admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-02-01 14:01:17 +00:00
parent e6be5c034a
commit f65603a2fc
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
31 changed files with 1950 additions and 1833 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

144
2021/24xxx/CVE-2021-24648.json
View File

@ -1,80 +1,78 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-24648",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Registration Magic < 5.0.1.9 - Reflected Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "RegistrationMagic Custom Registration Forms, User Registration and User Login Plugin",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.0.1.9",
"version_value": "5.0.1.9"
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24648",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Registration Magic < 5.0.1.9 - Reflected Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The RegistrationMagic WordPress plugin before 5.0.1.9 does not sanitise and escape the rm_search_value parameter before outputting back in an attribute, leading to a Reflected Cross-Site Scripting"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/a3573212-2a98-4504-b8f4-b4d46655e17c",
"name": "https://wpscan.com/vulnerability/a3573212-2a98-4504-b8f4-b4d46655e17c"
},
{
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2646734",
"name": "https://plugins.trac.wordpress.org/changeset/2646734"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The RegistrationMagic WordPress plugin before 5.0.1.9 does not sanitise and escape the rm_search_value parameter before outputting back in an attribute, leading to a Reflected Cross-Site Scripting"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "AyeCode Ltd"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/a3573212-2a98-4504-b8f4-b4d46655e17c",
"name": "https://wpscan.com/vulnerability/a3573212-2a98-4504-b8f4-b4d46655e17c"
},
{
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2646734",
"name": "https://plugins.trac.wordpress.org/changeset/2646734"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "AyeCode Ltd"
}
],
"source": {
"discovery": "EXTERNAL"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

144
2021/24xxx/CVE-2021-24686.json
View File

@ -1,80 +1,78 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-24686",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "SVG Support < 2.3.20 - Admin+ Stored Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "SVG Support",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.3.20",
"version_value": "2.3.20"
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24686",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "SVG Support < 2.3.20 - Admin+ Stored Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SVG Support WordPress plugin before 2.3.20 does not escape the \"CSS Class to target\" setting before outputting it in an attribute, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/38018695-901d-48d9-b39a-7c00df7f0a4b",
"name": "https://wpscan.com/vulnerability/38018695-901d-48d9-b39a-7c00df7f0a4b"
},
{
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2651929",
"name": "https://plugins.trac.wordpress.org/changeset/2651929"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SVG Support WordPress plugin before 2.3.20 does not escape the \"CSS Class to target\" setting before outputting it in an attribute, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed."
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Shivam Rai"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/38018695-901d-48d9-b39a-7c00df7f0a4b",
"name": "https://wpscan.com/vulnerability/38018695-901d-48d9-b39a-7c00df7f0a4b"
},
{
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2651929",
"name": "https://plugins.trac.wordpress.org/changeset/2651929"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Shivam Rai"
}
],
"source": {
"discovery": "EXTERNAL"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

134
2021/24xxx/CVE-2021-24707.json
View File

@ -1,75 +1,73 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-24707",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Learning Courses < 5.0 - Admin+ Stored Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Learning Courses",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.0",
"version_value": "5.0"
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24707",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Learning Courses < 5.0 - Admin+ Stored Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Learning Courses WordPress plugin before 5.0 does not sanitise and escape the Email PDT identity token settings, which could allow high privilege users to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/0be5e06e-4ff1-43d2-8ba7-2530519d517e",
"name": "https://wpscan.com/vulnerability/0be5e06e-4ff1-43d2-8ba7-2530519d517e"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Learning Courses WordPress plugin before 5.0 does not sanitise and escape the Email PDT identity token settings, which could allow high privilege users to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "dhananjaygarg192002"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/0be5e06e-4ff1-43d2-8ba7-2530519d517e",
"name": "https://wpscan.com/vulnerability/0be5e06e-4ff1-43d2-8ba7-2530519d517e"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "dhananjaygarg192002"
}
],
"source": {
"discovery": "EXTERNAL"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

134
2021/24xxx/CVE-2021-24761.json
View File

@ -1,75 +1,73 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-24761",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Error Log Viewer <= 1.1.1 - Arbitrary Text File Deletion via CSRF"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Error Log Viewer by BestWebSoft",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.1.1",
"version_value": "1.1.1"
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24761",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Error Log Viewer <= 1.1.1 - Arbitrary Text File Deletion via CSRF"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Error Log Viewer WordPress plugin through 1.1.1 does not perform nonce check when deleting a log file and does not have path traversal prevention, which could allow attackers to make a logged in admin delete arbitrary text files on the web server."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/c14e1ba6-fc00-4150-b541-0d6740fee4d2",
"name": "https://wpscan.com/vulnerability/c14e1ba6-fc00-4150-b541-0d6740fee4d2"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Error Log Viewer WordPress plugin through 1.1.1 does not perform nonce check when deleting a log file and does not have path traversal prevention, which could allow attackers to make a logged in admin delete arbitrary text files on the web server."
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "apple502j"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/c14e1ba6-fc00-4150-b541-0d6740fee4d2",
"name": "https://wpscan.com/vulnerability/c14e1ba6-fc00-4150-b541-0d6740fee4d2"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "apple502j"
}
],
"source": {
"discovery": "EXTERNAL"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

