From e1b7fbb4217de73cdcf3c502f2cf437d3f6b0c32 Mon Sep 17 00:00:00 2001 From: erwanlr Date: Mon, 18 Oct 2021 15:38:58 +0200 Subject: [PATCH] Adds CVEs --- 2021/24xxx/CVE-2021-24412.json | 89 +++++++++-- 2021/24xxx/CVE-2021-24413.json | 87 ++++++++-- 2021/24xxx/CVE-2021-24415.json | 89 +++++++++-- 2021/24xxx/CVE-2021-24416.json | 89 +++++++++-- 2021/24xxx/CVE-2021-24516.json | 89 +++++++++-- 2021/24xxx/CVE-2021-24595.json | 89 +++++++++-- 2021/24xxx/CVE-2021-24612.json | 89 +++++++++-- 2021/24xxx/CVE-2021-24615.json | 89 +++++++++-- 2021/24xxx/CVE-2021-24617.json | 89 +++++++++-- 2021/24xxx/CVE-2021-24622.json | 89 +++++++++-- 2021/24xxx/CVE-2021-24642.json | 89 +++++++++-- 2021/24xxx/CVE-2021-24672.json | 89 +++++++++-- 2021/24xxx/CVE-2021-24675.json | 89 +++++++++-- 2021/24xxx/CVE-2021-24677.json | 89 +++++++++-- 2021/24xxx/CVE-2021-24684.json | 89 +++++++++-- 2021/24xxx/CVE-2021-24702.json | 89 +++++++++-- 2021/24xxx/CVE-2021-24732.json | 89 +++++++++-- 2021/24xxx/CVE-2021-24734.json | 89 +++++++++-- 2021/24xxx/CVE-2021-24735.json | 89 +++++++++-- 2021/24xxx/CVE-2021-24736.json | 89 +++++++++-- 2021/24xxx/CVE-2021-24740.json | 89 +++++++++-- 2021/24xxx/CVE-2021-24743.json | 89 +++++++++-- 2021/24xxx/CVE-2021-24752.json | 281 +++++++++++++++++++++++++++++++-- 2021/24xxx/CVE-2021-24754.json | 89 +++++++++-- 2021/24xxx/CVE-2021-24760.json | 89 +++++++++-- 25 files changed, 2016 insertions(+), 399 deletions(-) diff --git a/2021/24xxx/CVE-2021-24412.json b/2021/24xxx/CVE-2021-24412.json index d684c282d14..452576799dd 100644 --- a/2021/24xxx/CVE-2021-24412.json +++ b/2021/24xxx/CVE-2021-24412.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24412", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24412", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Html5 Audio Player < 2.1.3 - Contributor+ Stored Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Html5 Audio Player – Audio Player for WordPress", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.1.3", + "version_value": "2.1.3" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Html5 Audio Player – Audio Player for WordPress plugin before 2.1.3 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/c4ed3e52-cbe0-46dc-ab43-65de78cfb225", + "name": "https://wpscan.com/vulnerability/c4ed3e52-cbe0-46dc-ab43-65de78cfb225" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Michał Lipiński" + } + ], + "source": { + "discovery": "EXTERNAL" + } +} diff --git a/2021/24xxx/CVE-2021-24413.json b/2021/24xxx/CVE-2021-24413.json index 7784d587513..b5cd42944a2 100644 --- a/2021/24xxx/CVE-2021-24413.json +++ b/2021/24xxx/CVE-2021-24413.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24413", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24413", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Easy Twitter Feed < 1.2 - Contributor+ Stored Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Easy Twitter Feed", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.2", + "version_value": "1.2" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Easy Twitter Feed WordPress plugin before 1.2 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/ce6d17c3-6741-4c80-ab13-e1824960ae24", + "name": "https://wpscan.com/vulnerability/ce6d17c3-6741-4c80-ab13-e1824960ae24" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Michał Lipiński" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24415.json b/2021/24xxx/CVE-2021-24415.json index c85ba83145e..c1ff12707f5 100644 --- a/2021/24xxx/CVE-2021-24415.json +++ b/2021/24xxx/CVE-2021-24415.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24415", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24415", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Polo Video Gallery <= 1.2 - Contributor+ Stored Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Polo Video Gallery – Best wordpress video gallery plugin", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.2", + "version_value": "1.2" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Polo Video Gallery – Best wordpress video gallery plugin WordPress plugin through 1.2 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/fd312bfd-7c98-4682-877d-846442e9c6a2", + "name": "https://wpscan.com/vulnerability/fd312bfd-7c98-4682-877d-846442e9c6a2" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Michał Lipiński" + } + ], + "source": { + "discovery": "EXTERNAL" + } +} diff --git a/2021/24xxx/CVE-2021-24416.json b/2021/24xxx/CVE-2021-24416.json index c51fd289d05..0b1ed814647 100644 --- a/2021/24xxx/CVE-2021-24416.json +++ b/2021/24xxx/CVE-2021-24416.