From b2547463a0597be93802ea60ddfa590d372aea76 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 16 Jan 2023 16:00:41 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/2xxx/CVE-2022-2658.json | 71 +++++++++++++++++++++++++++--- 2022/3xxx/CVE-2022-3904.json | 71 +++++++++++++++++++++++++++--- 2022/47xxx/CVE-2022-47630.json | 61 +++++++++++++++++++++++--- 2022/4xxx/CVE-2022-4060.json | 71 +++++++++++++++++++++++++++--- 2022/4xxx/CVE-2022-4101.json | 71 +++++++++++++++++++++++++++--- 2022/4xxx/CVE-2022-4199.json | 71 +++++++++++++++++++++++++++--- 2022/4xxx/CVE-2022-4295.json | 71 +++++++++++++++++++++++++++--- 2022/4xxx/CVE-2022-4299.json | 71 +++++++++++++++++++++++++++--- 2022/4xxx/CVE-2022-4309.json | 71 +++++++++++++++++++++++++++--- 2022/4xxx/CVE-2022-4320.json | 71 +++++++++++++++++++++++++++--- 2022/4xxx/CVE-2022-4327.json | 71 +++++++++++++++++++++++++++--- 2022/4xxx/CVE-2022-4330.json | 71 +++++++++++++++++++++++++++--- 2022/4xxx/CVE-2022-4431.json | 76 +++++++++++++++++++++++++++++--- 2022/4xxx/CVE-2022-4442.json | 71 +++++++++++++++++++++++++++--- 2022/4xxx/CVE-2022-4447.json | 71 +++++++++++++++++++++++++++--- 2022/4xxx/CVE-2022-4449.json | 71 +++++++++++++++++++++++++++--- 2022/4xxx/CVE-2022-4451.json | 71 +++++++++++++++++++++++++++--- 2022/4xxx/CVE-2022-4453.json | 71 +++++++++++++++++++++++++++--- 2022/4xxx/CVE-2022-4460.json | 71 +++++++++++++++++++++++++++--- 2022/4xxx/CVE-2022-4464.json | 71 +++++++++++++++++++++++++++--- 2022/4xxx/CVE-2022-4465.json | 71 +++++++++++++++++++++++++++--- 2022/4xxx/CVE-2022-4469.json | 71 +++++++++++++++++++++++++++--- 2022/4xxx/CVE-2022-4476.json | 71 +++++++++++++++++++++++++++--- 2022/4xxx/CVE-2022-4477.json | 71 +++++++++++++++++++++++++++--- 2022/4xxx/CVE-2022-4478.json | 71 +++++++++++++++++++++++++++--- 2022/4xxx/CVE-2022-4480.json | 71 +++++++++++++++++++++++++++--- 2022/4xxx/CVE-2022-4481.json | 71 +++++++++++++++++++++++++++--- 2022/4xxx/CVE-2022-4482.json | 71 +++++++++++++++++++++++++++--- 2022/4xxx/CVE-2022-4483.json | 71 +++++++++++++++++++++++++++--- 2022/4xxx/CVE-2022-4484.json | 71 +++++++++++++++++++++++++++--- 2022/4xxx/CVE-2022-4486.json | 71 +++++++++++++++++++++++++++--- 2022/4xxx/CVE-2022-4487.json | 71 +++++++++++++++++++++++++++--- 2022/4xxx/CVE-2022-4507.json | 71 +++++++++++++++++++++++++++--- 2022/4xxx/CVE-2022-4508.json | 71 +++++++++++++++++++++++++++--- 2022/4xxx/CVE-2022-4544.json | 71 +++++++++++++++++++++++++++--- 2022/4xxx/CVE-2022-4547.json | 80 +++++++++++++++++++++++++++++++--- 2022/4xxx/CVE-2022-4549.json | 71 +++++++++++++++++++++++++++--- 2022/4xxx/CVE-2022-4571.json | 71 +++++++++++++++++++++++++++--- 2022/4xxx/CVE-2022-4578.json | 71 +++++++++++++++++++++++++++--- 2022/4xxx/CVE-2022-4648.json | 71 +++++++++++++++++++++++++++--- 2022/4xxx/CVE-2022-4653.json | 71 +++++++++++++++++++++++++++--- 2022/4xxx/CVE-2022-4655.json | 71 +++++++++++++++++++++++++++--- 2022/4xxx/CVE-2022-4658.json | 71 +++++++++++++++++++++++++++--- 2023/0xxx/CVE-2023-0325.json | 18 ++++++++ 44 files changed, 2859 insertions(+), 216 deletions(-) create mode 100644 2023/0xxx/CVE-2023-0325.json diff --git a/2022/2xxx/CVE-2022-2658.json b/2022/2xxx/CVE-2022-2658.json index b93b3a747d8..34126b7daed 100644 --- a/2022/2xxx/CVE-2022-2658.json +++ b/2022/2xxx/CVE-2022-2658.json @@ -1,18 +1,79 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-2658", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WP Spell Check WordPress plugin before 9.13 does not escape ignored words, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "WP Spell Check", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/e72fa040-3ca5-4570-9a3c-c704574b1ca3", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/e72fa040-3ca5-4570-9a3c-c704574b1ca3" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Marco Nappi" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3904.json b/2022/3xxx/CVE-2022-3904.json index 78cd3452ace..5c0d32fb978 100644 --- a/2022/3xxx/CVE-2022-3904.json +++ b/2022/3xxx/CVE-2022-3904.json @@ -1,18 +1,79 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3904", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The MonsterInsights WordPress plugin before 8.9.1 does not sanitize or escape page titles in the top posts/pages section, allowing an unauthenticated attacker to inject arbitrary web scripts into the titles by spoofing requests to google analytics." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "MonsterInsights", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/244d9ef1-335c-4f65-94ad-27c0c633f6ad", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/244d9ef1-335c-4f65-94ad-27c0c633f6ad" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Grzegorz Niedziela" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47630.json b/2022/47xxx/CVE-2022-47630.json index b9473ad375c..ab048475f22 100644 --- a/2022/47xxx/CVE-2022-47630.json +++ b/2022/47xxx/CVE-2022-47630.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-47630", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-47630", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Trusted Firmware-A through 2.8 has an out-of-bounds read in the X.509 parser for parsing boot certificates. This affects downstream use of get_ext and auth_nvctr. Attackers might be able to trigger dangerous read side effects or obtain sensitive information about microarchitectural state." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.trustedfirmware.org/news/", + "refsource": "MISC", + "name": "https://www.trustedfirmware.org/news/" + }, + { + "refsource": "CONFIRM", + "name": "https://trustedfirmware-a.readthedocs.io/en/latest/security_advisories/security-advisory-tfv-10.html", + "url": "https://trustedfirmware-a.readthedocs.io/en/latest/security_advisories/security-advisory-tfv-10.html" } ] } diff --git a/2022/4xxx/CVE-2022-4060.json b/2022/4xxx/CVE-2022-4060.json index 1d19001927c..4d3de6ace32 100644 --- a/2022/4xxx/CVE-2022-4060.json +++ b/2022/4xxx/CVE-2022-4060.json @@ -1,18 +1,79 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4060", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The User Post Gallery WordPress plugin through 2.19 does not limit what callback functions can be called by users, making it possible to any visitors to run code on sites running it." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-94 Improper Control of Generation of Code ('Code Injection')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "User Post Gallery", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/8f982ebd-6fc5-452d-8280-42e027d01b1e", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/8f982ebd-6fc5-452d-8280-42e027d01b1e" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "cydave" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4101.json b/2022/4xxx/CVE-2022-4101.json index 158049c3819..22392e7bb78 100644 --- a/2022/4xxx/CVE-2022-4101.json +++ b/2022/4xxx/CVE-2022-4101.json @@ -1,18 +1,79 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4101", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Images Optimize and Upload CF7 WordPress plugin through 2.1.4 does not validate the file to be deleted via an AJAX action available to unauthenticated users, which could allow them to delete arbitrary files on the server via path traversal attack." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Images Optimize and Upload CF7", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/2ce4c837-c62c-41ac-95ca-54bb1a6d1eeb", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/2ce4c837-c62c-41ac-95ca-54bb1a6d1eeb" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "cydave" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4199.json b/2022/4xxx/CVE-2022-4199.json index 45a735f5acc..f2e1cfac6ae 100644 --- a/2022/4xxx/CVE-2022-4199.json +++ b/2022/4xxx/CVE-2022-4199.json @@ -1,18 +1,79 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4199", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Link Library WordPress plugin before 7.4.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Link Library", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/c4688c0b-0538-4151-995c-d437d7e4829d", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/c4688c0b-0538-4151-995c-d437d7e4829d" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "iohex" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4295.json b/2022/4xxx/CVE-2022-4295.json index 51b85a3ab34..29e96fa5353 100644 --- a/2022/4xxx/CVE-2022-4295.json +++ b/2022/4xxx/CVE-2022-4295.json @@ -1,18 +1,79 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4295", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Show All Comments WordPress plugin before 7.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a logged in high privilege users such as admin." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Show All Comments", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/4ced1a4d-0c1f-42ad-8473-241c68b92b56", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/4ced1a4d-0c1f-42ad-8473-241c68b92b56" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "cydave" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4299.json b/2022/4xxx/CVE-2022-4299.json index 8c311bcc0b5..a43a1f5e9d2 100644 --- a/2022/4xxx/CVE-2022-4299.json +++ b/2022/4xxx/CVE-2022-4299.json @@ -1,18 +1,79 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4299", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Metricool WordPress plugin before 1.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Metricool", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/169c5611-ed10-4cc3-bd07-09b365adf303", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/169c5611-ed10-4cc3-bd07-09b365adf303" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "qerogram(at Kakao Style Corp.)" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4309.json b/2022/4xxx/CVE-2022-4309.json index 8cf71d5f953..85e714f8e81 100644 --- a/2022/4xxx/CVE-2022-4309.json +++ b/2022/4xxx/CVE-2022-4309.json @@ -1,18 +1,79 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4309", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Subscribe2 WordPress plugin before 10.38 does not have CSRF check when deleting users, which could allow attackers to make a logged in admin delete arbitrary users by knowing their email via a CSRF attack." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Subscribe2", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/1965f53d-c94e-4322-9059-49de69df1051", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/1965f53d-c94e-4322-9059-49de69df1051" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "WPScan" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4320.json b/2022/4xxx/CVE-2022-4320.json index 1fbb1fa88f3..c62cb2b8856 100644 --- a/2022/4xxx/CVE-2022-4320.json +++ b/2022/4xxx/CVE-2022-4320.json @@ -1,18 +1,79 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4320", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WordPress Events Calendar WordPress plugin before 1.4.5 does not sanitize and escapes a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against both unauthenticated and authenticated users (such as high-privilege ones like admin)." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "WordPress Events Calendar Plugin", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/f1244c57-d886-4a6e-8cdb-18404e8c153c", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/f1244c57-d886-4a6e-8cdb-18404e8c153c" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "cydave" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4327.json b/2022/4xxx/CVE-2022-4327.json index 3f8f149a5e9..449d5ee95e5 100644 --- a/2022/4xxx/CVE-2022-4327.json +++ b/2022/4xxx/CVE-2022-4327.json @@ -1,18 +1,79 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4327", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Anti-Malware Security and Brute-Force Firewall WordPress plugin through 4.21.85 is prone to a PHP Object Injection vulnerability due to the unsafe use of unserialize() function. A potential attacker, authenticated as high privilege user could exploit this vulnerability by sending specially crafted requests to the web application containing malicious serialized input." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-502 Deserialization of Untrusted Data" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Anti-Malware Security and Brute-Force Firewall", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/2c94e7b6-a9dd-47d4-bb17-20acb072c825", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/2c94e7b6-a9dd-47d4-bb17-20acb072c825" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "thinhnguyen1337" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4330.json b/2022/4xxx/CVE-2022-4330.json index 97303f26f93..490afe4a9b0 100644 --- a/2022/4xxx/CVE-2022-4330.json +++ b/2022/4xxx/CVE-2022-4330.json @@ -1,18 +1,79 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4330", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WP Attachments WordPress plugin through 5.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "WP Attachments", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/d3c39e17-1dc3-4275-97d8-543ca7226772", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/d3c39e17-1dc3-4275-97d8-543ca7226772" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "iohex" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4431.json b/2022/4xxx/CVE-2022-4431.json index 6a2f6f5c8df..061fd12b760 100644 --- a/2022/4xxx/CVE-2022-4431.json +++ b/2022/4xxx/CVE-2022-4431.json @@ -1,18 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4431", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WOOCS WordPress plugin before 1.3.9.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "WOOCS", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/c7d12fd4-7346-4727-9f6c-7e7e5524a932", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/c7d12fd4-7346-4727-9f6c-7e7e5524a932" + }, + { + "url": "https://wpscan.com/vulnerability/860b882b-983c-44b5-8c09-b6890df8a0da", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/860b882b-983c-44b5-8c09-b6890df8a0da" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Lana Codes" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4442.json b/2022/4xxx/CVE-2022-4442.json index 906184cbd88..dd19953ae52 100644 --- a/2022/4xxx/CVE-2022-4442.json +++ b/2022/4xxx/CVE-2022-4442.json @@ -1,18 +1,79 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4442", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Custom Post Types and Custom Fields creator WordPress plugin before 2.3.3 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup)." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Custom Post Types and Custom Fields creator", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/12766537-df59-49d6-815a-4d68265a4c4a", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/12766537-df59-49d6-815a-4d68265a4c4a" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Do Nguyen" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4447.json b/2022/4xxx/CVE-2022-4447.json index 1800498cb25..be2f9b95033 100644 --- a/2022/4xxx/CVE-2022-4447.json +++ b/2022/4xxx/CVE-2022-4447.json @@ -1,18 +1,79 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4447", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Fontsy WordPress plugin through 1.8.6 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Fontsy", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/6939c405-ac62-4144-bd86-944d7b89d0ad", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/6939c405-ac62-4144-bd86-944d7b89d0ad" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "cydave" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4449.json b/2022/4xxx/CVE-2022-4449.json index cbeb59443f1..5338ee7ccd4 100644 --- a/2022/4xxx/CVE-2022-4449.json +++ b/2022/4xxx/CVE-2022-4449.json @@ -1,18 +1,79 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4449", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Page scroll to id WordPress plugin before 1.7.