134
2021/24xxx/CVE-2021-24762.json
View File

@ -1,75 +1,73 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-24762",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Perfect Survey < 1.5.2 - Unauthenticated SQL Injection"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Perfect Survey",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.5.2",
"version_value": "1.5.2"
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24762",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Perfect Survey < 1.5.2 - Unauthenticated SQL Injection"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Perfect Survey WordPress plugin before 1.5.2 does not validate and escape the question_id GET parameter before using it in a SQL statement in the get_question AJAX action, allowing unauthenticated users to perform SQL injection."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/c1620905-7c31-4e62-80f5-1d9635be11ad",
"name": "https://wpscan.com/vulnerability/c1620905-7c31-4e62-80f5-1d9635be11ad"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-89 SQL Injection",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Perfect Survey WordPress plugin before 1.5.2 does not validate and escape the question_id GET parameter before using it in a SQL statement in the get_question AJAX action, allowing unauthenticated users to perform SQL injection."
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "apple502j"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/c1620905-7c31-4e62-80f5-1d9635be11ad",
"name": "https://wpscan.com/vulnerability/c1620905-7c31-4e62-80f5-1d9635be11ad"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "apple502j"
}
],
"source": {
"discovery": "EXTERNAL"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

134
2021/24xxx/CVE-2021-24763.json
View File

@ -1,75 +1,73 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-24763",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Perfect Survey < 1.5.2 - Unauthorised AJAX Call to Stored XSS / Survey Settings Update"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Perfect Survey",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.5.2",
"version_value": "1.5.2"
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24763",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Perfect Survey < 1.5.2 - Unauthorised AJAX Call to Stored XSS / Survey Settings Update"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Perfect Survey WordPress plugin before 1.5.2 does not have proper authorisation nor CSRF checks in the save_global_setting AJAX action, allowing unauthenticated users to edit surveys and modify settings. Given the lack of sanitisation and escaping in the settings, this could also lead to a Stored Cross-Site Scripting issue which will be executed in the context of a user viewing any survey"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/c73c7694-1cee-4f26-a425-9c336adce52b",
"name": "https://wpscan.com/vulnerability/c73c7694-1cee-4f26-a425-9c336adce52b"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-862 Missing Authorization",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Perfect Survey WordPress plugin before 1.5.2 does not have proper authorisation nor CSRF checks in the save_global_setting AJAX action, allowing unauthenticated users to edit surveys and modify settings. Given the lack of sanitisation and escaping in the settings, this could also lead to a Stored Cross-Site Scripting issue which will be executed in the context of a user viewing any survey"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "apple502j"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/c73c7694-1cee-4f26-a425-9c336adce52b",
"name": "https://wpscan.com/vulnerability/c73c7694-1cee-4f26-a425-9c336adce52b"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "apple502j"
}
],
"source": {
"discovery": "EXTERNAL"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

134
2021/24xxx/CVE-2021-24764.json
View File

@ -1,75 +1,73 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-24764",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Perfect Survey < 1.5.2 - Reflected Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Perfect Survey",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.5.2",
"version_value": "1.5.2"
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24764",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Perfect Survey < 1.5.2 - Reflected Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Perfect Survey WordPress plugin before 1.5.2 does not sanitise and escape multiple parameters (id and filters[session_id] of single_statistics page, type and message of importexport page) before outputting them back in pages/attributes in the admin dashboard, leading to Reflected Cross-Site Scripting issues"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/c2f8e9b9-c044-4c45-8d17-e628e9cb5d59",
"name": "https://wpscan.com/vulnerability/c2f8e9b9-c044-4c45-8d17-e628e9cb5d59"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Perfect Survey WordPress plugin before 1.5.2 does not sanitise and escape multiple parameters (id and filters[session_id] of single_statistics page, type and message of importexport page) before outputting them back in pages/attributes in the admin dashboard, leading to Reflected Cross-Site Scripting issues"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "apple502j"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/c2f8e9b9-c044-4c45-8d17-e628e9cb5d59",
"name": "https://wpscan.com/vulnerability/c2f8e9b9-c044-4c45-8d17-e628e9cb5d59"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "apple502j"
}
],
"source": {
"discovery": "EXTERNAL"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

