admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-04-05 19:00:43 +00:00
parent 94eabc88f7
commit a6679c373b
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
27 changed files with 1370 additions and 1325 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2020/26xxx/CVE-2020-26820.json
View File

@ -85,6 +85,11 @@
"url": "https://launchpad.support.sap.com/#/notes/2979062",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2979062"
},
{
"refsource": "FULLDISC",
"name": "20210405 Onapsis Security Advisory 2021-0004: [CVE-2020-26820] - SAP Java OS Remote Code Execution",
"url": "http://seclists.org/fulldisclosure/2021/Apr/7"
}
]
}

5
2020/27xxx/CVE-2020-27216.json
View File

@ -580,6 +580,11 @@
"refsource": "MLIST",
"name": "[beam-issues] 20210402 [jira] [Updated] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216",
"url": "https://lists.apache.org/thread.html/rd7e62e2972a41c2658f41a824b8bdd15644d80fcadc51fe7b7c855de@%3Cissues.beam.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[beam-issues] 20210405 [jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216",
"url": "https://lists.apache.org/thread.html/r87b0c69fef09277333a7e1716926d1f237d462e143a335854ddd922f@%3Cissues.beam.apache.org%3E"
}
]
}

5
2020/6xxx/CVE-2020-6207.json
View File

@ -74,6 +74,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/161993/SAP-Solution-Manager-7.2-Remote-Command-Execution.html",
"url": "http://packetstormsecurity.com/files/161993/SAP-Solution-Manager-7.2-Remote-Command-Execution.html"
},
{
"refsource": "FULLDISC",
"name": "20210405 Onapsis Security Advisory 2021-0001: [CVE-2020-6207] - Unauthenticated RCE in SAP all SMD Agents connected to SAP SolMan",
"url": "http://seclists.org/fulldisclosure/2021/Apr/4"
}
]
}

5
2020/6xxx/CVE-2020-6234.json
View File

@ -69,6 +69,11 @@
"url": "https://launchpad.support.sap.com/#/notes/2902645",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2902645"
},
{
"refsource": "FULLDISC",
"name": "20210405 Onapsis Security Advisory 2021-0002: [CVE-2020-6234] - SAP Multiple root LPE through SAP Host Control",
"url": "http://seclists.org/fulldisclosure/2021/Apr/5"
}
]
}

5
2020/6xxx/CVE-2020-6287.json
View File

@ -86,6 +86,11 @@
"refsource": "MISC",
"name": "https://www.onapsis.com/recon-sap-cyber-security-vulnerability",
"url": "https://www.onapsis.com/recon-sap-cyber-security-vulnerability"
},
{
"refsource": "FULLDISC",
"name": "20210405 Onapsis Security Advisory 2021-0003: [CVE-2020-6287] - [SAP RECON] SAP JAVA: Unauthenticated execution of configuration tasks",
"url": "http://seclists.org/fulldisclosure/2021/Apr/6"
}
]
}

5
2021/23xxx/CVE-2021-23336.json
View File

@ -189,6 +189,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210326-0004/",
"url": "https://security.netapp.com/advisory/ntap-20210326-0004/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210405 [SECURITY] [DLA 2619-1] python3.5 security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html"
}
]
},

144
2021/24xxx/CVE-2021-24158.json
View File

@ -1,80 +1,80 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-24158",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Orbit Fox by ThemeIsle < 2.10.3 - Authenticated Privilege Escalation"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Orbit Fox by ThemeIsle",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.10.3",
"version_value": "2.10.3"
"CVE_data_meta": {
"ID": "CVE-2021-24158",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Orbit Fox by ThemeIsle < 2.10.3 - Authenticated Privilege Escalation"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Orbit Fox by ThemeIsle",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.10.3",
"version_value": "2.10.3"
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Orbit Fox by ThemeIsle has a feature to add a registration form to both the Elementor and Beaver Builder page builders functionality. As part of the registration form, administrators can choose which role to set as the default for users upon registration. This field is hidden from view for lower-level users, however, they can still supply the user_role parameter to update the default role for registration."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/d81d0e72-9bb5-47ef-a796-3b305a4b604f",
"name": "https://wpscan.com/vulnerability/d81d0e72-9bb5-47ef-a796-3b305a4b604f"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/01/multiple-vulnerabilities-patched-in-orbit-fox-by-themeisle-plugin/",
"name": "https://www.wordfence.com/blog/2021/01/multiple-vulnerabilities-patched-in-orbit-fox-by-themeisle-plugin/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-269 Improper Privilege Management",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Orbit Fox by ThemeIsle has a feature to add a registration form to both the Elementor and Beaver Builder page builders functionality. As part of the registration form, administrators can choose which role to set as the default for users upon registration. This field is hidden from view for lower-level users, however, they can still supply the user_role parameter to update the default role for registration."
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Chloe Chamberland"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/01/multiple-vulnerabilities-patched-in-orbit-fox-by-themeisle-plugin/",
"name": "https://www.wordfence.com/blog/2021/01/multiple-vulnerabilities-patched-in-orbit-fox-by-themeisle-plugin/"
},
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/d81d0e72-9bb5-47ef-a796-3b305a4b604f",
"name": "https://wpscan.com/vulnerability/d81d0e72-9bb5-47ef-a796-3b305a4b604f"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-269 Improper Privilege Management",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Chloe Chamberland"
}
],
"source": {
"discovery": "UNKNOWN"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

