diff --git a/2022/1xxx/CVE-2022-1123.json b/2022/1xxx/CVE-2022-1123.json index 98ae661501e..fed5d49a02d 100644 --- a/2022/1xxx/CVE-2022-1123.json +++ b/2022/1xxx/CVE-2022-1123.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-1123", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-1123", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": " Leaflet Maps Marker < 3.12.5 - Admin+ SQLi" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.12.5", + "version_value": "3.12.5" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) WordPress plugin before 3.12.5 does not properly sanitize some parameters before inserting them into SQL queries. As a result, high privilege users could perform SQL injection attacks." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/03e0d4d5-0184-4a15-b8ac-fdc2010e4812", + "name": "https://wpscan.com/vulnerability/03e0d4d5-0184-4a15-b8ac-fdc2010e4812" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-89 SQL Injection", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Ihor Bliumental" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1566.json b/2022/1xxx/CVE-2022-1566.json index 7ffbd79f2b5..7856b985b40 100644 --- a/2022/1xxx/CVE-2022-1566.json +++ b/2022/1xxx/CVE-2022-1566.json @@ -3,7 +3,7 @@ "ID": "CVE-2022-1566", "ASSIGNER": "contact@wpscan.com", "STATE": "PUBLIC", - "TITLE": "Quotes llama <= 0.7 - Admin+ Stored Cross-Site Scripting" + "TITLE": "Quotes llama < 1.0.0 - Admin+ Stored Cross-Site Scripting" }, "data_format": "MITRE", "data_type": "CVE", @@ -21,9 +21,9 @@ "version": { "version_data": [ { - "version_affected": "<=", - "version_name": "0.7", - "version_value": "0.7" + "version_affected": "<", + "version_name": "1.0.0", + "version_value": "1.0.0" } ] } @@ -38,7 +38,7 @@ "description_data": [ { "lang": "eng", - "value": "The Quotes llama WordPress plugin through 0.7 does not sanitise and escape Quotes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. The attack could also be performed by tricking an admin to import a malicious CSV file" + "value": "The Quotes llama WordPress plugin before 1.0.0 does not sanitise and escape Quotes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. The attack could also be performed by tricking an admin to import a malicious CSV file" } ] }, @@ -56,7 +56,7 @@ { "description": [ { - "value": "CWE-79 Cross-site Scripting (XSS)", + "value": "CWE-79 Cross-Site Scripting (XSS)", "lang": "eng" } ] diff --git a/2022/1xxx/CVE-2022-1663.json b/2022/1xxx/CVE-2022-1663.json index a5065b72ca9..953c1c6c308 100644 --- a/2022/1xxx/CVE-2022-1663.json +++ b/2022/1xxx/CVE-2022-1663.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-1663", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-1663", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Stop Spam Comments <= 0.2.1.2 - Access Token Bypass" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Stop Spam Comments", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0.2.1.2", + "version_value": "0.2.1.2" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Stop Spam Comments WordPress plugin through 0.2.1.2 does not properly generate the Javascript access token for preventing abuse of comment section, allowing threat authors to easily collect the value and add it to the request." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/30820be1-e96a-4ff6-b1ec-efda14069e70", + "name": "https://wpscan.com/vulnerability/30820be1-e96a-4ff6-b1ec-efda14069e70" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-200 Information Exposure", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Daniel Ruf" + } + ], + "source": { + "discovery": "EXTERNAL" + } +} diff --git a/2022/2xxx/CVE-2022-2034.json b/2022/2xxx/CVE-2022-2034.json index b7fc8835cc9..9677a99fbda 100644 --- a/2022/2xxx/CVE-2022-2034.json +++ b/2022/2xxx/CVE-2022-2034.json @@ -1,18 +1,80 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-2034", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-2034", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Sensei LMS < 4.5.0 - Unauthenticated Private Messages Disclosure via Rest API" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Sensei LMS – Online Courses, Quizzes, & Learning", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "4.5.0", + "version_value": "4.5.0" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Sensei LMS WordPress plugin before 4.5.0 does not have proper permissions set in one of its REST endpoint, allowing unauthenticated users to access private messages sent to teachers" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/aba3dd58-7a8e-4129-add5-4dd5972c0426", + "name": "https://wpscan.com/vulnerability/aba3dd58-7a8e-4129-add5-4dd5972c0426" + }, + { + "refsource": "MISC", + "url": "https://hackerone.com/reports/1590237", + "name": "https://hackerone.com/reports/1590237" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-862 Missing Authorization", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Veshraj Ghimire" + } + ], + "source": { + "discovery": "EXTERNAL" + } +} diff --git a/2022/2xxx/CVE-2022-2080.json b/2022/2xxx/CVE-2022-2080.json index 72ae77b96ca..5a3d27233b8 100644 --- a/2022/2xxx/CVE-2022-2080.json +++ b/2022/2xxx/CVE-2022-2080.json @@ -1,18 +1,80 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-2080", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-2080", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Sensei LMS < 4.5.2 - Arbitrary Private Message Sending via IDOR" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Sensei LMS – Online Courses, Quizzes, & Learning", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "4.5.2", + "version_value": "4.5.2" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Sensei LMS WordPress plugin before 4.5.2 does not ensure that the sender of a private message is either the teacher or the original sender, allowing any authenticated user to send messages to arbitrary private conversation via a IDOR attack. Note: Attackers are not able to see responses/messages between the teacher and student" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/5395d196-a39a-4a58-913e-5b5b9d6123a5", + "name": "https://wpscan.com/vulnerability/5395d196-a39a-4a58-913e-5b5b9d6123a5" + }, + { + "refsource": "MISC", + "url": "https://hackerone.com/reports/1592596", + "name": "https://hackerone.com/reports/1592596" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-639 Authorization Bypass Through User-Controlled Key", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Veshraj Ghimire" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2261.json b/2022/2xxx/CVE-2022-2261.json index e54f1976613..1545c96784c 100644 --- a/2022/2xxx/CVE-2022-2261.json +++ b/2022/2xxx/CVE-2022-2261.