admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 11:06:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-07-24 10:00:33 +00:00
parent c363279e1a
commit ca48211d5e
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
17 changed files with 1170 additions and 972 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

157
2022/0xxx/CVE-2022-0140.json
View File

@ -1,80 +1,85 @@
{
"CVE_data_meta": {
"ID": "CVE-2022-0140",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Visual Form Builder < 3.0.6 - Unauthenticated Information Disclosure"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Visual Form Builder",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.0.8",
"version_value": "3.0.8"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Visual Form Builder WordPress plugin before 3.0.8 does not perform access control on entry form export, allowing unauthenticated users to see the form entries or export it as a CSV File using the vfb-export endpoint."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/9fa2b3b6-2fe3-40f0-8f71-371dd58fe336",
"name": "https://wpscan.com/vulnerability/9fa2b3b6-2fe3-40f0-8f71-371dd58fe336"
},
{
"refsource": "MISC",
"url": "https://www.fortiguard.com/zeroday/FG-VD-21-082",
"name": "https://www.fortiguard.com/zeroday/FG-VD-21-082"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-200 Information Exposure",
"lang": "eng"
}
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-0140",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Visual Form Builder WordPress plugin before 3.0.6 does not perform access control on entry form export, allowing unauthenticated users to see the form entries or export it as a CSV File using the vfb-export endpoint."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306 Missing Authentication for Critical Function"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Visual Form Builder",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "3.0.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://wpscan.com/vulnerability/9fa2b3b6-2fe3-40f0-8f71-371dd58fe336",
"refsource": "MISC",
"name": "https://wpscan.com/vulnerability/9fa2b3b6-2fe3-40f0-8f71-371dd58fe336"
},
{
"url": "https://www.fortiguard.com/zeroday/FG-VD-21-082",
"refsource": "MISC",
"name": "https://www.fortiguard.com/zeroday/FG-VD-21-082"
}
]
},
"generator": {
"engine": "WPScan CVE Generator"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Vishnupriya Ilango of Fortinet's FortiGuard Labs"
},
{
"lang": "en",
"value": "WPScan"
}
]
},
"credit": [
{
"lang": "eng",
"value": "Vishnupriya Ilango of Fortinet's FortiGuard Labs"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

165
2022/0xxx/CVE-2022-0164.json
View File

@ -1,80 +1,93 @@
{
"CVE_data_meta": {
"ID": "CVE-2022-0164",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Coming soon and Maintenance mode < 3.6.7 - Subscriber+ Arbitrary Email Sending to Subscribed Users"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Coming soon and Maintenance mode",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.6.8",
"version_value": "3.6.8"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Coming soon and Maintenance mode WordPress plugin before 3.6.8 does not have authorisation and CSRF checks in its coming_soon_send_mail AJAX action, allowing any authenticated users, with a role as low as subscriber to send arbitrary emails to all subscribed users"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/942535f9-73bf-4467-872a-20075f03bc51",
"name": "https://wpscan.com/vulnerability/942535f9-73bf-4467-872a-20075f03bc51"
},
{
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2655973",
"name": "https://plugins.trac.wordpress.org/changeset/2655973"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-863 Incorrect Authorization",
"lang": "eng"
}
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-0164",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Coming soon and Maintenance mode WordPress plugin before 3.5.3 does not have authorisation and CSRF checks in its coming_soon_send_mail AJAX action, allowing any authenticated users, with a role as low as subscriber to send arbitrary emails to all subscribed users"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Coming soon and Maintenance mode",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "3.5.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://wpscan.com/vulnerability/942535f9-73bf-4467-872a-20075f03bc51",
"refsource": "MISC",
"name": "https://wpscan.com/vulnerability/942535f9-73bf-4467-872a-20075f03bc51"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2655973",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/2655973"
}
]
},
"generator": {
"engine": "WPScan CVE Generator"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Krzysztof Zaj\u0105c"
},
{
"lang": "en",
"value": "WPScan"
}
]
},
"credit": [
{
"lang": "eng",
"value": "Krzysztof Zając"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