168
2021/24xxx/CVE-2021-24161.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-24161",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Responsive Menu < 4.0.4 - CSRF to Arbitrary File Upload "
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ExpressTech",
"product": {
"product_data": [
{
"product_name": "Responsive Menu Create Mobile-Friendly Menu",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4.0.4",
"version_value": "4.0.4"
"CVE_data_meta": {
"ID": "CVE-2021-24161",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Responsive Menu < 4.0.4 - CSRF to Arbitrary File Upload "
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ExpressTech",
"product": {
"product_data": [
{
"product_name": "Responsive Menu \u2013 Create Mobile-Friendly Menu",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4.0.4",
"version_value": "4.0.4"
}
]
}
},
{
"product_name": "Responsive Menu Pro",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4.0.4",
"version_value": "4.0.4"
}
]
}
}
]
}
]
}
},
{
"product_name": "Responsive Menu Pro",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4.0.4",
"version_value": "4.0.4"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into uploading a zip archive containing malicious PHP files. The attacker could then access those files to achieve remote code execution and further infect the targeted site."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/efca27e0-bdb6-4497-8330-081f909d6933",
"name": "https://wpscan.com/vulnerability/efca27e0-bdb6-4497-8330-081f909d6933"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/02/multiple-vulnerabilities-patched-in-responsive-menu-plugin/",
"name": "https://www.wordfence.com/blog/2021/02/multiple-vulnerabilities-patched-in-responsive-menu-plugin/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into uploading a zip archive containing malicious PHP files. The attacker could then access those files to achieve remote code execution and further infect the targeted site."
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Chloe Chamberland"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/02/multiple-vulnerabilities-patched-in-responsive-menu-plugin/",
"name": "https://www.wordfence.com/blog/2021/02/multiple-vulnerabilities-patched-in-responsive-menu-plugin/"
},
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/efca27e0-bdb6-4497-8330-081f909d6933",
"name": "https://wpscan.com/vulnerability/efca27e0-bdb6-4497-8330-081f909d6933"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Chloe Chamberland"
}
],
"source": {
"discovery": "UNKNOWN"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

168
2021/24xxx/CVE-2021-24162.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-24162",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Responsive Menu < 4.0.4 - CSRF to Settings Update"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ExpressTech",
"product": {
"product_data": [
{
"product_name": "Responsive Menu Create Mobile-Friendly Menu",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4.0.4",
"version_value": "4.0.4"
"CVE_data_meta": {
"ID": "CVE-2021-24162",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Responsive Menu < 4.0.4 - CSRF to Settings Update"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ExpressTech",
"product": {
"product_data": [
{
"product_name": "Responsive Menu \u2013 Create Mobile-Friendly Menu",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4.0.4",
"version_value": "4.0.4"
}
]
}
},
{
"product_name": "Responsive Menu Pro",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4.0.4",
"version_value": "4.0.4"
}
]
}
}
]
}
]
}
},
{
"product_name": "Responsive Menu Pro",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4.0.4",
"version_value": "4.0.4"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into importing all new settings. These settings could be modified to include malicious JavaScript, therefore allowing an attacker to inject payloads that could aid in further infection of the site."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/923fc3a3-4bcc-4b48-870a-6150e14509b5",
"name": "https://wpscan.com/vulnerability/923fc3a3-4bcc-4b48-870a-6150e14509b5"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/02/multiple-vulnerabilities-patched-in-responsive-menu-plugin/",
"name": "https://www.wordfence.com/blog/2021/02/multiple-vulnerabilities-patched-in-responsive-menu-plugin/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into importing all new settings. These settings could be modified to include malicious JavaScript, therefore allowing an attacker to inject payloads that could aid in further infection of the site."
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Chloe Chamberland"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/02/multiple-vulnerabilities-patched-in-responsive-menu-plugin/",
"name": "https://www.wordfence.com/blog/2021/02/multiple-vulnerabilities-patched-in-responsive-menu-plugin/"
},
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/923fc3a3-4bcc-4b48-870a-6150e14509b5",
"name": "https://wpscan.com/vulnerability/923fc3a3-4bcc-4b48-870a-6150e14509b5"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Chloe Chamberland"
}
],
"source": {
"discovery": "UNKNOWN"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

