2023-3141.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-3141",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}