134
2021/24xxx/CVE-2021-24765.json
View File

@ -1,75 +1,73 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-24765",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Perfect Survey < 1.5.2 - Unauthenticated Stored Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Perfect Survey",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.5.2",
"version_value": "1.5.2"
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24765",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Perfect Survey < 1.5.2 - Unauthenticated Stored Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Perfect Survey WordPress plugin through 1.5.2 does not validate and escape the X-Forwarded-For header value before outputting it in the statistic page when the Anonymize IP setting of a survey is turned off, leading to a Stored Cross-Site Scripting issue"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/4440e7ca-1a55-444d-8f6c-04153302d750",
"name": "https://wpscan.com/vulnerability/4440e7ca-1a55-444d-8f6c-04153302d750"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Perfect Survey WordPress plugin through 1.5.2 does not validate and escape the X-Forwarded-For header value before outputting it in the statistic page when the Anonymize IP setting of a survey is turned off, leading to a Stored Cross-Site Scripting issue"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "apple502j"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/4440e7ca-1a55-444d-8f6c-04153302d750",
"name": "https://wpscan.com/vulnerability/4440e7ca-1a55-444d-8f6c-04153302d750"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "apple502j"
}
],
"source": {
"discovery": "EXTERNAL"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

134
2021/24xxx/CVE-2021-24775.json
View File

@ -1,75 +1,73 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-24775",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Document Embedder < 1.7.5 - Unauthenticated Arbitrary Private/Draft Post Title Disclosure"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Document Embedder",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.7.5",
"version_value": "1.7.5"
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24775",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Document Embedder < 1.7.5 - Unauthenticated Arbitrary Private/Draft Post Title Disclosure"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Document Embedder WordPress plugin before 1.7.5 contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitrary private and draft posts."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/c6f24afe-d273-4f87-83ca-a791a385b06b",
"name": "https://wpscan.com/vulnerability/c6f24afe-d273-4f87-83ca-a791a385b06b"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-200 Information Exposure",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Document Embedder WordPress plugin before 1.7.5 contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitrary private and draft posts."
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "apple502j"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/c6f24afe-d273-4f87-83ca-a791a385b06b",
"name": "https://wpscan.com/vulnerability/c6f24afe-d273-4f87-83ca-a791a385b06b"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "apple502j"
}
],
"source": {
"discovery": "EXTERNAL"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

144
2021/24xxx/CVE-2021-24934.json
View File

@ -1,80 +1,80 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-24934",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Visual CSS Style Editor < 7.5.4 - Reflected Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Visual CSS Style Editor",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "7.5.4",
"version_value": "7.5.4"
"CVE_data_meta": {
"ID": "CVE-2021-24934",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Visual CSS Style Editor < 7.5.4 - Reflected Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Visual CSS Style Editor",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "7.5.4",
"version_value": "7.5.4"
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Visual CSS Style Editor WordPress plugin before 7.5.4 does not sanitise and escape the wyp_page_type parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/0aa5a8d5-e736-4cd3-abfd-8e0a356bb6ef",
"name": "https://wpscan.com/vulnerability/0aa5a8d5-e736-4cd3-abfd-8e0a356bb6ef"
},
{
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2649978",
"name": "https://plugins.trac.wordpress.org/changeset/2649978"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Visual CSS Style Editor WordPress plugin before 7.5.4 does not sanitise and escape the wyp_page_type parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "JrXnm"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/0aa5a8d5-e736-4cd3-abfd-8e0a356bb6ef",
"name": "https://wpscan.com/vulnerability/0aa5a8d5-e736-4cd3-abfd-8e0a356bb6ef"
},
{
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2649978",
"name": "https://plugins.trac.wordpress.org/changeset/2649978"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "JrXnm"
}
],
"source": {
"discovery": "EXTERNAL"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

134
2021/24xxx/CVE-2021-24937.json
View File

@ -1,75 +1,75 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-24937",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Asset CleanUp < 1.3.8.5 - Reflected Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Asset CleanUp: Page Speed Booster",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.3.8.5",
"version_value": "1.3.8.5"
"CVE_data_meta": {
"ID": "CVE-2021-24937",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Asset CleanUp < 1.3.8.5 - Reflected Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Asset CleanUp: Page Speed Booster",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.3.8.5",
"version_value": "1.3.8.5"
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Asset CleanUp: Page Speed Booster WordPress plugin before 1.3.8.5 does not escape the wpacu_selected_sub_tab_area parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting issue"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/dde3c119-dad9-4205-a931-d49bbf3b6b87",
"name": "https://wpscan.com/vulnerability/dde3c119-dad9-4205-a931-d49bbf3b6b87"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Asset CleanUp: Page Speed Booster WordPress plugin before 1.3.8.5 does not escape the wpacu_selected_sub_tab_area parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting issue"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "JrXnm"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/dde3c119-dad9-4205-a931-d49bbf3b6b87",
"name": "https://wpscan.com/vulnerability/dde3c119-dad9-4205-a931-d49bbf3b6b87"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "JrXnm"
}
],
"source": {
"discovery": "EXTERNAL"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