144
2021/24xxx/CVE-2021-24164.json
View File

@ -1,80 +1,80 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-24164",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Ninja Forms < 3.4.34.1 - Authenticated OAuth Connection Key Disclosure"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Ninja Forms Contact Form The Drag and Drop Form Builder for WordPress",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.4.34.1",
"version_value": "3.4.34.1"
"CVE_data_meta": {
"ID": "CVE-2021-24164",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Ninja Forms < 3.4.34.1 - Authenticated OAuth Connection Key Disclosure"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Ninja Forms Contact Form \u2013 The Drag and Drop Form Builder for WordPress",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.4.34.1",
"version_value": "3.4.34.1"
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Ninja Forms Contact Form WordPress plugin before 3.4.34.1, low-level users, such as subscribers, were able to trigger the action, wp_ajax_nf_oauth, and retrieve the connection url needed to establish a connection. They could also retrieve the client_id for an already established OAuth connection."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/dfa32afa-c6de-4237-a9f2-709843dcda89",
"name": "https://wpscan.com/vulnerability/dfa32afa-c6de-4237-a9f2-709843dcda89"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/02/one-million-sites-affected-four-severe-vulnerabilities-patched-in-ninja-forms/",
"name": "https://www.wordfence.com/blog/2021/02/one-million-sites-affected-four-severe-vulnerabilities-patched-in-ninja-forms/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Ninja Forms Contact Form WordPress plugin before 3.4.34.1, low-level users, such as subscribers, were able to trigger the action, wp_ajax_nf_oauth, and retrieve the connection url needed to establish a connection. They could also retrieve the client_id for an already established OAuth connection."
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Chloe Chamberland"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/02/one-million-sites-affected-four-severe-vulnerabilities-patched-in-ninja-forms/",
"name": "https://www.wordfence.com/blog/2021/02/one-million-sites-affected-four-severe-vulnerabilities-patched-in-ninja-forms/"
},
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/dfa32afa-c6de-4237-a9f2-709843dcda89",
"name": "https://wpscan.com/vulnerability/dfa32afa-c6de-4237-a9f2-709843dcda89"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Chloe Chamberland"
}
],
"source": {
"discovery": "UNKNOWN"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

144
2021/24xxx/CVE-2021-24165.json
View File

@ -1,80 +1,80 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-24165",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Ninja Forms < 3.4.34 - Administrator Open Redirect"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Ninja Forms Contact Form The Drag and Drop Form Builder for WordPress",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.4.34",
"version_value": "3.4.34"
"CVE_data_meta": {
"ID": "CVE-2021-24165",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Ninja Forms < 3.4.34 - Administrator Open Redirect"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Ninja Forms Contact Form \u2013 The Drag and Drop Form Builder for WordPress",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.4.34",
"version_value": "3.4.34"
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Ninja Forms Contact Form WordPress plugin before 3.4.34, the wp_ajax_nf_oauth_connect AJAX action was vulnerable to open redirect due to the use of a user supplied redirect parameter and no protection in place."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/6147acf5-e43f-47e6-ab56-c9c8be584818",
"name": "https://wpscan.com/vulnerability/6147acf5-e43f-47e6-ab56-c9c8be584818"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/02/one-million-sites-affected-four-severe-vulnerabilities-patched-in-ninja-forms/",
"name": "https://www.wordfence.com/blog/2021/02/one-million-sites-affected-four-severe-vulnerabilities-patched-in-ninja-forms/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Ninja Forms Contact Form WordPress plugin before 3.4.34, the wp_ajax_nf_oauth_connect AJAX action was vulnerable to open redirect due to the use of a user supplied redirect parameter and no protection in place."
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Chloe Chamberland"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/02/one-million-sites-affected-four-severe-vulnerabilities-patched-in-ninja-forms/",
"name": "https://www.wordfence.com/blog/2021/02/one-million-sites-affected-four-severe-vulnerabilities-patched-in-ninja-forms/"
},
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/6147acf5-e43f-47e6-ab56-c9c8be584818",
"name": "https://wpscan.com/vulnerability/6147acf5-e43f-47e6-ab56-c9c8be584818"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Chloe Chamberland"
}
],
"source": {
"discovery": "UNKNOWN"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