147
2022/0xxx/CVE-2022-0214.json
View File

@ -1,75 +1,80 @@
{
"CVE_data_meta": {
"ID": "CVE-2022-0214",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Popup | Custom Popup Builder < 1.3.1 - Unauthenticated Denial of Service"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Popup | Custom Popup Builder",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.3.1",
"version_value": "1.3.1"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Popup | Custom Popup Builder WordPress plugin before 1.3.1 autoload data from its popup on every pages, as such data can be sent by unauthenticated user, and is not validated in length, this could cause a denial of service on the blog"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/ca2e8feb-15d6-4965-ad9c-8da1bc01e0f4",
"name": "https://wpscan.com/vulnerability/ca2e8feb-15d6-4965-ad9c-8da1bc01e0f4"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-400 Uncontrolled Resource Consumption",
"lang": "eng"
}
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-0214",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Custom Popup Builder WordPress plugin before 1.3.1 autoload data from its popup on every pages, as such data can be sent by unauthenticated user, and is not validated in length, this could cause a denial of service on the blog"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1284 Improper Validation of Specified Quantity in Input"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Popup | Custom Popup Builder",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "1.3.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://wpscan.com/vulnerability/ca2e8feb-15d6-4965-ad9c-8da1bc01e0f4",
"refsource": "MISC",
"name": "https://wpscan.com/vulnerability/ca2e8feb-15d6-4965-ad9c-8da1bc01e0f4"
}
]
},
"generator": {
"engine": "WPScan CVE Generator"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Felipe de Avila"
},
{
"lang": "en",
"value": "WPScan"
}
]
},
"credit": [
{
"lang": "eng",
"value": "Felipe de Avila"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

155
2022/0xxx/CVE-2022-0229.json
View File

@ -1,75 +1,88 @@
{
"CVE_data_meta": {
"ID": "CVE-2022-0229",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "miniOrange's Google Authenticator < 5.5 - Unauthenticated Arbitrary Options Deletion"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "miniOrange's Google Authenticator WordPress Two Factor Authentication (2FA , MFA, OTP SMS and Email) | Passwordless login",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.5",
"version_value": "5.5"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The miniOrange's Google Authenticator WordPress plugin before 5.5 does not have proper authorisation and CSRF checks when handling the reconfigureMethod, and does not validate the parameters passed to it properly. As a result, unauthenticated users could delete arbitrary options from the blog, making it unusable."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/d70c5335-4c01-448d-85fc-f8e75b104351",
"name": "https://wpscan.com/vulnerability/d70c5335-4c01-448d-85fc-f8e75b104351"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-862 Missing Authorization",
"lang": "eng"
}
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-0229",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The miniOrange's Google Authenticator WordPress plugin before 5.5 does not have proper authorisation and CSRF checks when handling the reconfigureMethod, and does not validate the parameters passed to it properly. As a result, unauthenticated users could delete arbitrary options from the blog, making it unusable."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "miniOrange's Google Authenticator",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "5.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://wpscan.com/vulnerability/d70c5335-4c01-448d-85fc-f8e75b104351",
"refsource": "MISC",
"name": "https://wpscan.com/vulnerability/d70c5335-4c01-448d-85fc-f8e75b104351"
}
]
},
"generator": {
"engine": "WPScan CVE Generator"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Krzysztof Zaj\u0105c"
},
{
"lang": "en",
"value": "WPScan"
}
]
},
"credit": [
{
"lang": "eng",
"value": "Krzysztof Zając"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

147
2022/0xxx/CVE-2022-0287.json
View File

@ -1,75 +1,80 @@
{
"CVE_data_meta": {
"ID": "CVE-2022-0287",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Mycred < 2.4.4.1 - Subscriber+ User E-mail Addresses Disclosure"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "myCred Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.4.3.1",
"version_value": "2.4.3.1"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The myCred WordPress plugin before 2.4.3.1 does not have any authorisation in place in its mycred-tools-select-user AJAX action, allowing any authenticated user, such as subscriber to call and retrieve all email addresses from the blog"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/6cd7cd6d-1cc1-472c-809b-b66389f149b0",
"name": "https://wpscan.com/vulnerability/6cd7cd6d-1cc1-472c-809b-b66389f149b0"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-200 Information Exposure",
"lang": "eng"
}
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-0287",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The myCred WordPress plugin before 2.4.4.1 does not have any authorisation in place in its mycred-tools-select-user AJAX action, allowing any authenticated user, such as subscriber to call and retrieve all email addresses from the blog"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "myCred",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "2.4.4.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://wpscan.com/vulnerability/6cd7cd6d-1cc1-472c-809b-b66389f149b0",
"refsource": "MISC",
"name": "https://wpscan.com/vulnerability/6cd7cd6d-1cc1-472c-809b-b66389f149b0"
}
]
},
"generator": {
"engine": "WPScan CVE Generator"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Krzysztof Zaj\u0105c"
},
{
"lang": "en",
"value": "WPScan"
}
]
},
"credit": [
{
"lang": "eng",
"value": "Krzysztof Zając"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