134
2021/24xxx/CVE-2021-24944.json
View File

@ -1,75 +1,75 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-24944",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Custom Dashboard & Login Page < 7.0 - Admin+ Stored Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Custom Dashboard & Login Page AGCA",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "7.0",
"version_value": "7.0"
"CVE_data_meta": {
"ID": "CVE-2021-24944",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Custom Dashboard & Login Page < 7.0 - Admin+ Stored Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Custom Dashboard & Login Page \u2013 AGCA",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "7.0",
"version_value": "7.0"
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Custom Dashboard & Login Page WordPress plugin before 7.0 does not sanitise some of its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/d1bfdce3-89bd-441f-8ebb-02cf0ff8b6cc",
"name": "https://wpscan.com/vulnerability/d1bfdce3-89bd-441f-8ebb-02cf0ff8b6cc"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Custom Dashboard & Login Page WordPress plugin before 7.0 does not sanitise some of its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed."
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "0ppr2s"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/d1bfdce3-89bd-441f-8ebb-02cf0ff8b6cc",
"name": "https://wpscan.com/vulnerability/d1bfdce3-89bd-441f-8ebb-02cf0ff8b6cc"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "0ppr2s"
}
],
"source": {
"discovery": "EXTERNAL"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

144
2021/24xxx/CVE-2021-24975.json
View File

@ -1,80 +1,80 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-24975",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "NextScripts: Social Networks Auto-Poster < 4.3.24 - Unauthenticated Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "NextScripts: Social Networks Auto-Poster",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4.3.24",
"version_value": "4.3.24"
"CVE_data_meta": {
"ID": "CVE-2021-24975",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "NextScripts: Social Networks Auto-Poster < 4.3.24 - Unauthenticated Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "NextScripts: Social Networks Auto-Poster",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4.3.24",
"version_value": "4.3.24"
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The NextScripts: Social Networks Auto-Poster WordPress plugin before 4.3.24 does not sanitise and escape logged requests before outputting them in the related admin dashboard, leading to an Unauthenticated Stored Cross-Site Scripting issue"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/b99dae3d-8230-4427-adc5-4ef9cbfb8ba1",
"name": "https://wpscan.com/vulnerability/b99dae3d-8230-4427-adc5-4ef9cbfb8ba1"
},
{
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2650138",
"name": "https://plugins.trac.wordpress.org/changeset/2650138"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The NextScripts: Social Networks Auto-Poster WordPress plugin before 4.3.24 does not sanitise and escape logged requests before outputting them in the related admin dashboard, leading to an Unauthenticated Stored Cross-Site Scripting issue"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Krzysztof Zając"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/b99dae3d-8230-4427-adc5-4ef9cbfb8ba1",
"name": "https://wpscan.com/vulnerability/b99dae3d-8230-4427-adc5-4ef9cbfb8ba1"
},
{
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2650138",
"name": "https://plugins.trac.wordpress.org/changeset/2650138"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Krzysztof Zaj\u0105c"
}
],
"source": {
"discovery": "EXTERNAL"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

134
2021/24xxx/CVE-2021-24983.json
View File

@ -1,75 +1,75 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-24983",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Asset CleanUp < 1.3.8.5 - Reflected Cross-Site Scripting via AJAX Action"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Asset CleanUp: Page Speed Booster",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.3.8.5",
"version_value": "1.3.8.5"
"CVE_data_meta": {
"ID": "CVE-2021-24983",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Asset CleanUp < 1.3.8.5 - Reflected Cross-Site Scripting via AJAX Action"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Asset CleanUp: Page Speed Booster",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.3.8.5",
"version_value": "1.3.8.5"
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Asset CleanUp: Page Speed Booster WordPress plugin before 1.3.8.5 does not sanitise and escape POSted parameters sent to the wpassetcleanup_fetch_active_plugins_icons AJAX action (available to admin users), leading to a Reflected Cross-Site Scripting issue"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/31fdabb0-bc74-4d25-b0cd-c872aae6cb2f",
"name": "https://wpscan.com/vulnerability/31fdabb0-bc74-4d25-b0cd-c872aae6cb2f"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Asset CleanUp: Page Speed Booster WordPress plugin before 1.3.8.5 does not sanitise and escape POSted parameters sent to the wpassetcleanup_fetch_active_plugins_icons AJAX action (available to admin users), leading to a Reflected Cross-Site Scripting issue"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "JrXnm"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/31fdabb0-bc74-4d25-b0cd-c872aae6cb2f",
"name": "https://wpscan.com/vulnerability/31fdabb0-bc74-4d25-b0cd-c872aae6cb2f"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "JrXnm"
}
],
"source": {
"discovery": "EXTERNAL"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

134
2021/25xxx/CVE-2021-25063.json
View File

@ -1,75 +1,75 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-25063",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Contact Form 7 Skins <= 2.5.0 - Reflected Cross-Site Scripting (XSS)"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Contact Form 7 Skins",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "2.5.0",
"version_value": "2.5.0"
"CVE_data_meta": {
"ID": "CVE-2021-25063",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Contact Form 7 Skins <= 2.5.0 - Reflected Cross-Site Scripting (XSS)"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Contact Form 7 Skins",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "2.5.0",
"version_value": "2.5.0"
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Contact Form 7 Skins WordPress plugin through 2.5.0 does not sanitise and escape the tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/e2185887-3e53-4089-aa3f-981c944ee0bb",
"name": "https://wpscan.com/vulnerability/e2185887-3e53-4089-aa3f-981c944ee0bb"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Contact Form 7 Skins WordPress plugin through 2.5.0 does not sanitise and escape the tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Krzysztof Zając"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/e2185887-3e53-4089-aa3f-981c944ee0bb",
"name": "https://wpscan.com/vulnerability/e2185887-3e53-4089-aa3f-981c944ee0bb"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Krzysztof Zaj\u0105c"
}
],
"source": {
"discovery": "EXTERNAL"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