144
2021/24xxx/CVE-2021-24166.json
View File

@ -1,80 +1,80 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-24166",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Ninja Forms < 3.4.34 - CSRF to OAuth Service Disconnection"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Ninja Forms Contact Form The Drag and Drop Form Builder for WordPress",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.4.34",
"version_value": "3.4.34"
"CVE_data_meta": {
"ID": "CVE-2021-24166",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Ninja Forms < 3.4.34 - CSRF to OAuth Service Disconnection"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Ninja Forms Contact Form \u2013 The Drag and Drop Form Builder for WordPress",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.4.34",
"version_value": "3.4.34"
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wp_ajax_nf_oauth_disconnect from the Ninja Forms Contact Form The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 had no nonce protection making it possible for attackers to craft a request to disconnect a site's OAuth connection."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/b531fb65-a8ff-4150-a9a1-2a62a3c00bd6",
"name": "https://wpscan.com/vulnerability/b531fb65-a8ff-4150-a9a1-2a62a3c00bd6"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/02/one-million-sites-affected-four-severe-vulnerabilities-patched-in-ninja-forms/",
"name": "https://www.wordfence.com/blog/2021/02/one-million-sites-affected-four-severe-vulnerabilities-patched-in-ninja-forms/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wp_ajax_nf_oauth_disconnect from the Ninja Forms Contact Form \u2013 The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 had no nonce protection making it possible for attackers to craft a request to disconnect a site's OAuth connection."
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Chloe Chamberland"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/02/one-million-sites-affected-four-severe-vulnerabilities-patched-in-ninja-forms/",
"name": "https://www.wordfence.com/blog/2021/02/one-million-sites-affected-four-severe-vulnerabilities-patched-in-ninja-forms/"
},
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/b531fb65-a8ff-4150-a9a1-2a62a3c00bd6",
"name": "https://wpscan.com/vulnerability/b531fb65-a8ff-4150-a9a1-2a62a3c00bd6"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Chloe Chamberland"
}
],
"source": {
"discovery": "UNKNOWN"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

154
2021/24xxx/CVE-2021-24177.json
View File

@ -1,85 +1,85 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-24177",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "WP File Manager < 7.1 - Reflected Cross-Site Scripting (XSS)"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "File Manager",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "7.1",
"version_value": "7.1"
"CVE_data_meta": {
"ID": "CVE-2021-24177",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "WP File Manager < 7.1 - Reflected Cross-Site Scripting (XSS)"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "File Manager",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "7.1",
"version_value": "7.1"
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the default configuration of the File Manager WordPress plugin before 7.1, a Reflected XSS can occur on the endpoint /wp-admin/admin.php?page=wp_file_manager_properties when a payload is submitted on the User-Agent parameter. The payload is then reflected back on the web application response."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/1cf3d256-cf4b-4d1f-9ed8-e2cc6392d8d8",
"name": "https://wpscan.com/vulnerability/1cf3d256-cf4b-4d1f-9ed8-e2cc6392d8d8"
},
{
"refsource": "MISC",
"url": "https://n4nj0.github.io/advisories/wordpress-plugin-wp-file-manager-i/",
"name": "https://n4nj0.github.io/advisories/wordpress-plugin-wp-file-manager-i/"
},
{
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/changeset/2476829/",
"name": "https://plugins.trac.wordpress.org/changeset/2476829/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the default configuration of the File Manager WordPress plugin before 7.1, a Reflected XSS can occur on the endpoint /wp-admin/admin.php?page=wp_file_manager_properties when a payload is submitted on the User-Agent parameter. The payload is then reflected back on the web application response."
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Veno Eivazian"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://n4nj0.github.io/advisories/wordpress-plugin-wp-file-manager-i/",
"name": "https://n4nj0.github.io/advisories/wordpress-plugin-wp-file-manager-i/"
},
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/1cf3d256-cf4b-4d1f-9ed8-e2cc6392d8d8",
"name": "https://wpscan.com/vulnerability/1cf3d256-cf4b-4d1f-9ed8-e2cc6392d8d8"
},
{
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/changeset/2476829/",
"name": "https://plugins.trac.wordpress.org/changeset/2476829/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Veno Eivazian"
}
],
"source": {
"discovery": "UNKNOWN"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

144
2021/24xxx/CVE-2021-24182.json
View File

@ -1,80 +1,80 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-24182",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Tutor LMS < 1.8.3 - SQL Injection via tutor_quiz_builder_get_answers_by_question"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Tutor LMS eLearning and online course solution",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.8.3",
"version_value": "1.8.3"
"CVE_data_meta": {
"ID": "CVE-2021-24182",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Tutor LMS < 1.8.3 - SQL Injection via tutor_quiz_builder_get_answers_by_question"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Tutor LMS \u2013 eLearning and online course solution",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.8.3",
"version_value": "1.8.3"
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The tutor_quiz_builder_get_answers_by_question AJAX action from the Tutor LMS eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/f74dfc52-46ba-41e3-994b-23115a22984f",
"name": "https://wpscan.com/vulnerability/f74dfc52-46ba-41e3-994b-23115a22984f"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin/",
"name": "https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-89 SQL Injection",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The tutor_quiz_builder_get_answers_by_question AJAX action from the Tutor LMS \u2013 eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students."
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Chloe Chamberland"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin/",
"name": "https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin/"
},
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/f74dfc52-46ba-41e3-994b-23115a22984f",
"name": "https://wpscan.com/vulnerability/f74dfc52-46ba-41e3-994b-23115a22984f"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-89 SQL Injection",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Chloe Chamberland"
}
],
"source": {
"discovery": "UNKNOWN"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