155
2022/0xxx/CVE-2022-0345.json
View File

@ -1,75 +1,88 @@
{
"CVE_data_meta": {
"ID": "CVE-2022-0345",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Better Notifications for WP < 1.8.7 - Email Address Disclosure"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Customize WordPress Emails and Alerts Better Notifications for WP",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.8.7",
"version_value": "1.8.7"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Customize WordPress Emails and Alerts WordPress plugin before 1.8.7 does not have authorisation and CSRF check in its bnfw_search_users AJAX action, allowing any authenticated users to call it and query for user e-mail prefixes (finding the first letter, then the second one, then the third one etc.)."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/b3b523b9-6c92-4091-837a-d34e3174eb19",
"name": "https://wpscan.com/vulnerability/b3b523b9-6c92-4091-837a-d34e3174eb19"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-200 Information Exposure",
"lang": "eng"
}
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-0345",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Customize WordPress Emails and Alerts WordPress plugin before 1.8.7 does not have authorisation and CSRF check in its bnfw_search_users AJAX action, allowing any authenticated users to call it and query for user e-mail prefixes (finding the first letter, then the second one, then the third one etc.)."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Customize WordPress Emails and Alerts",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "1.8.7"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://wpscan.com/vulnerability/b3b523b9-6c92-4091-837a-d34e3174eb19",
"refsource": "MISC",
"name": "https://wpscan.com/vulnerability/b3b523b9-6c92-4091-837a-d34e3174eb19"
}
]
},
"generator": {
"engine": "WPScan CVE Generator"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Krzysztof Zaj\u0105c"
},
{
"lang": "en",
"value": "WPScan"
}
]
},
"credit": [
{
"lang": "eng",
"value": "Krzysztof Zając"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

155
2022/0xxx/CVE-2022-0363.json
View File

@ -1,75 +1,88 @@
{
"CVE_data_meta": {
"ID": "CVE-2022-0363",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "myCred < 2.4.4 - Subscriber+ Arbitrary Post Creation"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "myCred Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.4.4",
"version_value": "2.4.4"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The myCred WordPress plugin before 2.4.4 does not have any authorisation and CSRF checks in the mycred-tools-import-export AJAX action, allowing any authenticated users, such as subscribers, to call it and import mycred setup, thus creating badges, managing points or creating arbitrary posts."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/a438a951-497c-43cd-822f-1a48d4315191",
"name": "https://wpscan.com/vulnerability/a438a951-497c-43cd-822f-1a48d4315191"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-862 Missing Authorization",
"lang": "eng"
}
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-0363",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The myCred WordPress plugin before 2.4.3.1 does not have any authorisation and CSRF checks in the mycred-tools-import-export AJAX action, allowing any authenticated users, such as subscribers, to call it and import mycred setup, thus creating badges, managing points or creating arbitrary posts."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "myCred",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "2.4.3.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://wpscan.com/vulnerability/a438a951-497c-43cd-822f-1a48d4315191",
"refsource": "MISC",
"name": "https://wpscan.com/vulnerability/a438a951-497c-43cd-822f-1a48d4315191"
}
]
},
"generator": {
"engine": "WPScan CVE Generator"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Krzysztof Zaj\u0105c"
},
{
"lang": "en",
"value": "WPScan"
}
]
},
"credit": [
{
"lang": "eng",
"value": "Krzysztof Zając"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