134
2021/25xxx/CVE-2021-25072.json
View File

@ -1,75 +1,75 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-25072",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "NextScripts: Social Networks Auto-Poster < 4.3.25 - Arbitrary Post Deletion via CSRF"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "NextScripts: Social Networks Auto-Poster",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4.3.25",
"version_value": "4.3.25"
"CVE_data_meta": {
"ID": "CVE-2021-25072",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "NextScripts: Social Networks Auto-Poster < 4.3.25 - Arbitrary Post Deletion via CSRF"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "NextScripts: Social Networks Auto-Poster",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4.3.25",
"version_value": "4.3.25"
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The NextScripts: Social Networks Auto-Poster WordPress plugin before 4.3.25 does not have CSRF check in place when deleting items, allowing attacker to make a logged in admin delete arbitrary posts via a CSRF attack"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/53d2c61d-ce73-40e0-a113-9d76d8fecc91",
"name": "https://wpscan.com/vulnerability/53d2c61d-ce73-40e0-a113-9d76d8fecc91"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The NextScripts: Social Networks Auto-Poster WordPress plugin before 4.3.25 does not have CSRF check in place when deleting items, allowing attacker to make a logged in admin delete arbitrary posts via a CSRF attack"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Krzysztof Zając"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/53d2c61d-ce73-40e0-a113-9d76d8fecc91",
"name": "https://wpscan.com/vulnerability/53d2c61d-ce73-40e0-a113-9d76d8fecc91"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Krzysztof Zaj\u0105c"
}
],
"source": {
"discovery": "EXTERNAL"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

144
2021/25xxx/CVE-2021-25085.json
View File

@ -1,80 +1,80 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-25085",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "WOOF - Products Filter for WooCommerce < 1.2.6.3 - Reflected Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "WOOF Products Filter for WooCommerce",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.2.6.3",
"version_value": "1.2.6.3"
"CVE_data_meta": {
"ID": "CVE-2021-25085",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "WOOF - Products Filter for WooCommerce < 1.2.6.3 - Reflected Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "WOOF \u2013 Products Filter for WooCommerce",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.2.6.3",
"version_value": "1.2.6.3"
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WOOF WordPress plugin before 1.2.6.3 does not sanitise and escape the woof_redraw_elements before outputing back in an admin page, leading to a Reflected Cross-Site Scripting"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/b7dd81c6-6af1-4976-b928-421ca69bfa90",
"name": "https://wpscan.com/vulnerability/b7dd81c6-6af1-4976-b928-421ca69bfa90"
},
{
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2648751",
"name": "https://plugins.trac.wordpress.org/changeset/2648751"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WOOF WordPress plugin before 1.2.6.3 does not sanitise and escape the woof_redraw_elements before outputing back in an admin page, leading to a Reflected Cross-Site Scripting"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Krzysztof Zając"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/b7dd81c6-6af1-4976-b928-421ca69bfa90",
"name": "https://wpscan.com/vulnerability/b7dd81c6-6af1-4976-b928-421ca69bfa90"
},
{
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2648751",
"name": "https://plugins.trac.wordpress.org/changeset/2648751"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Krzysztof Zaj\u0105c"
}
],
"source": {
"discovery": "EXTERNAL"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

134
2021/25xxx/CVE-2021-25089.json
View File

@ -1,75 +1,75 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-25089",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "UpdraftPlus < 1.16.69 - Reflected Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "UpdraftPlus WordPress Backup Plugin",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.16.69",
"version_value": "1.16.69"
"CVE_data_meta": {
"ID": "CVE-2021-25089",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "UpdraftPlus < 1.16.69 - Reflected Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "UpdraftPlus WordPress Backup Plugin",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.16.69",
"version_value": "1.16.69"
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.69 does not sanitise and escape the updraft_restore parameter before outputting it back in the Restore page, leading to a Reflected Cross-Site Scripting"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/5adb977e-f7bf-4d36-b625-87bc23d379c8",
"name": "https://wpscan.com/vulnerability/5adb977e-f7bf-4d36-b625-87bc23d379c8"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.69 does not sanitise and escape the updraft_restore parameter before outputting it back in the Restore page, leading to a Reflected Cross-Site Scripting"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "JrXnm"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/5adb977e-f7bf-4d36-b625-87bc23d379c8",
"name": "https://wpscan.com/vulnerability/5adb977e-f7bf-4d36-b625-87bc23d379c8"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "JrXnm"
}
],
"source": {
"discovery": "EXTERNAL"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