144
2021/24xxx/CVE-2021-24183.json
View File

@ -1,80 +1,80 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-24183",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Tutor LMS < 1.8.3 - SQL Injection via tutor_quiz_builder_get_question_form"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Tutor LMS eLearning and online course solution",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.8.3",
"version_value": "1.8.3"
"CVE_data_meta": {
"ID": "CVE-2021-24183",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Tutor LMS < 1.8.3 - SQL Injection via tutor_quiz_builder_get_question_form"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Tutor LMS \u2013 eLearning and online course solution",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.8.3",
"version_value": "1.8.3"
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The tutor_quiz_builder_get_question_form AJAX action from the Tutor LMS eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/9b8da6b7-f1d6-4a7d-a621-4ca01e4b7496",
"name": "https://wpscan.com/vulnerability/9b8da6b7-f1d6-4a7d-a621-4ca01e4b7496"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin/",
"name": "https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-89 SQL Injection",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The tutor_quiz_builder_get_question_form AJAX action from the Tutor LMS \u2013 eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students."
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Chloe Chamberland"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin/",
"name": "https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin/"
},
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/9b8da6b7-f1d6-4a7d-a621-4ca01e4b7496",
"name": "https://wpscan.com/vulnerability/9b8da6b7-f1d6-4a7d-a621-4ca01e4b7496"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-89 SQL Injection",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Chloe Chamberland"
}
],
"source": {
"discovery": "UNKNOWN"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

144
2021/24xxx/CVE-2021-24184.json
View File

@ -1,80 +1,80 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-24184",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Tutor LMS < 1.7.7 - Unprotected AJAX including Privilege Escalation"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Tutor LMS eLearning and online course solution",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.7.7",
"version_value": "1.7.7"
"CVE_data_meta": {
"ID": "CVE-2021-24184",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Tutor LMS < 1.7.7 - Unprotected AJAX including Privilege Escalation"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Tutor LMS \u2013 eLearning and online course solution",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.7.7",
"version_value": "1.7.7"
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Several AJAX endpoints in the Tutor LMS eLearning and online course solution WordPress plugin before 1.7.7 were unprotected, allowing students to modify course information and elevate their privileges among many other actions."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/5e85917c-7a58-49cb-b8b3-05aa18ffff3e",
"name": "https://wpscan.com/vulnerability/5e85917c-7a58-49cb-b8b3-05aa18ffff3e"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin/",
"name": "https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-269 Improper Privilege Management",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Several AJAX endpoints in the Tutor LMS \u2013 eLearning and online course solution WordPress plugin before 1.7.7 were unprotected, allowing students to modify course information and elevate their privileges among many other actions."
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Chloe Chamberland"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin/",
"name": "https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin/"
},
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/5e85917c-7a58-49cb-b8b3-05aa18ffff3e",
"name": "https://wpscan.com/vulnerability/5e85917c-7a58-49cb-b8b3-05aa18ffff3e"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-269 Improper Privilege Management",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Chloe Chamberland"
}
],
"source": {
"discovery": "UNKNOWN"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

144
2021/24xxx/CVE-2021-24185.json
View File

@ -1,80 +1,80 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-24185",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Tutor LMS < 1.7.7 - SQL Injection via tutor_place_rating"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Tutor LMS eLearning and online course solution",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.7.7",
"version_value": "1.7.7"
"CVE_data_meta": {
"ID": "CVE-2021-24185",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Tutor LMS < 1.7.7 - SQL Injection via tutor_place_rating"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Tutor LMS \u2013 eLearning and online course solution",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.7.7",
"version_value": "1.7.7"
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The tutor_place_rating AJAX action from the Tutor LMS eLearning and online course solution WordPress plugin before 1.7.7 was vulnerable to blind and time based SQL injections that could be exploited by students."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/0cba5349-e916-43f0-a1fe-62cf73e352a2",
"name": "https://wpscan.com/vulnerability/0cba5349-e916-43f0-a1fe-62cf73e352a2"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin/",
"name": "https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-89 SQL Injection",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The tutor_place_rating AJAX action from the Tutor LMS \u2013 eLearning and online course solution WordPress plugin before 1.7.7 was vulnerable to blind and time based SQL injections that could be exploited by students."
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Chloe Chamberland"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin/",
"name": "https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin/"
},
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/0cba5349-e916-43f0-a1fe-62cf73e352a2",
"name": "https://wpscan.com/vulnerability/0cba5349-e916-43f0-a1fe-62cf73e352a2"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-89 SQL Injection",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Chloe Chamberland"
}
],
"source": {
"discovery": "UNKNOWN"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