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24416", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24416", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "StreamCast < 2.1.1 - Contributor+ Stored Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "StreamCast – Radio Player for WordPress", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.1.1", + "version_value": "2.1.1" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The StreamCast – Radio Player for WordPress plugin before 2.1.1 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/260c7e2d-d48c-42d6-ae05-bad3f3bac01d", + "name": "https://wpscan.com/vulnerability/260c7e2d-d48c-42d6-ae05-bad3f3bac01d" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Michał Lipiński" + } + ], + "source": { + "discovery": "EXTERNAL" + } +} diff --git a/2021/24xxx/CVE-2021-24516.json b/2021/24xxx/CVE-2021-24516.json index a97de76caf3..e1022d03f84 100644 --- a/2021/24xxx/CVE-2021-24516.json +++ b/2021/24xxx/CVE-2021-24516.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24516", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24516", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "PlanSo Forms <= 2.6.3 - Authenticated Stored Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "PlanSo Forms", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "2.6.3", + "version_value": "2.6.3" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PlanSo Forms WordPress plugin through 2.6.3 does not escape the title of its Form before outputting it in attributes, allowing high privilege users such as admin to set XSS payload in it, even when the unfiltered_html is disallowed, leading to an Authenticated Stored Cross-Site Scripting issue." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/88d70e35-4c22-4bc7-b1a5-24068d55257c", + "name": "https://wpscan.com/vulnerability/88d70e35-4c22-4bc7-b1a5-24068d55257c" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Felipe Restrepo Rodriguez" + } + ], + "source": { + "discovery": "EXTERNAL" + } +} diff --git a/2021/24xxx/CVE-2021-24595.json b/2021/24xxx/CVE-2021-24595.json index b717f760353..0526ad737db 100644 --- a/2021/24xxx/CVE-2021-24595.json +++ b/2021/24xxx/CVE-2021-24595.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24595", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24595", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "WP Cookie Choice <= 1.1.0 - CSRF to Stored Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Wp Cookie Choice", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.1.0", + "version_value": "1.1.0" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Wp Cookie Choice WordPress plugin through 1.1.0 is lacking any CSRF check when saving its options, and do not escape them when outputting them in attributes. As a result, an attacker could make a logged in admin change them to arbitrary values including XSS payloads via a CSRF attack." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/c809bdb3-d820-4ce1-9cbc-e41985fb5052", + "name": "https://wpscan.com/vulnerability/c809bdb3-d820-4ce1-9cbc-e41985fb5052" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "dc11" + } + ], + "source": { + "discovery": "EXTERNAL" + } +} diff --git a/2021/24xxx/CVE-2021-24612.json b/2021/24xxx/CVE-2021-24612.json index bfa8098106c..82df99cd9ee 100644 --- a/2021/24xxx/CVE-2021-24612.json +++ b/2021/24xxx/CVE-2021-24612.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24612", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24612", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Sociable <= 4.3.4.1 - Admin+ Stored Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Sociable", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "4.3.4.1", + "version_value": "4.3.4.1" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Sociable WordPress plugin through 4.3.4.1 does not sanitise or escape some of its settings before outputting them in the admins dashboard, allowing high privilege users to perform Cross-Site Scripting attacks against other users even when the unfiltered_html capability is disallowed" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/12f1ed97-d392-449d-b25c-42d241693888", + "name": "https://wpscan.com/vulnerability/12f1ed97-d392-449d-b25c-42d241693888" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Genubhau Wayal" + } + ], + "source": { + "discovery": "EXTERNAL" + } +} diff --git a/2021/24xxx/CVE-2021-24615.json b/2021/24xxx/CVE-2021-24615.json index ff8de44ddd6..6b0f4c44af9 100644 --- a/2021/24xxx/CVE-2021-24615.json +++ b/2021/24xxx/CVE-2021-24615.