134
2021/25xxx/CVE-2021-25091.json
View File

@ -1,75 +1,75 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-25091",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Link Library < 7.2.9 - Reflected Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Link Library",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "7.2.9",
"version_value": "7.2.9"
"CVE_data_meta": {
"ID": "CVE-2021-25091",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Link Library < 7.2.9 - Reflected Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Link Library",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "7.2.9",
"version_value": "7.2.9"
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Link Library WordPress plugin before 7.2.9 does not sanitise and escape the settingscopy parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/96204946-0b10-4a2c-8079-473883ff95b6",
"name": "https://wpscan.com/vulnerability/96204946-0b10-4a2c-8079-473883ff95b6"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Link Library WordPress plugin before 7.2.9 does not sanitise and escape the settingscopy parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Krzysztof Zając"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/96204946-0b10-4a2c-8079-473883ff95b6",
"name": "https://wpscan.com/vulnerability/96204946-0b10-4a2c-8079-473883ff95b6"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Krzysztof Zaj\u0105c"
}
],
"source": {
"discovery": "EXTERNAL"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

134
2021/25xxx/CVE-2021-25092.json
View File

@ -1,75 +1,75 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-25092",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Link Library < 7.2.8 - Library Settings Reset via CSRF"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Link Library",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "7.2.8",
"version_value": "7.2.8"
"CVE_data_meta": {
"ID": "CVE-2021-25092",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Link Library < 7.2.8 - Library Settings Reset via CSRF"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Link Library",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "7.2.8",
"version_value": "7.2.8"
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Link Library WordPress plugin before 7.2.8 does not have CSRF check when resetting library settings, allowing attackers to make a logged in admin reset arbitrary settings via a CSRF attack"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/1cd30913-67c7-46c3-a2de-dcca0c332323",
"name": "https://wpscan.com/vulnerability/1cd30913-67c7-46c3-a2de-dcca0c332323"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Link Library WordPress plugin before 7.2.8 does not have CSRF check when resetting library settings, allowing attackers to make a logged in admin reset arbitrary settings via a CSRF attack"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Krzysztof Zając"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/1cd30913-67c7-46c3-a2de-dcca0c332323",
"name": "https://wpscan.com/vulnerability/1cd30913-67c7-46c3-a2de-dcca0c332323"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Krzysztof Zaj\u0105c"
}
],
"source": {
"discovery": "EXTERNAL"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

134
2021/25xxx/CVE-2021-25093.json
View File

@ -1,75 +1,75 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-25093",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Link Library < 7.2.8 - Unauthenticated Arbitrary Links Deletion"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Link Library",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "7.2.8",
"version_value": "7.2.8"
"CVE_data_meta": {
"ID": "CVE-2021-25093",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Link Library < 7.2.8 - Unauthenticated Arbitrary Links Deletion"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Link Library",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "7.2.8",
"version_value": "7.2.8"
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Link Library WordPress plugin before 7.2.8 does not have authorisation in place when deleting links, allowing unauthenticated users to delete arbitrary links via a crafted request"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/7a7603ce-d76d-4c49-a886-67653bed8cd3",
"name": "https://wpscan.com/vulnerability/7a7603ce-d76d-4c49-a886-67653bed8cd3"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-862 Missing Authorization",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Link Library WordPress plugin before 7.2.8 does not have authorisation in place when deleting links, allowing unauthenticated users to delete arbitrary links via a crafted request"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Krzysztof Zając"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/7a7603ce-d76d-4c49-a886-67653bed8cd3",
"name": "https://wpscan.com/vulnerability/7a7603ce-d76d-4c49-a886-67653bed8cd3"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-862 Missing Authorization",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Krzysztof Zaj\u0105c"
}
],
"source": {
"discovery": "EXTERNAL"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

134
2021/25xxx/CVE-2021-25097.json
View File

@ -1,75 +1,75 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-25097",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "LabTools <= 1.0 - Subscriber+ Arbitrary Publication Deletion"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "LabTools",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.0",
"version_value": "1.0"
"CVE_data_meta": {
"ID": "CVE-2021-25097",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "LabTools <= 1.0 - Subscriber+ Arbitrary Publication Deletion"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "LabTools",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.0",
"version_value": "1.0"
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The LabTools WordPress plugin through 1.0 does not have proper authorisation and CSRF check in place when deleting publications, allowing any authenticated users, such as subscriber to delete arbitrary publication"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/67f5beb8-2cb0-4b43-87c7-dead9c005f9c",
"name": "https://wpscan.com/vulnerability/67f5beb8-2cb0-4b43-87c7-dead9c005f9c"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-284 Improper Access Control",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The LabTools WordPress plugin through 1.0 does not have proper authorisation and CSRF check in place when deleting publications, allowing any authenticated users, such as subscriber to delete arbitrary publication"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Muhammad Adel"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/67f5beb8-2cb0-4b43-87c7-dead9c005f9c",
"name": "https://wpscan.com/vulnerability/67f5beb8-2cb0-4b43-87c7-dead9c005f9c"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-284 Improper Access Control",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Muhammad Adel"
}
],
"source": {
"discovery": "EXTERNAL"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

