diff --git a/2022/1xxx/CVE-2022-1194.json b/2022/1xxx/CVE-2022-1194.json index f6e29e2a928..4d6cee0201d 100644 --- a/2022/1xxx/CVE-2022-1194.json +++ b/2022/1xxx/CVE-2022-1194.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-1194", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-1194", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Mobile Events Manager < 1.4.8 - Admin+ CSV Injection" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Mobile Events Manager", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.4.8", + "version_value": "1.4.8" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Mobile Events Manager WordPress plugin before 1.4.8 does not properly escape the Enquiry source field when exporting events, or the Paid for field when exporting transactions as CSV, leading to a CSV injection vulnerability." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/62be0991-f095-43cf-a167-3daaed254594", + "name": "https://wpscan.com/vulnerability/62be0991-f095-43cf-a167-3daaed254594" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Varun thorat" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2351.json b/2022/2xxx/CVE-2022-2351.json index f116ce16338..5bbe343902b 100644 --- a/2022/2xxx/CVE-2022-2351.json +++ b/2022/2xxx/CVE-2022-2351.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-2351", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-2351", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Post SMTP < 2.1.4 - Admin+ Stored Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Post SMTP Mailer/Email Log", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.1.4", + "version_value": "2.1.4" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Post SMTP Mailer/Email Log WordPress plugin before 2.1.4 does not escape some of its settings before outputting them in the admins dashboard, allowing high privilege users to perform Cross-Site Scripting attacks against other users even when the unfiltered_html capability is disallowed." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/f3fda033-58f5-446d-ade4-2336a39bfb87", + "name": "https://wpscan.com/vulnerability/f3fda033-58f5-446d-ade4-2336a39bfb87" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-Site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Raad Haddad of Cloudyrion GmbH" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2575.json b/2022/2xxx/CVE-2022-2575.json index 321535187b0..ebe9ab8eee0 100644 --- a/2022/2xxx/CVE-2022-2575.json +++ b/2022/2xxx/CVE-2022-2575.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-2575", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-2575", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "WBW Currency Switcher for WooCommerce < 1.6.6 - Admin+ Stored XSS" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "WBW Currency Switcher for WooCommerce", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.6.6", + "version_value": "1.6.6" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WBW Currency Switcher for WooCommerce WordPress plugin before 1.6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/e934af78-9dfd-4e14-853d-dc453de6e365", + "name": "https://wpscan.com/vulnerability/e934af78-9dfd-4e14-853d-dc453de6e365" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-Site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Asif Nawaz Minhas" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2635.json b/2022/2xxx/CVE-2022-2635.json index ed1141c3d72..52791fe40c8 100644 --- a/2022/2xxx/CVE-2022-2635.json +++ b/2022/2xxx/CVE-2022-2635.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-2635", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-2635", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Autoptimize < 3.1.1 - Admin+ Stored Cross Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Autoptimize", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.1.1", + "version_value": "3.1.1" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Autoptimize WordPress plugin before 3.1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/219767a8-2427-42d5-8734-bd197d9ab46b", + "name": "https://wpscan.com/vulnerability/219767a8-2427-42d5-8734-bd197d9ab46b" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-Site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Raad Haddad of Cloudyrion GmbH" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2654.json b/2022/2xxx/CVE-2022-2654.json index 9906143d28a..e9d33b98fb7 100644 --- a/2022/2xxx/CVE-2022-2654.json +++ b/2022/2xxx/CVE-2022-2654.json @@ -1,18 +1,171 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-2654", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-2654", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Classima < 2.1.11 - Reflected Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Classified Listing – Classified ads & Business Directory Plugin", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.2.14", + "version_value": "2.2.14" + } + ] + } + }, + { + "product_name": "Classified Listing Pro - Classified ads & Business Directory Plugin", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.0.20", + "version_value": "2.0.20" + } + ] + } + }, + { + "product_name": "Classified Listing Store & Membership Addon", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.4.20", + "version_value": "1.4.20" + } + ] + } + }, + { + "product_name": "Classima Core", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.10", + "version_value": "1.10" + } + ] + } + }, + { + "product_name": "Classima", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.1.11", + "version_value": "2.1.11" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Classima WordPress theme before 2.1.11 and some of its required plugins (Classified Listing before 2.2.14, Classified Listing Pro before 2.0.20, Classified Listing Store & Membership before 1.4.20 and Classima Core before 1.10) do not escape a parameter before outputting it back in attributes, leading to Reflected Cross-Site Scripting" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/845f44ca-f572-48d7-a19a-89cace0b8993", + "name": "https://wpscan.com/vulnerability/845f44ca-f572-48d7-a19a-89cace0b8993" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-Site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Team