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24615", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24615", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Wechat Reward <= 1.7 - CSRF to Stored Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "微信打赏(Wechat Reward)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.7", + "version_value": "1.7" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Wechat Reward WordPress plugin through 1.7 does not sanitise or escape its QR settings, nor has any CSRF check in place, allowing attackers to make a logged in admin change the settings and perform Cross-Site Scripting attacks." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/9d48313b-76d7-4252-9b81-2fdd0373561b", + "name": "https://wpscan.com/vulnerability/9d48313b-76d7-4252-9b81-2fdd0373561b" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "听雨眠" + } + ], + "source": { + "discovery": "EXTERNAL" + } +} diff --git a/2021/24xxx/CVE-2021-24617.json b/2021/24xxx/CVE-2021-24617.json index 6114296087b..985ef55bae3 100644 --- a/2021/24xxx/CVE-2021-24617.json +++ b/2021/24xxx/CVE-2021-24617.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24617", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24617", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "GamePress <= 1.1.0 - Reflected Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "GamePress – The Game Database Plugin", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.1.0", + "version_value": "1.1.0" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The GamePress WordPress plugin through 1.1.0 does not escape the op_edit POST parameter before outputting it back in multiple Game Option pages, leading to Reflected Cross-Site Scripting issues" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/3e262cd7-ca64-4190-8d8c-38b07bbe63e0", + "name": "https://wpscan.com/vulnerability/3e262cd7-ca64-4190-8d8c-38b07bbe63e0" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Neppah" + } + ], + "source": { + "discovery": "EXTERNAL" + } +} diff --git a/2021/24xxx/CVE-2021-24622.json b/2021/24xxx/CVE-2021-24622.json index bdc1c826ed3..8bf8ca5443c 100644 --- a/2021/24xxx/CVE-2021-24622.json +++ b/2021/24xxx/CVE-2021-24622.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24622", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24622", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "WP Ticket < 5.10.4 - Admin+ Stored Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Customer Service Software & Support Ticket System", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "5.10.4", + "version_value": "5.10.4" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Customer Service Software & Support Ticket System WordPress plugin before 5.10.4 does not sanitize or escape form fields before outputting it in the List, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/41a2c72c-7db1-473a-8844-47f6ae9d0594", + "name": "https://wpscan.com/vulnerability/41a2c72c-7db1-473a-8844-47f6ae9d0594" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Tri Wanda Septian" + } + ], + "source": { + "discovery": "EXTERNAL" + } +} diff --git a/2021/24xxx/CVE-2021-24642.json b/2021/24xxx/CVE-2021-24642.json index 089b035ebe7..2509be390b8 100644 --- a/2021/24xxx/CVE-2021-24642.json +++ b/2021/24xxx/CVE-2021-24642.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24642", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24642", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Scroll Baner <= 1.0 - CSRF to RCE" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Scroll Baner", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.0", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Scroll Baner WordPress plugin through 1.0 does not have CSRF check in place when saving its settings, nor perform any sanitisation, escaping or validation on them. This could allow attackers to make logged in admin change them and could lead to RCE (via a file upload) as well as XSS" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/8d9129ab-33c3-44ee-b150-f7552d88e658", + "name": "https://wpscan.com/vulnerability/8d9129ab-33c3-44ee-b150-f7552d88e658" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Chuang Li" + } + ], + "source": { + "discovery": "EXTERNAL" + } +} diff --git a/2021/24xxx/CVE-2021-24672.json b/2021/24xxx/CVE-2021-24672.json index 3506f238578..5482a41c0d1 100644 --- a/2021/24xxx/CVE-2021-24672.json +++ b/2021/24xxx/CVE-2021-24672.