61
2021/43xxx/CVE-2021-43509.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-43509",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-43509",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the id parameter in view-service.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://r4hn1.medium.com/journey-to-first-two-cve-by-rahul-kalnarayan-307e2e87ee26",
"url": "https://r4hn1.medium.com/journey-to-first-two-cve-by-rahul-kalnarayan-307e2e87ee26"
},
{
"refsource": "MISC",
"name": "https://github.com/r4hn1/Simple-Client-Management-System-Exploit/blob/main/CVE-2021-43509",
"url": "https://github.com/r4hn1/Simple-Client-Management-System-Exploit/blob/main/CVE-2021-43509"
}
]
}

61
2021/43xxx/CVE-2021-43510.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-43510",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-43510",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the username field in login.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://r4hn1.medium.com/journey-to-first-two-cve-by-rahul-kalnarayan-307e2e87ee26",
"url": "https://r4hn1.medium.com/journey-to-first-two-cve-by-rahul-kalnarayan-307e2e87ee26"
},
{
"refsource": "MISC",
"name": "https://github.com/r4hn1/Simple-Client-Management-System-Exploit/blob/main/CVE-2021-43510",
"url": "https://github.com/r4hn1/Simple-Client-Management-System-Exploit/blob/main/CVE-2021-43510"
}
]
}

9
2021/44xxx/CVE-2021-44451.json
View File

@ -43,7 +43,7 @@
"description_data": [
{
"lang": "eng",
"value": "Apache Superset up to and including 1.3.2 allowed for registered database connections password leak for authenticated users. This information could be accessed in a non-trivial way. Users should upgrade to Apache Superset 1.4.0 or higher."
"value": "Apache Superset up to and including 1.3.2 allowed for registered database connections password leak for authenticated users. This information could be accessed in a non-trivial way. Users should upgrade to Apache Superset 1.4.0 or higher."
}
]
},
@ -68,12 +68,13 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://lists.apache.org/thread/xww1pccs2ckb5506wrf1v4lmxg198vkb"
"refsource": "MISC",
"url": "https://lists.apache.org/thread/xww1pccs2ckb5506wrf1v4lmxg198vkb",
"name": "https://lists.apache.org/thread/xww1pccs2ckb5506wrf1v4lmxg198vkb"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}

150
2022/0xxx/CVE-2022-0220.json
View File

@ -1,79 +1,79 @@
{
"CVE_data_meta": {
"ID": "CVE-2022-0220",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "WordPress GDPR & CCPA < 1.9.27 - Unauthenticated Reflected Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "WordPress GDPR",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.9.27",
"version_value": "1.9.27"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The check_privacy_settings AJAX action of the WordPress GDPR WordPress plugin before 1.9.27, available to both unauthenticated and authenticated users, responds with JSON data without an \"application/json\" content-type. Since an HTML payload isn't properly escaped, it may be interpreted by a web browser led to this endpoint. Javascript code may be executed on a victim's browser. Due to v1.9.26 adding a CSRF check, the XSS is only exploitable against unauthenticated users (as they all share the same nonce)"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/a91a01b9-7e36-4280-bc50-f6cff3e66059",
"name": "https://wpscan.com/vulnerability/a91a01b9-7e36-4280-bc50-f6cff3e66059"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ace Candelario (@0xspade)"
"CVE_data_meta": {
"ID": "CVE-2022-0220",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "WordPress GDPR & CCPA < 1.9.27 - Unauthenticated Reflected Cross-Site Scripting"
},
{
"lang": "eng",
"value": "Victor Paynat-Sautivet (3DS Outscale SOC)"
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "WordPress GDPR",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.9.27",
"version_value": "1.9.27"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The check_privacy_settings AJAX action of the WordPress GDPR WordPress plugin before 1.9.27, available to both unauthenticated and authenticated users, responds with JSON data without an \"application/json\" content-type. Since an HTML payload isn't properly escaped, it may be interpreted by a web browser led to this endpoint. Javascript code may be executed on a victim's browser. Due to v1.9.26 adding a CSRF check, the XSS is only exploitable against unauthenticated users (as they all share the same nonce)"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/a91a01b9-7e36-4280-bc50-f6cff3e66059",
"name": "https://wpscan.com/vulnerability/a91a01b9-7e36-4280-bc50-f6cff3e66059"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ace Candelario (@0xspade)"
},
{
"lang": "eng",
"value": "Victor Paynat-Sautivet (3DS Outscale SOC)"
}
],
"source": {
"discovery": "EXTERNAL"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