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Page scroll to id", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/a4895f8d-5a4c-49cb-b144-b761ed82923d", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/a4895f8d-5a4c-49cb-b144-b761ed82923d" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Lana Codes" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4451.json b/2022/4xxx/CVE-2022-4451.json index 4774ba11657..3d9d2b50395 100644 --- a/2022/4xxx/CVE-2022-4451.json +++ b/2022/4xxx/CVE-2022-4451.json @@ -1,18 +1,79 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4451", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Social Sharing WordPress plugin before 3.3.45 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Social Sharing Plugin", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/a28f52a4-fd57-4f46-8983-f34c71ec88d5", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/a28f52a4-fd57-4f46-8983-f34c71ec88d5" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Lana Codes" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4453.json b/2022/4xxx/CVE-2022-4453.json index 8f6a0096144..a260089ca7b 100644 --- a/2022/4xxx/CVE-2022-4453.json +++ b/2022/4xxx/CVE-2022-4453.json @@ -1,18 +1,79 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4453", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The 3D FlipBook WordPress plugin through 1.13.2 does not validate or escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks against high privilege users like administrators." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "3D FlipBook", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/120bdcb3-4288-4101-b738-cc84d02da171", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/120bdcb3-4288-4101-b738-cc84d02da171" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Lana Codes" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4460.json b/2022/4xxx/CVE-2022-4460.json index ecd05136b4e..d5e9d7ffc0e 100644 --- a/2022/4xxx/CVE-2022-4460.json +++ b/2022/4xxx/CVE-2022-4460.json @@ -1,18 +1,79 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4460", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Sidebar Widgets by CodeLights WordPress plugin through 1.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high-privilege users such as admins." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Sidebar Widgets by CodeLights", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/034c4c75-42a4-4884-b63f-f9d4d2d6aebc", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/034c4c75-42a4-4884-b63f-f9d4d2d6aebc" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Lana Codes" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4464.json b/2022/4xxx/CVE-2022-4464.json index fae19a538c7..25e88caeb3e 100644 --- a/2022/4xxx/CVE-2022-4464.json +++ b/2022/4xxx/CVE-2022-4464.json @@ -1,18 +1,79 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4464", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Themify Portfolio Post WordPress plugin before 1.2.1 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privileged users such as admin." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Themify Portfolio Post", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/1d3636c1-976f-4c84-8cca-413e38170d0c", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/1d3636c1-976f-4c84-8cca-413e38170d0c" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Lana Codes" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4465.json b/2022/4xxx/CVE-2022-4465.json index 46a172c8b97..13007f9f33e 100644 --- a/2022/4xxx/CVE-2022-4465.json +++ b/2022/4xxx/CVE-2022-4465.json @@ -1,18 +1,79 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4465", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WP Video Lightbox WordPress plugin before 1.9.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "WP Video Lightbox", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/28abe589-1371-4ed2-90b6-2bb96c93832c", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/28abe589-1371-4ed2-90b6-2bb96c93832c" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Lana Codes" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4469.json b/2022/4xxx/CVE-2022-4469.json index c7068a3bd86..1568cebd307 100644 --- a/2022/4xxx/CVE-2022-4469.json +++ b/2022/4xxx/CVE-2022-4469.json @@ -1,18 +1,79 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4469", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Simple Membership WordPress plugin before 4.2.