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24672", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24672", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "One User Avatar < 2.3.7 - Contributor+ Stored Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "One User Avatar | User Profile Picture", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.3.7", + "version_value": "2.3.7" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The One User Avatar WordPress plugin before 2.3.7 does not escape the link and target attributes of its shortcode, allowing users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/762c506a-f57d-450f-99c0-32d750306ddc", + "name": "https://wpscan.com/vulnerability/762c506a-f57d-450f-99c0-32d750306ddc" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "apple502j" + } + ], + "source": { + "discovery": "EXTERNAL" + } +} diff --git a/2021/24xxx/CVE-2021-24675.json b/2021/24xxx/CVE-2021-24675.json index 891a8eb888b..93f20cb1511 100644 --- a/2021/24xxx/CVE-2021-24675.json +++ b/2021/24xxx/CVE-2021-24675.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24675", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24675", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "One User Avatar < 2.3.7 - Avatar Update via CSRF" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "One User Avatar | User Profile Picture", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.3.7", + "version_value": "2.3.7" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The One User Avatar WordPress plugin before 2.3.7 does not check for CSRF when updating the Avatar in page where the [avatar_upload] shortcode is embed. As a result, attackers could make logged in user change their avatar via a CSRF attack" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/9b9a55d5-c121-4b5b-80df-f9f419c0dc55", + "name": "https://wpscan.com/vulnerability/9b9a55d5-c121-4b5b-80df-f9f419c0dc55" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "apple502j" + } + ], + "source": { + "discovery": "EXTERNAL" + } +} diff --git a/2021/24xxx/CVE-2021-24677.json b/2021/24xxx/CVE-2021-24677.json index 6875cfd9050..79185c62a8a 100644 --- a/2021/24xxx/CVE-2021-24677.json +++ b/2021/24xxx/CVE-2021-24677.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24677", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24677", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Find My Blocks < 3.4.0 - Private Post Titles Disclosure" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Find My Blocks", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.4.0", + "version_value": "3.4.0" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Find My Blocks WordPress plugin before 3.4.0 does not have authorisation checks in its REST API, which could allow unauthenticated users to enumerate private posts' titles." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/40c7e424-9a97-41ab-a312-2a06b607609a", + "name": "https://wpscan.com/vulnerability/40c7e424-9a97-41ab-a312-2a06b607609a" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-284 Improper Access Control", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "apple502j" + } + ], + "source": { + "discovery": "EXTERNAL" + } +} diff --git a/2021/24xxx/CVE-2021-24684.json b/2021/24xxx/CVE-2021-24684.json index 2fa93b0a086..e0e7e097016 100644 --- a/2021/24xxx/CVE-2021-24684.json +++ b/2021/24xxx/CVE-2021-24684.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24684", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24684", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "PDF Light Viewer < 1.4.12 - Authenticated Command Injection" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "WordPress PDF Light Viewer Plugin", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.4.12", + "version_value": "1.4.12" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WordPress PDF Light Viewer Plugin WordPress plugin before 1.4.12 allows users with Author roles to execute arbitrary OS command on the server via OS Command Injection when invoking Ghostscript." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/b5295bf9-8cf6-416e-b215-074742a5fc63", + "name": "https://wpscan.com/vulnerability/b5295bf9-8cf6-416e-b215-074742a5fc63" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "apple502j" + } + ], + "source": { + "discovery": "EXTERNAL" + } +} diff --git a/2021/24xxx/CVE-2021-24702.json b/2021/24xxx/CVE-2021-24702.json index 4c2136f3635..aded5ac58bd 100644 --- a/2021/24xxx/CVE-2021-24702.json +++ b/2021/24xxx/CVE-2021-24702.