144
2021/24xxx/CVE-2021-24186.json
View File

@ -1,80 +1,80 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-24186",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Tutor LMS < 1.8.3 - SQL Injection via tutor_answering_quiz_question/get_answer_by_id"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Tutor LMS eLearning and online course solution",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.8.3",
"version_value": "1.8.3"
"CVE_data_meta": {
"ID": "CVE-2021-24186",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Tutor LMS < 1.8.3 - SQL Injection via tutor_answering_quiz_question/get_answer_by_id"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Tutor LMS \u2013 eLearning and online course solution",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.8.3",
"version_value": "1.8.3"
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The tutor_answering_quiz_question/get_answer_by_id function pair from the Tutor LMS eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/5f5c0c6c-6f76-4366-b590-0aab557f8c60",
"name": "https://wpscan.com/vulnerability/5f5c0c6c-6f76-4366-b590-0aab557f8c60"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin/",
"name": "https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-89 SQL Injection",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The tutor_answering_quiz_question/get_answer_by_id function pair from the Tutor LMS \u2013 eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students."
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Chloe Chamberland"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin/",
"name": "https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin/"
},
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/5f5c0c6c-6f76-4366-b590-0aab557f8c60",
"name": "https://wpscan.com/vulnerability/5f5c0c6c-6f76-4366-b590-0aab557f8c60"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-89 SQL Injection",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Chloe Chamberland"
}
],
"source": {
"discovery": "UNKNOWN"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

144
2021/24xxx/CVE-2021-24202.json
View File

@ -1,80 +1,80 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-24202",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Heading Widget"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Elementor Website Builder",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.1.4",
"version_value": "3.1.4"
"CVE_data_meta": {
"ID": "CVE-2021-24202",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Heading Widget"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Elementor Website Builder",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.1.4",
"version_value": "3.1.4"
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Elementor Website Builder WordPress plugin before 3.1.4, the heading widget (includes/widgets/heading.php) accepts a header_size parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified save_builder request with this parameter set to script and combined with a title parameter containing JavaScript, which will then be executed when the saved page is viewed or previewed."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/b72bd13d-c8e2-4347-b009-542fc0fe21bb",
"name": "https://wpscan.com/vulnerability/b72bd13d-c8e2-4347-b009-542fc0fe21bb"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/03/cross-site-scripting-vulnerabilities-in-elementor-impact-over-7-million-sites/",
"name": "https://www.wordfence.com/blog/2021/03/cross-site-scripting-vulnerabilities-in-elementor-impact-over-7-million-sites/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Elementor Website Builder WordPress plugin before 3.1.4, the heading widget (includes/widgets/heading.php) accepts a \u2018header_size\u2019 parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified \u2018save_builder\u2019 request with this parameter set to \u2018script\u2019 and combined with a \u2018title\u2019 parameter containing JavaScript, which will then be executed when the saved page is viewed or previewed."
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/03/cross-site-scripting-vulnerabilities-in-elementor-impact-over-7-million-sites/",
"name": "https://www.wordfence.com/blog/2021/03/cross-site-scripting-vulnerabilities-in-elementor-impact-over-7-million-sites/"
},
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/b72bd13d-c8e2-4347-b009-542fc0fe21bb",
"name": "https://wpscan.com/vulnerability/b72bd13d-c8e2-4347-b009-542fc0fe21bb"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
}
],
"source": {
"discovery": "UNKNOWN"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

144
2021/24xxx/CVE-2021-24203.json
View File

@ -1,80 +1,80 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-24203",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Divider Widget"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Elementor Website Builder",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.1.4",
"version_value": "3.1.4"
"CVE_data_meta": {
"ID": "CVE-2021-24203",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Divider Widget"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Elementor Website Builder",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.1.4",
"version_value": "3.1.4"
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Elementor Website Builder WordPress plugin before 3.1.4, the divider widget (includes/widgets/divider.php) accepts an html_tag parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified save_builder request with this parameter set to script and combined with a text parameter containing JavaScript, which will then be executed when the saved page is viewed or previewed."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/aa152ad0-5b3d-4d1f-88f4-6899a546e72e",
"name": "https://wpscan.com/vulnerability/aa152ad0-5b3d-4d1f-88f4-6899a546e72e"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/03/cross-site-scripting-vulnerabilities-in-elementor-impact-over-7-million-sites/",
"name": "https://www.wordfence.com/blog/2021/03/cross-site-scripting-vulnerabilities-in-elementor-impact-over-7-million-sites/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Elementor Website Builder WordPress plugin before 3.1.4, the divider widget (includes/widgets/divider.php) accepts an \u2018html_tag\u2019 parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified \u2018save_builder\u2019 request with this parameter set to \u2018script\u2019 and combined with a \u2018text\u2019 parameter containing JavaScript, which will then be executed when the saved page is viewed or previewed."
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/03/cross-site-scripting-vulnerabilities-in-elementor-impact-over-7-million-sites/",
"name": "https://www.wordfence.com/blog/2021/03/cross-site-scripting-vulnerabilities-in-elementor-impact-over-7-million-sites/"
},
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/aa152ad0-5b3d-4d1f-88f4-6899a546e72e",
"name": "https://wpscan.com/vulnerability/aa152ad0-5b3d-4d1f-88f4-6899a546e72e"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
}
],
"source": {
"discovery": "UNKNOWN"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