79
2022/0xxx/CVE-2022-0377.json
View File

@ -1,14 +1,32 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-0377",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "LearnPress < 4.1.5 - Arbitrary Image Renaming"
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar after the registration. After this process the user crops and saves the image. Then a \"POST\" request that contains user supplied name of the image is sent to the server for renaming and cropping of the image. As a result of this request, the name of the user-supplied image is changed with a MD5 value. This process can be conducted only when type of the image is JPG or PNG. An attacker can use this vulnerability in order to rename an arbitrary image file. By doing this, they could destroy the design of the web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm"
}
]
}
]
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
@ -17,12 +35,12 @@
"product": {
"product_data": [
{
"product_name": "LearnPress \u2013 WordPress LMS Plugin",
"product_name": "LearnPress",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4.1.5",
"version_name": "0",
"version_value": "4.1.5"
}
]
@ -34,52 +52,39 @@
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar after the registration. After this process the user crops and saves the image. Then a \"POST\" request that contains user supplied name of the image is sent to the server for renaming and cropping of the image. As a result of this request, the name of the user-supplied image is changed with a MD5 value. This process can be conducted only when type of the image is JPG or PNG. An attacker can use this vulnerability in order to rename an arbitrary image file. By doing this, they could destroy the design of the web site."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/0d95ada6-53e3-4a80-a395-eacd7b090f26",
"refsource": "MISC",
"name": "https://wpscan.com/vulnerability/0d95ada6-53e3-4a80-a395-eacd7b090f26"
},
{
"refsource": "MISC",
"url": "https://bozogullarindan.com/en/2022/01/wordpress-learnpress-plugin-4.1.4.1-arbitrary-image-renaming/",
"refsource": "MISC",
"name": "https://bozogullarindan.com/en/2022/01/wordpress-learnpress-plugin-4.1.4.1-arbitrary-image-renaming/"
},
{
"refsource": "MISC",
"url": "https://github.com/LearnPress/learnpress/commit/d1dc4af7ef2950f1000abc21bd9520fb3eb98faf",
"refsource": "MISC",
"name": "https://github.com/LearnPress/learnpress/commit/d1dc4af7ef2950f1000abc21bd9520fb3eb98faf"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-73 External Control of File Name or Path",
"lang": "eng"
}
]
}
]
"generator": {
"engine": "WPScan CVE Generator"
},
"credit": [
{
"lang": "eng",
"value": "Ceylan Bozogullarindan"
}
],
"source": {
"discovery": "EXTERNAL"
}
},
"credits": [
{
"lang": "en",
"value": "Ceylan Bozogullarindan"
},
{
"lang": "en",
"value": "WPScan"
}
]
}

155
2022/0xxx/CVE-2022-0398.json
View File

@ -1,75 +1,88 @@
{
"CVE_data_meta": {
"ID": "CVE-2022-0398",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "ThirstyAffiliates Affiliate Link Manager < 3.10.5 - Subscriber+ Arbitrary Affiliate Links Creation"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "ThirstyAffiliates Affiliate Link Manager",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.10.5",
"version_value": "3.10.5"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ThirstyAffiliates Affiliate Link Manager WordPress plugin before 3.10.5 does not have authorisation and CSRF checks when creating affiliate links, which could allow any authenticated user, such as subscriber to create arbitrary affiliate links, which could then be used to redirect users to an arbitrary website"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/21aec131-91ff-4300-ac7a-0bf31d6b2b24",
"name": "https://wpscan.com/vulnerability/21aec131-91ff-4300-ac7a-0bf31d6b2b24"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-862 Missing Authorization",
"lang": "eng"
}
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-0398",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ThirstyAffiliates Affiliate Link Manager WordPress plugin before 3.10.5 does not have authorisation and CSRF checks when creating affiliate links, which could allow any authenticated user, such as subscriber to create arbitrary affiliate links, which could then be used to redirect users to an arbitrary website"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "ThirstyAffiliates Affiliate Link Manager",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "3.10.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://wpscan.com/vulnerability/21aec131-91ff-4300-ac7a-0bf31d6b2b24",
"refsource": "MISC",
"name": "https://wpscan.com/vulnerability/21aec131-91ff-4300-ac7a-0bf31d6b2b24"
}
]
},
"generator": {
"engine": "WPScan CVE Generator"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Krzysztof Zaj\u0105c"
},
{
"lang": "en",
"value": "WPScan"
}
]
},
"credit": [
{
"lang": "eng",
"value": "Krzysztof Zając"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