ISH Tecnologia (Thiago Martins" + }, + { + "lang": "eng", + "value": "Jorge Buzeti" + }, + { + "lang": "eng", + "value": "Leandro Inacio" + }, + { + "lang": "eng", + "value": "Lucas de Souza" + }, + { + "lang": "eng", + "value": "Matheus Oliveira" + }, + { + "lang": "eng", + "value": "Filipe Baptistella" + }, + { + "lang": "eng", + "value": "Leonardo Paiva" + }, + { + "lang": "eng", + "value": "Jose Thomaz" + }, + { + "lang": "eng", + "value": "Joao Maciel" + }, + { + "lang": "eng", + "value": "Vinicius Pereira" + }, + { + "lang": "eng", + "value": "Geovanni Campos" + }, + { + "lang": "eng", + "value": "Hudson Nowak" + }, + { + "lang": "eng", + "value": "Guilherme Acerbi) and Islan Ferreira." + } + ], + "source": { + "discovery": "EXTERNAL" + } +} diff --git a/2022/2xxx/CVE-2022-2655.json b/2022/2xxx/CVE-2022-2655.json index 222278c0acf..fa4076b4e9c 100644 --- a/2022/2xxx/CVE-2022-2655.json +++ b/2022/2xxx/CVE-2022-2655.json @@ -1,18 +1,123 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-2655", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-2655", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Classified Listing Pro < 2.0.20 - Reflected Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Classified Listing Pro - Classified ads & Business Directory Plugin", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.0.20", + "version_value": "2.0.20" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Classified Listing Pro WordPress plugin before 2.0.20 does not escape a generated URL before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/acc9675a-56f6-411a-9594-07144c2aad1b", + "name": "https://wpscan.com/vulnerability/acc9675a-56f6-411a-9594-07144c2aad1b" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-Site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Team ISH Tecnologia (Thiago Martins" + }, + { + "lang": "eng", + "value": "Jorge Buzeti" + }, + { + "lang": "eng", + "value": "Leandro Inacio" + }, + { + "lang": "eng", + "value": "Lucas de Souza" + }, + { + "lang": "eng", + "value": "Matheus Oliveira" + }, + { + "lang": "eng", + "value": "Filipe Baptistella" + }, + { + "lang": "eng", + "value": "Leonardo Paiva" + }, + { + "lang": "eng", + "value": "Jose Thomaz" + }, + { + "lang": "eng", + "value": "Joao Maciel" + }, + { + "lang": "eng", + "value": "Vinicius Pereira" + }, + { + "lang": "eng", + "value": "Geovanni Campos" + }, + { + "lang": "eng", + "value": "Hudson Nowak" + }, + { + "lang": "eng", + "value": "Guilherme Acerbi) and Islan Ferreira." + } + ], + "source": { + "discovery": "EXTERNAL" + } +} diff --git a/2022/2xxx/CVE-2022-2669.json b/2022/2xxx/CVE-2022-2669.json index a69ddc938c4..da939269bee 100644 --- a/2022/2xxx/CVE-2022-2669.json +++ b/2022/2xxx/CVE-2022-2669.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-2669", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-2669", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "WP Taxonomy Import <= 1.0.4 - Reflected Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "WP Taxonomy Import", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.0.4", + "version_value": "1.0.4" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WP Taxonomy Import WordPress plugin through 1.0.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/792d9f22-abf6-47b2-a247-d0cdb705cd81", + "name": "https://wpscan.com/vulnerability/792d9f22-abf6-47b2-a247-d0cdb705cd81" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-Site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "kaikaix" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2737.json b/2022/2xxx/CVE-2022-2737.json index 809fbbca80b..6248b3bf493 100644 --- a/2022/2xxx/CVE-2022-2737.json +++ b/2022/2xxx/CVE-2022-2737.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-2737", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-2737", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "WP STAGING < 2.9.18 - Admin+ Stored Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "WP STAGING – Backup Duplicator & Migration", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.9.18", + "version_value": "2.9.18" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WP STAGING WordPress plugin before 2.9.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/91bbdeb0-f2df-4500-b856-af0ff68fbb12", + "name": "https://wpscan.com/vulnerability/91bbdeb0-f2df-4500-b856-af0ff68fbb12" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-Site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Raad Haddad of Cloudyrion GmbH" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2798.json b/2022/2xxx/CVE-2022-2798.json index a2206f56291..3c11ae5feb1 100644 --- a/2022/2xxx/CVE-2022-2798.json +++ b/2022/2xxx/CVE-2022-2798.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-2798", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-2798", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Affiliates Manager < 2.9.14 - Affiliate CSV Injection" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Affiliates Manager", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.9.14", + "version_value": "2.9.14" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Affiliates Manager WordPress plugin before 2.9.14 does not validate and sanitise the affiliate data, which could allow users registering as affiliate to perform CSV injection attacks against an admin exporting the data" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/f169567d-c682-4abe-94df-a9d00be90edd", + "name": "https://wpscan.com/vulnerability/f169567d-c682-4abe-94df-a9d00be90edd" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "nhatnam" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2799.json b/2022/2xxx/CVE-2022-2799.json index 80d7720631e..6ffc78c959b 100644 --- a/2022/2xxx/CVE-2022-2799.json +++ b/2022/2xxx/CVE-2022-2799.