134
2022/0xxx/CVE-2022-0320.json
View File

@ -1,75 +1,75 @@
{
"CVE_data_meta": {
"ID": "CVE-2022-0320",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Essential Addons for Elementor < 5.0.5 - Unauthenticated LFI"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Essential Addons for Elementor",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.0.5",
"version_value": "5.0.5"
"CVE_data_meta": {
"ID": "CVE-2022-0320",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Essential Addons for Elementor < 5.0.5 - Unauthenticated LFI"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Essential Addons for Elementor",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.0.5",
"version_value": "5.0.5"
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Essential Addons for Elementor WordPress plugin before 5.0.5 does not validate and sanitise some template data before it them in include statements, which could allow unauthenticated attackers to perform Local File Inclusion attack and read arbitrary files on the server, this could also lead to RCE via user uploaded files or other LFI to RCE techniques."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/0d02b222-e672-4ac0-a1d4-d34e1ecf4a95",
"name": "https://wpscan.com/vulnerability/0d02b222-e672-4ac0-a1d4-d34e1ecf4a95"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Essential Addons for Elementor WordPress plugin before 5.0.5 does not validate and sanitise some template data before it them in include statements, which could allow unauthenticated attackers to perform Local File Inclusion attack and read arbitrary files on the server, this could also lead to RCE via user uploaded files or other LFI to RCE techniques."
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Wai Yan Myo Thet"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/0d02b222-e672-4ac0-a1d4-d34e1ecf4a95",
"name": "https://wpscan.com/vulnerability/0d02b222-e672-4ac0-a1d4-d34e1ecf4a95"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Wai Yan Myo Thet"
}
],
"source": {
"discovery": "EXTERNAL"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

168
2022/0xxx/CVE-2022-0401.json
View File

@ -1,89 +1,89 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0401",
"STATE": "PUBLIC",
"TITLE": "Path Traversal in yuda-lyu/w-zip"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "yuda-lyu/w-zip",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "1.0.12"
}
]
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0401",
"STATE": "PUBLIC",
"TITLE": "Path Traversal in yuda-lyu/w-zip"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "yuda-lyu/w-zip",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "1.0.12"
}
]
}
}
]
},
"vendor_name": "yuda-lyu"
}
}
]
},
"vendor_name": "yuda-lyu"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Path Traversal in NPM w-zip prior to 1.0.12."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Path Traversal in NPM w-zip prior to 1.0.12."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/d93259aa-ad03-43d6-8846-a00b9f58876d",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/d93259aa-ad03-43d6-8846-a00b9f58876d"
},
{
"name": "https://github.com/yuda-lyu/w-zip/commit/d7039d034e02fa358e6656565157cedf5fa83288",
"refsource": "MISC",
"url": "https://github.com/yuda-lyu/w-zip/commit/d7039d034e02fa358e6656565157cedf5fa83288"
}
]
},
"source": {
"advisory": "d93259aa-ad03-43d6-8846-a00b9f58876d",
"discovery": "EXTERNAL"
}
}
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/d93259aa-ad03-43d6-8846-a00b9f58876d",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/d93259aa-ad03-43d6-8846-a00b9f58876d"
},
{
"name": "https://github.com/yuda-lyu/w-zip/commit/d7039d034e02fa358e6656565157cedf5fa83288",
"refsource": "MISC",
"url": "https://github.com/yuda-lyu/w-zip/commit/d7039d034e02fa358e6656565157cedf5fa83288"
}
]
},
"source": {
"advisory": "d93259aa-ad03-43d6-8846-a00b9f58876d",
"discovery": "EXTERNAL"
}
}

166
2022/0xxx/CVE-2022-0417.json
View File

@ -1,89 +1,89 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0417",
"STATE": "PUBLIC",
"TITLE": "Heap-based Buffer Overflow in vim/vim"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vim/vim",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "8.2"
}
]
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0417",
"STATE": "PUBLIC",
"TITLE": "Heap-based Buffer Overflow in vim/vim"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vim/vim",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "8.2"
}
]
}
}
]
},
"vendor_name": "vim"
}
}
]
},
"vendor_name": "vim"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based Buffer Overflow in Conda vim prior to 8.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122 Heap-based Buffer Overflow"
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based Buffer Overflow in Conda vim prior to 8.2."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/fc86bc8d-c866-4ade-8b7f-e49cec306d1a",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/fc86bc8d-c866-4ade-8b7f-e49cec306d1a"
},
{
"name": "https://github.com/vim/vim/commit/652dee448618589de5528a9e9a36995803f5557a",
"refsource": "MISC",
"url": "https://github.com/vim/vim/commit/652dee448618589de5528a9e9a36995803f5557a"
}
]
},
"source": {
"advisory": "fc86bc8d-c866-4ade-8b7f-e49cec306d1a",
"discovery": "EXTERNAL"
}
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122 Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/fc86bc8d-c866-4ade-8b7f-e49cec306d1a",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/fc86bc8d-c866-4ade-8b7f-e49cec306d1a"
},
{
"name": "https://github.com/vim/vim/commit/652dee448618589de5528a9e9a36995803f5557a",
"refsource": "MISC",
"url": "https://github.com/vim/vim/commit/652dee448618589de5528a9e9a36995803f5557a"
}
]
},
"source": {
"advisory": "fc86bc8d-c866-4ade-8b7f-e49cec306d1a",
"discovery": "EXTERNAL"
}
}

18
2022/0xxx/CVE-2022-0443.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-0443",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/0xxx/CVE-2022-0444.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-0444",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}