144
2021/24xxx/CVE-2021-24204.json
View File

@ -1,80 +1,80 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-24204",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Accordion Widget"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Elementor Website Builder",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.1.4",
"version_value": "3.1.4"
"CVE_data_meta": {
"ID": "CVE-2021-24204",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Accordion Widget"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Elementor Website Builder",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.1.4",
"version_value": "3.1.4"
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Elementor Website Builder WordPress plugin before 3.1.4, the accordion widget (includes/widgets/accordion.php) accepts a title_html_tag parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified save_builder request containing JavaScript in the title_html_tag parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/772e172f-c8b4-4a6a-9eb9-9663295cfedf",
"name": "https://wpscan.com/vulnerability/772e172f-c8b4-4a6a-9eb9-9663295cfedf"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/03/cross-site-scripting-vulnerabilities-in-elementor-impact-over-7-million-sites/",
"name": "https://www.wordfence.com/blog/2021/03/cross-site-scripting-vulnerabilities-in-elementor-impact-over-7-million-sites/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Elementor Website Builder WordPress plugin before 3.1.4, the accordion widget (includes/widgets/accordion.php) accepts a \u2018title_html_tag\u2019 parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified \u2018save_builder\u2019 request containing JavaScript in the \u2018title_html_tag\u2019 parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed."
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/03/cross-site-scripting-vulnerabilities-in-elementor-impact-over-7-million-sites/",
"name": "https://www.wordfence.com/blog/2021/03/cross-site-scripting-vulnerabilities-in-elementor-impact-over-7-million-sites/"
},
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/772e172f-c8b4-4a6a-9eb9-9663295cfedf",
"name": "https://wpscan.com/vulnerability/772e172f-c8b4-4a6a-9eb9-9663295cfedf"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
}
],
"source": {
"discovery": "UNKNOWN"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

144
2021/24xxx/CVE-2021-24205.json
View File

@ -1,80 +1,80 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-24205",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Icon Box Widget"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Elementor Website Builder",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.1.4",
"version_value": "3.1.4"
"CVE_data_meta": {
"ID": "CVE-2021-24205",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Icon Box Widget"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Elementor Website Builder",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.1.4",
"version_value": "3.1.4"
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Elementor Website Builder WordPress plugin before 3.1.4, the icon box widget (includes/widgets/icon-box.php) accepts a title_size parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified save_builder request containing JavaScript in the title_size parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/ef23df6d-e265-44f6-bb94-1005b16d34d9",
"name": "https://wpscan.com/vulnerability/ef23df6d-e265-44f6-bb94-1005b16d34d9"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/03/cross-site-scripting-vulnerabilities-in-elementor-impact-over-7-million-sites/",
"name": "https://www.wordfence.com/blog/2021/03/cross-site-scripting-vulnerabilities-in-elementor-impact-over-7-million-sites/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Elementor Website Builder WordPress plugin before 3.1.4, the icon box widget (includes/widgets/icon-box.php) accepts a \u2018title_size\u2019 parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified \u2018save_builder\u2019 request containing JavaScript in the \u2018title_size\u2019 parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed."
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/03/cross-site-scripting-vulnerabilities-in-elementor-impact-over-7-million-sites/",
"name": "https://www.wordfence.com/blog/2021/03/cross-site-scripting-vulnerabilities-in-elementor-impact-over-7-million-sites/"
},
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/ef23df6d-e265-44f6-bb94-1005b16d34d9",
"name": "https://wpscan.com/vulnerability/ef23df6d-e265-44f6-bb94-1005b16d34d9"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
}
],
"source": {
"discovery": "UNKNOWN"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

144
2021/24xxx/CVE-2021-24206.json
View File

@ -1,80 +1,80 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-24206",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Image Box Widget"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Elementor Website Builder",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.1.4",
"version_value": "3.1.4"
"CVE_data_meta": {
"ID": "CVE-2021-24206",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Image Box Widget"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Elementor Website Builder",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.1.4",
"version_value": "3.1.4"
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Elementor Website Builder WordPress plugin before 3.1.4, the image box widget (includes/widgets/image-box.php) accepts a title_size parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified save_builder request containing JavaScript in the title_size parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/2f66efd9-7d55-4f33-9109-3cb583a0c309",
"name": "https://wpscan.com/vulnerability/2f66efd9-7d55-4f33-9109-3cb583a0c309"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/03/cross-site-scripting-vulnerabilities-in-elementor-impact-over-7-million-sites/",
"name": "https://www.wordfence.com/blog/2021/03/cross-site-scripting-vulnerabilities-in-elementor-impact-over-7-million-sites/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Elementor Website Builder WordPress plugin before 3.1.4, the image box widget (includes/widgets/image-box.php) accepts a \u2018title_size\u2019 parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified \u2018save_builder\u2019 request containing JavaScript in the \u2018title_size\u2019 parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed."
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/03/cross-site-scripting-vulnerabilities-in-elementor-impact-over-7-million-sites/",
"name": "https://www.wordfence.com/blog/2021/03/cross-site-scripting-vulnerabilities-in-elementor-impact-over-7-million-sites/"
},
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/2f66efd9-7d55-4f33-9109-3cb583a0c309",
"name": "https://wpscan.com/vulnerability/2f66efd9-7d55-4f33-9109-3cb583a0c309"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
}
],
"source": {
"discovery": "UNKNOWN"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