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Simple Membership", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/b195c373-1db9-4fd7-98d0-0860dacd189e", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/b195c373-1db9-4fd7-98d0-0860dacd189e" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Lana Codes" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4476.json b/2022/4xxx/CVE-2022-4476.json index 8769371697a..b7432fee783 100644 --- a/2022/4xxx/CVE-2022-4476.json +++ b/2022/4xxx/CVE-2022-4476.json @@ -1,18 +1,79 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4476", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Download Manager WordPress plugin before 3.2.62 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Download Manager", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/856cac0f-2526-4978-acad-d6d82a0bec45", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/856cac0f-2526-4978-acad-d6d82a0bec45" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Lana Codes" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4477.json b/2022/4xxx/CVE-2022-4477.json index 080e3fc014b..ee3f3bb6441 100644 --- a/2022/4xxx/CVE-2022-4477.json +++ b/2022/4xxx/CVE-2022-4477.json @@ -1,18 +1,79 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4477", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Smash Balloon Social Post Feed WordPress plugin before 4.1.6 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Smash Balloon Social Post Feed", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/c32a4c58-9f2b-4afa-9a21-4b4a5c4c4c41", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/c32a4c58-9f2b-4afa-9a21-4b4a5c4c4c41" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Lana Codes" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4478.json b/2022/4xxx/CVE-2022-4478.json index 9ff3e67c2bf..1a9b97f9074 100644 --- a/2022/4xxx/CVE-2022-4478.json +++ b/2022/4xxx/CVE-2022-4478.json @@ -1,18 +1,79 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4478", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Font Awesome WordPress plugin before 4.3.2 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Font Awesome", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/4de75de5-e557-46df-9675-e3f0220f4003", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/4de75de5-e557-46df-9675-e3f0220f4003" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Lana Codes" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4480.json b/2022/4xxx/CVE-2022-4480.json index 2d67fc470eb..c4f628c3702 100644 --- a/2022/4xxx/CVE-2022-4480.json +++ b/2022/4xxx/CVE-2022-4480.json @@ -1,18 +1,79 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4480", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Click to Chat WordPress plugin before 3.18.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Click to Chat", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/1666f91d-3aa2-487d-a31b-44d051ab0124", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/1666f91d-3aa2-487d-a31b-44d051ab0124" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Lana Codes" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4481.json b/2022/4xxx/CVE-2022-4481.json index 1ec7b3e1614..ef7dda26a68 100644 --- a/2022/4xxx/CVE-2022-4481.json +++ b/2022/4xxx/CVE-2022-4481.json @@ -1,18 +1,79 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4481", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Mesmerize Companion WordPress plugin before 1.6.135 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Mesmerize Companion", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/9dc9d377-635d-4d4f-9916-33bcedbba6f0", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/9dc9d377-635d-4d4f-9916-33bcedbba6f0" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Lana Codes" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4482.json b/2022/4xxx/CVE-2022-4482.json index 8c6c985afb3..d76229dfee1 100644 --- a/2022/4xxx/CVE-2022-4482.json +++ b/2022/4xxx/CVE-2022-4482.json @@ -1,18 +1,79 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4482", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Carousel, Slider, Gallery by WP Carousel WordPress plugin before 2.5.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Carousel, Slider, Gallery by WP Carousel", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/389b71d6-b0e6-4e36-b9ca-9d8dab75bb0a", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/389b71d6-b0e6-4e36-b9ca-9d8dab75bb0a" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Lana Codes" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4483.json b/2022/4xxx/CVE-2022-4483.json index 24f6914ebb6..cffe95a0fa2 100644 --- a/2022/4xxx/CVE-2022-4483.json +++ b/2022/4xxx/CVE-2022-4483.json @@ -1,18 +1,79 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4483", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Insert Pages WordPress plugin before 3.7.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Insert Pages", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/a1786400-dc62-489c-b986-ba17c9833179", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/a1786400-dc62-489c-b986-ba17c9833179" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Lana Codes" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4484.json b/2022/4xxx/CVE-2022-4484.json index e57f537f31c..92e02e70305 100644 --- a/2022/4xxx/CVE-2022-4484.json +++ b/2022/4xxx/CVE-2022-4484.json @@ -1,18 +1,79 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4484", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Social Share, Social Login and Social Comments Plugin WordPress plugin before 7.13.44 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Social Share, Social Login and Social Comments Plugin", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/91252899-029d-49be-859e-7d2c4a70efea", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/91252899-029d-49be-859e-7d2c4a70efea" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Lana Codes" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4486.json b/2022/4xxx/CVE-2022-4486.json index e99116605a4..da9cea887bc 100644 --- a/2022/4xxx/CVE-2022-4486.json +++ b/2022/4xxx/CVE-2022-4486.json @@ -1,18 +1,79 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4486", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Meteor Slides WordPress plugin through 1.5.