158
2022/0xxx/CVE-2022-0404.json
View File

@ -1,75 +1,89 @@
{
"CVE_data_meta": {
"ID": "CVE-2022-0404",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Material Design for Contact Form 7 <= 2.6.4 - Subscriber+ Arbitrary Settings Update leading to DoS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Material Design for Contact Form 7",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "2.6.4",
"version_value": "2.6.4"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Material Design for Contact Form 7 WordPress plugin through 2.6.4 does not check authorization or that the option mentioned in the notice param belongs to the plugin when processing requests to the cf7md_dismiss_notice action, allowing any logged in user (with roles as low as Subscriber) to set arbitrary options to true, potentially leading to Denial of Service by breaking the site."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/6d0932bb-d515-4432-b67b-16aba34bd285",
"name": "https://wpscan.com/vulnerability/6d0932bb-d515-4432-b67b-16aba34bd285"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-863 Incorrect Authorization",
"lang": "eng"
}
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-0404",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Material Design for Contact Form 7 WordPress plugin through 2.6.4 does not check authorization or that the option mentioned in the notice param belongs to the plugin when processing requests to the cf7md_dismiss_notice action, allowing any logged in user (with roles as low as Subscriber) to set arbitrary options to true, potentially leading to Denial of Service by breaking the site."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Material Design for Contact Form 7",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThanOrEqual": "2.6.4"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://wpscan.com/vulnerability/6d0932bb-d515-4432-b67b-16aba34bd285",
"refsource": "MISC",
"name": "https://wpscan.com/vulnerability/6d0932bb-d515-4432-b67b-16aba34bd285"
}
]
},
"generator": {
"engine": "WPScan CVE Generator"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Krzysztof Zaj\u0105c"
},
{
"lang": "en",
"value": "WPScan"
}
]
},
"credit": [
{
"lang": "eng",
"value": "Krzysztof Zając"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}

155
2022/0xxx/CVE-2022-0444.json
View File

@ -1,75 +1,88 @@
{
"CVE_data_meta": {
"ID": "CVE-2022-0444",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "XCloner < 4.3.6 - Plugin Settings Reset"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Backup, Restore and Migrate WordPress Sites With the XCloner Plugin",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4.3.6",
"version_value": "4.3.6"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Backup, Restore and Migrate WordPress Sites With the XCloner Plugin WordPress plugin before 4.3.6 does not have authorisation and CSRF checks when resetting its settings, allowing unauthenticated attackers to reset them, including generating a new backup encryption key."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/9567d295-43c7-4e59-9283-c7726f16d40b",
"name": "https://wpscan.com/vulnerability/9567d295-43c7-4e59-9283-c7726f16d40b"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-862 Missing Authorization",
"lang": "eng"
}
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-0444",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Backup, Restore and Migrate WordPress Sites With the XCloner Plugin WordPress plugin before 4.3.6 does not have authorisation and CSRF checks when resetting its settings, allowing unauthenticated attackers to reset them, including generating a new backup encryption key."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Backup, Restore and Migrate WordPress Sites With the XCloner Plugin",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.3.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://wpscan.com/vulnerability/9567d295-43c7-4e59-9283-c7726f16d40b",
"refsource": "MISC",
"name": "https://wpscan.com/vulnerability/9567d295-43c7-4e59-9283-c7726f16d40b"
}
]
},
"generator": {
"engine": "WPScan CVE Generator"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Krzysztof Zaj\u0105c"
},
{
"lang": "en",
"value": "WPScan"
}
]
},
"credit": [
{
"lang": "eng",
"value": "Krzysztof Zając"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