144
2021/24xxx/CVE-2021-24208.json
View File

@ -1,80 +1,80 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-24208",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "WP Page Builder < 1.2.4 - Multiple Stored Cross-Site scripting (XSS)"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "WP Page Builder",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.2.4",
"version_value": "1.2.4"
"CVE_data_meta": {
"ID": "CVE-2021-24208",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "WP Page Builder < 1.2.4 - Multiple Stored Cross-Site scripting (XSS)"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "WP Page Builder",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.2.4",
"version_value": "1.2.4"
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The editor of the WP Page Builder WordPress plugin before 1.2.4 allows lower-privileged users to insert unfiltered HTML, including JavaScript, into pages via the “Raw HTML” widget and the “Custom HTML” widgets (though the custom HTML widget requires sending a crafted request - it appears that this widget uses some form of client side validation but not server side validation), all of which are added via the “page_builder_data” parameter when performing the “wppb_page_save” AJAX action. It is also possible to insert malicious JavaScript via the “wppb_page_css” parameter (this can be done by closing out the style tag and opening a script tag) when performing the “wppb_page_save” AJAX action."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/c20e243d-b0de-4ae5-9a0d-b9d02c9b8141",
"name": "https://wpscan.com/vulnerability/c20e243d-b0de-4ae5-9a0d-b9d02c9b8141"
},
{
"refsource": "MISC",
"url": "https://www.themeum.com/wp-page-builder-updated-v1-2-4/",
"name": "https://www.themeum.com/wp-page-builder-updated-v1-2-4/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The editor of the WP Page Builder WordPress plugin before 1.2.4 allows lower-privileged users to insert unfiltered HTML, including JavaScript, into pages via the \u201cRaw HTML\u201d widget and the \u201cCustom HTML\u201d widgets (though the custom HTML widget requires sending a crafted request - it appears that this widget uses some form of client side validation but not server side validation), all of which are added via the \u201cpage_builder_data\u201d parameter when performing the \u201cwppb_page_save\u201d AJAX action. It is also possible to insert malicious JavaScript via the \u201cwppb_page_css\u201d parameter (this can be done by closing out the style tag and opening a script tag) when performing the \u201cwppb_page_save\u201d AJAX action."
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.themeum.com/wp-page-builder-updated-v1-2-4/",
"name": "https://www.themeum.com/wp-page-builder-updated-v1-2-4/"
},
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/c20e243d-b0de-4ae5-9a0d-b9d02c9b8141",
"name": "https://wpscan.com/vulnerability/c20e243d-b0de-4ae5-9a0d-b9d02c9b8141"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
}
],
"source": {
"discovery": "UNKNOWN"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

5
2021/27xxx/CVE-2021-27807.json
View File

@ -144,6 +144,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2021-dc83ae690a",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AVLKAHFMPH72TTP25INPZPGX5FODK3H/"
},
{
"refsource": "MLIST",
"name": "[ofbiz-notifications] 20210405 [jira] [Updated] (OFBIZ-12205) Upgrade Apache PDFBox to 2.0.23 because of CVE-2021-27807 and CVE-2021-27906",
"url": "https://lists.apache.org/thread.html/r6e067a6d83ccb6892d0ff867bd216704f21fb0b6a854dea34be04f12@%3Cnotifications.ofbiz.apache.org%3E"
}
]
},

5
2021/27xxx/CVE-2021-27906.json
View File

@ -144,6 +144,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2021-dc83ae690a",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AVLKAHFMPH72TTP25INPZPGX5FODK3H/"
},
{
"refsource": "MLIST",
"name": "[ofbiz-notifications] 20210405 [jira] [Updated] (OFBIZ-12205) Upgrade Apache PDFBox to 2.0.23 because of CVE-2021-27807 and CVE-2021-27906",
"url": "https://lists.apache.org/thread.html/r6e067a6d83ccb6892d0ff867bd216704f21fb0b6a854dea34be04f12@%3Cnotifications.ofbiz.apache.org%3E"
}
]
},

5
2021/3xxx/CVE-2021-3177.json
View File

@ -156,6 +156,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210226-0003/",
"url": "https://security.netapp.com/advisory/ntap-20210226-0003/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210405 [SECURITY] [DLA 2619-1] python3.5 security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html"
}
]
}