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24702", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24702", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "LearnPress < 4.1.3.1 - Multiple Admin+ Stored Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "LearnPress – WordPress LMS Plugin", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "4.1.3.1", + "version_value": "4.1.3.1" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The LearnPress WordPress plugin before 4.1.3.1 does not properly sanitize or escape various inputs within course settings, which could allow high privilege users to perform Cross-Site Scripting attacks when the unfiltred_html capability is disallowed" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/30635cc9-4415-48bb-9c67-ea670ea1b942", + "name": "https://wpscan.com/vulnerability/30635cc9-4415-48bb-9c67-ea670ea1b942" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Shivam Rai" + } + ], + "source": { + "discovery": "EXTERNAL" + } +} diff --git a/2021/24xxx/CVE-2021-24732.json b/2021/24xxx/CVE-2021-24732.json index d89df9779a2..ae94bc6e6a2 100644 --- a/2021/24xxx/CVE-2021-24732.json +++ b/2021/24xxx/CVE-2021-24732.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24732", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24732", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Dflip Lite < 1.7.10 - Contributor+ Stored Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "PDF Flipbook, 3D Flipbook WordPress – DearFlip", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.7.10", + "version_value": "1.7.10" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PDF Flipbook, 3D Flipbook WordPress – DearFlip WordPress plugin before 1.7.10 does not escape the class attribute of its shortcode before outputting it back in an attribute, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/9425a9b2-e9b8-41f5-a3ca-623b6da0297c", + "name": "https://wpscan.com/vulnerability/9425a9b2-e9b8-41f5-a3ca-623b6da0297c" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "apple502j" + } + ], + "source": { + "discovery": "EXTERNAL" + } +} diff --git a/2021/24xxx/CVE-2021-24734.json b/2021/24xxx/CVE-2021-24734.json index 24efefb79cd..f1a240b0e3d 100644 --- a/2021/24xxx/CVE-2021-24734.json +++ b/2021/24xxx/CVE-2021-24734.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24734", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24734", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Compact WP Audio Player < 1.9.7 - Contributor+ Stored Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Compact WP Audio Player", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.9.7", + "version_value": "1.9.7" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Compact WP Audio Player WordPress plugin before 1.9.7 does not escape some of its shortcodes attributes, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/fb007191-b008-4d19-b896-55fbee2a3cf7", + "name": "https://wpscan.com/vulnerability/fb007191-b008-4d19-b896-55fbee2a3cf7" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "apple502j" + } + ], + "source": { + "discovery": "EXTERNAL" + } +} diff --git a/2021/24xxx/CVE-2021-24735.json b/2021/24xxx/CVE-2021-24735.json index e47b78b6845..7e883050909 100644 --- a/2021/24xxx/CVE-2021-24735.json +++ b/2021/24xxx/CVE-2021-24735.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24735", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24735", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Compact WP Audio Player < 1.9.7 - Setting Change via CSRF" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Compact WP Audio Player", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.9.7", + "version_value": "1.9.7" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Compact WP Audio Player WordPress plugin before 1.9.7 does not implement nonce checks, which could allow attackers to make a logged in admin change the \"Disable Simultaneous Play\" setting via a CSRF attack." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/dcbcf6e7-e5b3-498b-9f5e-7896d309441f", + "name": "https://wpscan.com/vulnerability/dcbcf6e7-e5b3-498b-9f5e-7896d309441f" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "apple502j" + } + ], + "source": { + "discovery": "EXTERNAL" + } +} diff --git a/2021/24xxx/CVE-2021-24736.json b/2021/24xxx/CVE-2021-24736.json index 4ee6fa7af86..eeb8028a1e4 100644 --- a/2021/24xxx/CVE-2021-24736.json +++ b/2021/24xxx/CVE-2021-24736.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24736", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24736", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Shared Files < 1.6.57 - Admin+ Stored Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Easy Download Manager and File Sharing Plugin with frontend file upload – a better Media Library — Shared Files", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.6.57", + "version_value": "1.6.57" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Easy Download Manager and File Sharing Plugin with frontend file upload – a better Media Library — Shared Files WordPress plugin before 1.6.57 does not sanitise and escape some of its settings before outputting them in attributes, which could lead to Stored Cross-Site Scripting issues." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/d72275bd-0c66-4b2a-940d-d5256b5426cc", + "name": "https://wpscan.com/vulnerability/d72275bd-0c66-4b2a-940d-d5256b5426cc" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Shivam Rai" + } + ], + "source": { + "discovery": "EXTERNAL" + } +} diff --git a/2021/24xxx/CVE-2021-24740.json b/2021/24xxx/CVE-2021-24740.json index ff5fb286f5e..328f05114f1 100644 --- a/2021/24xxx/CVE-2021-24740.json +++ b/2021/24xxx/CVE-2021-24740.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24740", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24740", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Tutor LMS < 1.9.9 - Multiple Admin+ Stored Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Tutor LMS – eLearning and online course solution", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.9.9", + "version_value": "1.9.9" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Tutor LMS WordPress plugin before 1.9.9 does not escape some of its settings before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/e6cf694d-c4ae-4b91-97c0-a6bdbafc7d60", + "name": "https://wpscan.com/vulnerability/e6cf694d-c4ae-4b91-97c0-a6bdbafc7d60" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Shivam Rai" + } + ], + "source": { + "discovery": "EXTERNAL" + } +} diff --git a/2021/24xxx/CVE-2021-24743.json b/2021/24xxx/CVE-2021-24743.json index f183a41ef74..78752fe834a 100644 --- a/2021/24xxx/CVE-2021-24743.json +++ b/2021/24xxx/CVE-2021-24743.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24743", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24743", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Podcast Subscribe Buttons < 1.4.2 - Contributor+ Stored XSS" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Podcast Subscribe Buttons", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.4.2", + "version_value": "1.4.2" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Podcast Subscribe Buttons WordPress plugin before 1.4.2 allows users with any role capable of editing or adding posts to perform stored XSS." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/998395f0-f176-45b9-baf7-b50d30538c7d", + "name": "https://wpscan.com/vulnerability/998395f0-f176-45b9-baf7-b50d30538c7d" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "apple502j" + } + ], + "source": { + "discovery": "EXTERNAL" + } +} diff --git a/2021/24xxx/CVE-2021-24752.json b/2021/24xxx/CVE-2021-24752.json index e742369ed1d..e7f128e47b4 100644 --- a/2021/24xxx/CVE-2021-24752.json +++ b/2021/24xxx/CVE-2021-24752.json @@ -1,18 +1,267 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24752", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24752", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Multiple Plugins from CatchThemes - Unauthorised Plugin's Setting Change" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "CatchThemes", + "product": { + "product_data": [ + { + "product_name": "Essential Widgets", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.9", + "version_value": "1.9" + } + ] + } + }, + { + "product_name": "To Top", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.3", + "version_value": "2.3" + } + ] + } + }, + { + "product_name": "Header Enhancement", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.5", + "version_value": "1.5" + } + ] + } + }, + { + "product_name": "Generate Child Theme", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.6", + "version_value": "1.6" + } + ] + } + }, + { + "product_name": "Essential Content Types", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.9", + "version_value": "1.9" + } + ] + } + }, + { + "product_name": "Catch Web Tools", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.7", + "version_value": "2.7" + } + ] + } + }, + { + "product_name": "Catch Under Construction", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.4", + "version_value": "1.4" + } + ] + } + }, + { + "product_name": "Catch Themes Demo Import", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.6", + "version_value": "1.6" + } + ] + } + }, + { + "product_name": "Catch Sticky Menu", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.7", + "version_value": "1.7" + } + ] + } + }, + { + "product_name": "Catch Scroll Progress Bar", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.6", + "version_value": "1.6" + } + ] + } + }, + { + "product_name": "Social