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Meteor Slides", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/d0afd17c-09cd-4ab5-95a5-6ac8c3c0a50b", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/d0afd17c-09cd-4ab5-95a5-6ac8c3c0a50b" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Lana Codes" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4487.json b/2022/4xxx/CVE-2022-4487.json index 9ef3c24bd97..ba843118386 100644 --- a/2022/4xxx/CVE-2022-4487.json +++ b/2022/4xxx/CVE-2022-4487.json @@ -1,18 +1,79 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4487", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Easy Accordion WordPress plugin before 2.2.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Easy Accordion", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/6130958f-f549-4885-adb1-093aa025920e", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/6130958f-f549-4885-adb1-093aa025920e" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Lana Codes" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4507.json b/2022/4xxx/CVE-2022-4507.json index 1a1e50d03ea..fc4e31a2632 100644 --- a/2022/4xxx/CVE-2022-4507.json +++ b/2022/4xxx/CVE-2022-4507.json @@ -1,18 +1,79 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4507", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Real Cookie Banner WordPress plugin before 3.4.10 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Real Cookie Banner: GDPR (DSGVO) & ePrivacy Cookie Consent", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/93c61a70-5624-4c4d-ac3a-c598aec4f8b6", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/93c61a70-5624-4c4d-ac3a-c598aec4f8b6" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Lana Codes" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4508.json b/2022/4xxx/CVE-2022-4508.json index 3f3066abb33..bbd6be0ccf8 100644 --- a/2022/4xxx/CVE-2022-4508.json +++ b/2022/4xxx/CVE-2022-4508.json @@ -1,18 +1,79 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4508", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The ConvertKit WordPress plugin before 2.0.5 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high-privilege users such as admins." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "ConvertKit", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/5101a979-7a53-40bf-8988-6347ef851eab", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/5101a979-7a53-40bf-8988-6347ef851eab" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Lana Codes" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4544.json b/2022/4xxx/CVE-2022-4544.json index d4399e0615e..6b60c085822 100644 --- a/2022/4xxx/CVE-2022-4544.json +++ b/2022/4xxx/CVE-2022-4544.json @@ -1,18 +1,79 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4544", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The MashShare WordPress plugin before 3.8.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Social Media Share Buttons | MashShare", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/96e34d3d-627f-42f2-bfdb-c9d47dbf396c", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/96e34d3d-627f-42f2-bfdb-c9d47dbf396c" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Lana Codes" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4547.json b/2022/4xxx/CVE-2022-4547.json index daf87b96aca..2a80c5d2037 100644 --- a/2022/4xxx/CVE-2022-4547.json +++ b/2022/4xxx/CVE-2022-4547.json @@ -1,18 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4547", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Conditional Payment Methods for WooCommerce WordPress plugin through 1.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by [high privilege users such as admin|users with a role as low as admin." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Conditional Payment Methods for WooCommerce", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/fe1514b4-74e1-4c19-8741-c0d4db9bab99", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/fe1514b4-74e1-4c19-8741-c0d4db9bab99" + }, + { + "url": "https://bulletin.iese.de/post/conditional-payment-methods-for-woocommerce_1-0/", + "refsource": "MISC", + "name": "https://bulletin.iese.de/post/conditional-payment-methods-for-woocommerce_1-0/" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Kunal Sharma (University of Kaiserslautern)" + }, + { + "lang": "en", + "value": "Daniel Krohmer (Fraunhofer IESE)" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4549.json b/2022/4xxx/CVE-2022-4549.json index 3e9bf0befa2..510f297060f 100644 --- a/2022/4xxx/CVE-2022-4549.json +++ b/2022/4xxx/CVE-2022-4549.json @@ -1,18 +1,79 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4549", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Tickera WordPress plugin before 3.5.1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Tickera", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/06e1be38-fc1a-4799-a006-556b678ae701", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/06e1be38-fc1a-4799-a006-556b678ae701" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "rezaduty" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4571.json b/2022/4xxx/CVE-2022-4571.json index 92c1118ede7..316d5ef75c9 100644 --- a/2022/4xxx/CVE-2022-4571.json +++ b/2022/4xxx/CVE-2022-4571.json @@ -1,18 +1,79 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4571", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Seriously Simple Podcasting WordPress plugin before 2.19.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Seriously Simple Podcasting", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/128b150b-3950-4cc5-b46a-5707f7a0df00", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/128b150b-3950-4cc5-b46a-5707f7a0df00" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Lana Codes" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4578.json b/2022/4xxx/CVE-2022-4578.json index cf0ca600a66..d96625bef9a 100644 --- a/2022/4xxx/CVE-2022-4578.json +++ b/2022/4xxx/CVE-2022-4578.json @@ -1,18 +1,79 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4578", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Video Conferencing with Zoom WordPress plugin before 4.0.10 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Video Conferencing with Zoom", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/fad16c68-9f14-4866-b241-40468fb71494", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/fad16c68-9f14-4866-b241-40468fb71494" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Lana Codes" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4648.json b/2022/4xxx/CVE-2022-4648.json index b041e7c7036..9e8db7ca5db 100644 --- a/2022/4xxx/CVE-2022-4648.json +++ b/2022/4xxx/CVE-2022-4648.json @@ -1,18 +1,79 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4648", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Real Testimonials WordPress plugin before 2.6.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Real Testimonials", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/9bbfb664-5b83-452b-82bb-562a1e18eb65", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/9bbfb664-5b83-452b-82bb-562a1e18eb65" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Lana Codes" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4653.json b/2022/4xxx/CVE-2022-4653.json index b6a3a90b041..701aa10b019 100644 --- a/2022/4xxx/CVE-2022-4653.json +++ b/2022/4xxx/CVE-2022-4653.json @@ -1,18 +1,79 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4653", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Greenshift WordPress plugin before 4.8.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Greenshift", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/fa44ed44-9dac-4b4f-aaa3-503b76034578", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/fa44ed44-9dac-4b4f-aaa3-503b76034578" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Lana Codes" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4655.json b/2022/4xxx/CVE-2022-4655.json index 185e3aef475..3dea0503105 100644 --- a/2022/4xxx/CVE-2022-4655.json +++ b/2022/4xxx/CVE-2022-4655.json @@ -1,18 +1,79 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4655", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Welcart e-Commerce WordPress plugin before 2.8.9 does not validate and escapes one of its shortcode attributes, which could allow users with a role as low as a contributor to perform a Stored Cross-Site Scripting attack." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Welcart e-Commerce", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/a1c70c80-e952-4cc7-aca0-c2dde3fa08a9", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/a1c70c80-e952-4cc7-aca0-c2dde3fa08a9" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Lana Codes" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4658.json b/2022/4xxx/CVE-2022-4658.json index 48a62fe2d7a..d4db319c511 100644 --- a/2022/4xxx/CVE-2022-4658.json +++ b/2022/4xxx/CVE-2022-4658.json @@ -1,18 +1,79 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4658", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The RSSImport WordPress plugin through 4.6.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "RSSImport", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/c7a17eb9-2811-45ba-bab3-f53b2fa7d051", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/c7a17eb9-2811-45ba-bab3-f53b2fa7d051" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Lana Codes" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2023/0xxx/CVE-2023-0325.json b/2023/0xxx/CVE-2023-0325.json new file mode 100644 index 00000000000..cfcadf1d7cb --- /dev/null +++ b/2023/0xxx/CVE-2023-0325.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-0325", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file