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-2261", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-2261", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "WPide < 3.0 - Admin+ Local File Inclusion" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "WPIDE – File Manager & Code Editor", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.0", + "version_value": "3.0" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WPIDE WordPress plugin before 3.0 does not sanitize and validate the filename parameter before using it in a require statement in the admin dashboard, leading to a Local File Inclusion issue." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/f6091d7b-97b5-42f2-b2f4-09a0fe6d5a21", + "name": "https://wpscan.com/vulnerability/f6091d7b-97b5-42f2-b2f4-09a0fe6d5a21" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Raad Haddad" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2267.json b/2022/2xxx/CVE-2022-2267.json index cfe119acc86..4fbd4bcff03 100644 --- a/2022/2xxx/CVE-2022-2267.json +++ b/2022/2xxx/CVE-2022-2267.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-2267", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-2267", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "MailChimp for Woocommerce < 2.7.1 - Subscriber+ SSRF" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Mailchimp for WooCommerce", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.7.1", + "version_value": "2.7.1" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Mailchimp for WooCommerce WordPress plugin before 2.7.1 has an AJAX action that allows any logged in users (such as subscriber) to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan private network for example" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/e3bd9f8c-919a-40af-9e80-607573e71870", + "name": "https://wpscan.com/vulnerability/e3bd9f8c-919a-40af-9e80-607573e71870" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-918 Server-Side Request Forgery (SSRF)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Miguel Xavier Penha Neto" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2373.json b/2022/2xxx/CVE-2022-2373.json index b5cea785702..aaf6532c669 100644 --- a/2022/2xxx/CVE-2022-2373.json +++ b/2022/2xxx/CVE-2022-2373.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-2373", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-2373", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Simply Schedule Appointments < 1.5.7.7 - Unauthenticated Email Address Disclosure" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Simply Schedule Appointments – WordPress Booking Plugin", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.5.7.7", + "version_value": "1.5.7.7" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Simply Schedule Appointments WordPress plugin before 1.5.7.7 is missing authorisation in a REST endpoint, allowing unauthenticated users to retrieve WordPress users details such as name and email address" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/6aa9aa0d-b447-4584-a07e-b8a0d1b83a31", + "name": "https://wpscan.com/vulnerability/6aa9aa0d-b447-4584-a07e-b8a0d1b83a31" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-862 Missing Authorization", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Raad Haddad" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2374.json b/2022/2xxx/CVE-2022-2374.json index 62c5159c3bd..a0a748432db 100644 --- a/2022/2xxx/CVE-2022-2374.json +++ b/2022/2xxx/CVE-2022-2374.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-2374", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-2374", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Simply Schedule Appointments < 1.5.7.7 - Admin+ Stored Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Simply Schedule Appointments – WordPress Booking Plugin", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.5.7.7", + "version_value": "1.5.7.7" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Simply Schedule Appointments WordPress plugin before 1.5.7.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/12062d78-7a0d-4dc1-9bd6-6c54aa6bc761", + "name": "https://wpscan.com/vulnerability/12062d78-7a0d-4dc1-9bd6-6c54aa6bc761" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-Site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Raad Haddad" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2537.json b/2022/2xxx/CVE-2022-2537.json index b42ff34b44c..44eb9a700fe 100644 --- a/2022/2xxx/CVE-2022-2537.json +++ b/2022/2xxx/CVE-2022-2537.json @@ -1,18 +1,80 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-2537", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-2537", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "WooCommerce PDF Invoices & Packing Slips < 3.0.1 - Reflected Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "WooCommerce PDF Invoices & Packing Slips", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_name": "2.14.0", + "version_value": "2.14.0" + }, + { + "version_affected": "<", + "version_name": "3.0.1", + "version_value": "3.0.1" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 3.0.1 does not sanitise and escape some parameters before outputting them back in an attributes of an admin page, leading to Reflected Cross-Site Scripting." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/ae613148-85d8-47a0-952d-49c29584676f", + "name": "https://wpscan.com/vulnerability/ae613148-85d8-47a0-952d-49c29584676f" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-Site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Krzysztof Zając" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2538.json b/2022/2xxx/CVE-2022-2538.json index 940a4314da9..693e0172d48 100644 --- a/2022/2xxx/CVE-2022-2538.json +++ b/2022/2xxx/CVE-2022-2538.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-2538", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-2538", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "WP Hide & Security Enhancer < 1.8 - Reflected Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "WP Hide & Security Enhancer", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.8", + "version_value": "1.8" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WP Hide & Security Enhancer WordPress plugin before 1.8 does not escape a parameter before outputting it back in an attribute of a backend page, leading to a Reflected Cross-Site Scripting" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/afa1e159-30bc-42d2-b3f8-8c868b113d3e", + "name": "https://wpscan.com/vulnerability/afa1e159-30bc-42d2-b3f8-8c868b113d3e" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-Site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Krzysztof Zając" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2556.json b/2022/2xxx/CVE-2022-2556.json index c2ee2e30f3c..93bfd4a02cc 100644 --- a/2022/2xxx/CVE-2022-2556.json +++ b/2022/2xxx/CVE-2022-2556.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-2556", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-2556", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "MailChimp for Woocommerce < 2.7.2 - Admin+ SSRF" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Mailchimp for WooCommerce", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.7.2", + "version_value": "2.7.2" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Mailchimp for WooCommerce WordPress plugin before 2.7.2 has an AJAX action that allows high privilege users to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan private network for example" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/f2a59eaa-6b44-4098-912f-823289cf33b0", + "name": "https://wpscan.com/vulnerability/f2a59eaa-6b44-4098-912f-823289cf33b0" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-918 Server-Side Request Forgery (SSRF)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Miguel Xavier Penha Neto" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2559.json b/2022/2xxx/CVE-2022-2559.json index 92ca45f09dd..f5a3496df7d 100644 --- a/2022/2xxx/CVE-2022-2559.json +++ b/2022/2xxx/CVE-2022-2559.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-2559", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-2559", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Fluent Support < 1.5.8 - Admin+ SQLi" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Fluent Support – WordPress Helpdesk and Customer Support Ticket Plugin", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.5.8", + "version_value": "1.5.8" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Fluent Support WordPress plugin before 1.5.8 does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection vulnerability exploitable by high privilege users" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/062599ce-c630-487e-bb43-c3b27a62b9ec", + "name": "https://wpscan.com/vulnerability/062599ce-c630-487e-bb43-c3b27a62b9ec" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-89 SQL Injection", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Rafshanzani Suhada" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2599.json b/2022/2xxx/CVE-2022-2599.json index a146e10a73b..dfa513dc292 100644 --- a/2022/2xxx/CVE-2022-2599.json +++ b/2022/2xxx/CVE-2022-2599.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-2599", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-2599", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Anti-Malware Security and Brute-Force Firewall < 4.21.83 - Reflected Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Anti-Malware Security and Brute-Force Firewall", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "4.21.83", + "version_value": "4.21.83" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.21.83 does not sanitise and escape some parameters before outputting them back in an admin dashboard, leading to Reflected Cross-Site Scripting" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/276a7fc5-3d0d-446d-92cf-20060aecd0ef", + "name": "https://wpscan.com/vulnerability/276a7fc5-3d0d-446d-92cf-20060aecd0ef" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-Site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Krzysztof Zając" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2638.json b/2022/2xxx/CVE-2022-2638.json index ab62a38188f..c7fc9600e45 100644 --- a/2022/2xxx/CVE-2022-2638.json +++ b/2022/2xxx/CVE-2022-2638.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-2638", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-2638", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Export All URLs < 4.4 - Admin+ Arbitrary System File Removal" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Export All URLs", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "4.4", + "version_value": "4.4" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Export All URLs WordPress plugin before 4.4 does not validate the path of the file to be removed on the system which is supposed to be the CSV file. This could allow high privilege users to delete arbitrary file from the server" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/70840a72-ccdc-4eee-9ad2-874809e5de11", + "name": "https://wpscan.com/vulnerability/70840a72-ccdc-4eee-9ad2-874809e5de11" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-73 External Control of File Name or Path", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Raad Haddad" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file