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-2799", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-2799", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Affiliates Manager < 2.9.14 - Admin+ Stored Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Affiliates Manager", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.9.14", + "version_value": "2.9.14" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Affiliates Manager WordPress plugin before 2.9.14 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/4385370e-cf99-4249-b2c1-90cbfa8378a4", + "name": "https://wpscan.com/vulnerability/4385370e-cf99-4249-b2c1-90cbfa8378a4" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-Site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Mika" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2863.json b/2022/2xxx/CVE-2022-2863.json index 7b1c86cdcef..10e598f225e 100644 --- a/2022/2xxx/CVE-2022-2863.json +++ b/2022/2xxx/CVE-2022-2863.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-2863", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-2863", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "WPvivid Backup < 0.9.76 - Admin+ Arbitrary File Read" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Migration, Backup, Staging – WPvivid", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0.9.76", + "version_value": "0.9.76" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Migration, Backup, Staging WordPress plugin before 0.9.76 does not sanitise and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server via a Traversal attack" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/cb6a3304-2166-47a0-a011-4dcacaa133e5", + "name": "https://wpscan.com/vulnerability/cb6a3304-2166-47a0-a011-4dcacaa133e5" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Rodolfo Tavares" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2877.json b/2022/2xxx/CVE-2022-2877.json index ae8a5c1123c..5d02f058048 100644 --- a/2022/2xxx/CVE-2022-2877.json +++ b/2022/2xxx/CVE-2022-2877.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-2877", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-2877", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Titan Anti-spam & Security < 7.3.1 - Protection Bypass due to IP Spoofing" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Titan Anti-spam & Security", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "7.3.1", + "version_value": "7.3.1" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Titan Anti-spam & Security WordPress plugin before 7.3.1 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/f1af4267-3a43-4b88-a8b9-c1d5b2aa9d68", + "name": "https://wpscan.com/vulnerability/f1af4267-3a43-4b88-a8b9-c1d5b2aa9d68" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-639 Authorization Bypass Through User-Controlled Key", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Daniel Ruf" + } + ], + "source": { + "discovery": "EXTERNAL" + } +} diff --git a/2022/2xxx/CVE-2022-2887.json b/2022/2xxx/CVE-2022-2887.json index 293930096b9..a8f9fa9df3f 100644 --- a/2022/2xxx/CVE-2022-2887.json +++ b/2022/2xxx/CVE-2022-2887.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-2887", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-2887", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "WP Server Health Stats < 1.7.0 - Admin+ Stored Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "WP Server Health Stats", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.7.0", + "version_value": "1.7.0" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WP Server Health Stats WordPress plugin before 1.7.0 does not escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/237541d5-c1a5-44f2-8e5f-82457b8f9497", + "name": "https://wpscan.com/vulnerability/237541d5-c1a5-44f2-8e5f-82457b8f9497" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-Site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Mika" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2912.json b/2022/2xxx/CVE-2022-2912.json index 40868478a7b..446f08b1f2a 100644 --- a/2022/2xxx/CVE-2022-2912.json +++ b/2022/2xxx/CVE-2022-2912.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-2912", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-2912", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Craw Data <= 1.0.0 - Server Side Request Forgery" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Craw Data", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.0.0", + "version_value": "1.0.0" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Craw Data WordPress plugin through 1.0.0 does not implement nonce checks, which could allow attackers to make a logged in admin change the url value performing unwanted crawls on third-party sites (SSRF)." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/fd9853e8-b3ae-4a10-8389-8a4a11a8297c", + "name": "https://wpscan.com/vulnerability/fd9853e8-b3ae-4a10-8389-8a4a11a8297c" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-918 Server-Side Request Forgery (SSRF)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Dhanesh Sivasamy" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2913.json b/2022/2xxx/CVE-2022-2913.json index 0d5d58af19a..3039fb13f76 100644 --- a/2022/2xxx/CVE-2022-2913.json +++ b/2022/2xxx/CVE-2022-2913.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-2913", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2022-2913", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Login No Captcha reCAPTCHA < 1.7 - IP Check Bypass" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Login No Captcha reCAPTCHA", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.7", + "version_value": "1.7" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Login No Captcha reCAPTCHA WordPress plugin before 1.7 doesn't check the proper IP address allowing attackers to spoof IP addresses on the allow list and bypass the need for captcha on the login screen." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/5231ac18-ea9a-4bb9-af9f-e3d95a3b54f1", + "name": "https://wpscan.com/vulnerability/5231ac18-ea9a-4bb9-af9f-e3d95a3b54f1" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-639 Authorization Bypass Through User-Controlled Key", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Daniel Ruf" + } + ], + "source": { + "discovery": "EXTERNAL" + } +}