164
2022/0xxx/CVE-2022-0885.json
View File

@ -1,75 +1,97 @@
{
"CVE_data_meta": {
"ID": "CVE-2022-0885",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Member Hero <= 1.0.9 - Unauthenticated RCE"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Member Hero",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.0.9",
"version_value": "1.0.9"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Member Hero WordPress plugin through 1.0.9 lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/8b08b72e-5584-4f25-ab73-5ab0f47412df",
"name": "https://wpscan.com/vulnerability/8b08b72e-5584-4f25-ab73-5ab0f47412df"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-94 Improper Control of Generation of Code ('Code Injection')",
"lang": "eng"
}
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-0885",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Member Hero WordPress plugin through 1.0.9 lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-94 Improper Control of Generation of Code ('Code Injection')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Member Hero",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThanOrEqual": "1.0.9"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://wpscan.com/vulnerability/8b08b72e-5584-4f25-ab73-5ab0f47412df",
"refsource": "MISC",
"name": "https://wpscan.com/vulnerability/8b08b72e-5584-4f25-ab73-5ab0f47412df"
}
]
},
"generator": {
"engine": "WPScan CVE Generator"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Harald Eilertsen"
},
{
"lang": "en",
"value": "WPScan"
}
]
},
"credit": [
{
"lang": "eng",
"value": "Harald Eilertsen"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

149
2022/2xxx/CVE-2022-2834.json
View File

@ -1,75 +1,80 @@
{
"CVE_data_meta": {
"ID": "CVE-2022-2834",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Helpful < 4.5.26 - Information Disclosure"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Helpful",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4.5.26",
"version_value": "4.5.26"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Helpful WordPress plugin before 4.5.26 puts the exported logs and feedbacks in a publicly accessible location and guessable names, which could allow attackers to download them and retrieve sensitive information such as IP, Names and Email Address depending on the plugin's settings"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/468d5fc7-04c6-4354-b134-85ebb25b37ae",
"name": "https://wpscan.com/vulnerability/468d5fc7-04c6-4354-b134-85ebb25b37ae"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-200 Information Exposure",
"lang": "eng"
}
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-2834",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Helpful WordPress plugin before 4.5.26 puts the exported logs and feedbacks in a publicly accessible location and guessable names, which could allow attackers to download them and retrieve sensitive information such as IP, Names and Email Address depending on the plugin's settings"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-552 Files or Directories Accessible to External Parties"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Helpful",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.5.26"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://wpscan.com/vulnerability/468d5fc7-04c6-4354-b134-85ebb25b37ae",
"refsource": "MISC",
"name": "https://wpscan.com/vulnerability/468d5fc7-04c6-4354-b134-85ebb25b37ae"
}
]
},
"generator": {
"engine": "WPScan CVE Generator"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Aleksi Kistauri"
},
{
"lang": "en",
"value": "WPScan"
}
]
},
"credit": [
{
"lang": "eng",
"value": "Aleksi Kistauri"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}

147
2022/2xxx/CVE-2022-2891.json
View File

@ -1,75 +1,80 @@
{
"CVE_data_meta": {
"ID": "CVE-2022-2891",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "WP 2FA < 2.3.0 - Time-Based Side-Channel Attack"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "WP 2FA Two-factor authentication for WordPress",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.3.0",
"version_value": "2.3.0"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WP 2FA WordPress plugin before 2.3.0 uses comparison operators that don't mitigate time-based attacks, which could be abused to leak information about the authentication codes being compared."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/301b3dce-2584-46ec-92ed-1c0626522120",
"name": "https://wpscan.com/vulnerability/301b3dce-2584-46ec-92ed-1c0626522120"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-200 Information Exposure",
"lang": "eng"
}
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-2891",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WP 2FA WordPress plugin before 2.3.0 uses comparison operators that don't mitigate time-based attacks, which could be abused to leak information about the authentication codes being compared."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-203 Observable Discrepancy"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "WP 2FA",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "2.3.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://wpscan.com/vulnerability/301b3dce-2584-46ec-92ed-1c0626522120",
"refsource": "MISC",
"name": "https://wpscan.com/vulnerability/301b3dce-2584-46ec-92ed-1c0626522120"
}
]
},
"generator": {
"engine": "WPScan CVE Generator"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Calvin Alkan"
},
{
"lang": "en",
"value": "WPScan"
}
]
},
"credit": [
{
"lang": "eng",
"value": "Calvin Alkan"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

18
2023/38xxx/CVE-2023-38679.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-38679",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/38xxx/CVE-2023-38680.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-38680",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/38xxx/CVE-2023-38681.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-38681",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}