Gallery and Widget", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.3", + "version_value": "2.3" + } + ] + } + }, + { + "product_name": "Catch Infinite Scroll", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.9", + "version_value": "1.9" + } + ] + } + }, + { + "product_name": "Catch Import Export", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.9", + "version_value": "1.9" + } + ] + } + }, + { + "product_name": "Catch Gallery", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.7", + "version_value": "1.7" + } + ] + } + }, + { + "product_name": "Catch Duplicate Switcher", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.6", + "version_value": "1.6" + } + ] + } + }, + { + "product_name": "Catch Breadcrumb", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.7", + "version_value": "1.7" + } + ] + } + }, + { + "product_name": "Catch IDs", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.4", + "version_value": "2.4" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple Plugins from the CatchThemes vendor do not perform capability and CSRF checks in the ctp_switch AJAX action, which could allow any authenticated users, such as Subscriber to change the Essential Widgets WordPress plugin before 1.9, To Top WordPress plugin before 2.3, Header Enhancement WordPress plugin before 1.5, Generate Child Theme WordPress plugin before 1.6, Essential Content Types WordPress plugin before 1.9, Catch Web Tools WordPress plugin before 2.7, Catch Under Construction WordPress plugin before 1.4, Catch Themes Demo Import WordPress plugin before 1.6, Catch Sticky Menu WordPress plugin before 1.7, Catch Scroll Progress Bar WordPress plugin before 1.6, Social Gallery and Widget WordPress plugin before 2.3, Catch Infinite Scroll WordPress plugin before 1.9, Catch Import Export WordPress plugin before 1.9, Catch Gallery WordPress plugin before 1.7, Catch Duplicate Switcher WordPress plugin before 1.6, Catch Breadcrumb WordPress plugin before 1.7, Catch IDs WordPress plugin before 2.4's configurations." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/181a729e-fffe-457c-9e8d-a4343fd2e630", + "name": "https://wpscan.com/vulnerability/181a729e-fffe-457c-9e8d-a4343fd2e630" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-284 Improper Access Control", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "apple502j" + } + ], + "source": { + "discovery": "EXTERNAL" + } +} diff --git a/2021/24xxx/CVE-2021-24754.json b/2021/24xxx/CVE-2021-24754.json index e5c3d3a3b08..56e2c971f9f 100644 --- a/2021/24xxx/CVE-2021-24754.json +++ b/2021/24xxx/CVE-2021-24754.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24754", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24754", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "MainWP Child Reports < 2.0.8 - Admin+ SQL Injection" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "MainWP Child Reports", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.0.8", + "version_value": "2.0.8" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The MainWP Child Reports WordPress plugin before 2.0.8 does not validate or sanitise the order parameter before using it in a SQL statement in the admin dashboard, leading to an SQL injection issue" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/132118aa-4b72-4eaa-8aa1-6ad7b0c7f495", + "name": "https://wpscan.com/vulnerability/132118aa-4b72-4eaa-8aa1-6ad7b0c7f495" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-89 SQL Injection", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "bl4derunner" + } + ], + "source": { + "discovery": "EXTERNAL" + } +} diff --git a/2021/24xxx/CVE-2021-24760.json b/2021/24xxx/CVE-2021-24760.json index 71fd055c30b..4c3353e85c5 100644 --- a/2021/24xxx/CVE-2021-24760.json +++ b/2021/24xxx/CVE-2021-24760.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24760", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24760", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Gutenberg PDF Viewer Block < 1.0.1 - Contributor+ Stored Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Gutenberg PDF Viewer Block", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.0.1", + "version_value": "1.0.1" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Gutenberg PDF Viewer Block WordPress plugin before 1.0.1 does not sanitise and escape its block, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/aebf821f-1724-4e4c-8d42-5a94e509d271", + "name": "https://wpscan.com/vulnerability/aebf821f-1724-4e4c-8d42-5a94e509d271" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "apple502j" + } + ], + "source": { + "discovery": "EXTERNAL" + } +}