admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Adds CVEs

Browse Source
This commit is contained in:
erwanlr 2021-11-29 09:23:33 +01:00
parent 503918b2cb
commit f98ad16793
19 changed files with 1402 additions and 289 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

92
2017/20xxx/CVE-2017-20008.json
View File

@ -1,18 +1,80 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-20008",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2017-20008",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "myCRED < 1.7.8 - Reflected Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "myCred Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.7.8",
"version_value": "1.7.8"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The myCred WordPress plugin before 1.7.8 does not sanitise and escape the user parameter before outputting it back in the Points Log admin dashboard, leading to a Reflected Cross-Site Scripting"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/3175c56d-27bb-4bf1-b6ba-737541483d40",
"name": "https://wpscan.com/vulnerability/3175c56d-27bb-4bf1-b6ba-737541483d40"
},
{
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/1639363/mycred",
"name": "https://plugins.trac.wordpress.org/changeset/1639363/mycred"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Jeremie Amsellem"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

87
2021/24xxx/CVE-2021-24745.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24745",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24745",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "About Author Box < 1.0.2 - Contributor+ Stored Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "About Author Box",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.0.2",
"version_value": "1.0.2"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The About Author Box WordPress plugin before 1.0.2 does not sanitise and escape the Social Profiles field values before outputting them in attributes, which could allow user with a role as low as contributor to perform Cross-Site Scripting attacks."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/a965aeca-d8f9-4070-aa0d-9c9b95493dda",
"name": "https://wpscan.com/vulnerability/a965aeca-d8f9-4070-aa0d-9c9b95493dda"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Francesco Carlucci"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

87
2021/24xxx/CVE-2021-24748.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24748",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24748",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Email Before Download < 6.8 - Admin+ SQL Injection"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Email Before Download",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "6.8",
"version_value": "6.8"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Email Before Download WordPress plugin before 6.8 does not properly validate and escape the order and orderby GET parameters before using them in SQL statements, leading to authenticated SQL injection issues"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/a8625b84-337d-4c4d-a698-73e59d1f8ee1",
"name": "https://wpscan.com/vulnerability/a8625b84-337d-4c4d-a698-73e59d1f8ee1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-89 SQL Injection",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "bl4derunner"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

87
2021/24xxx/CVE-2021-24749.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24749",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24749",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "URL Shortify < 1.5.1 - Arbitrary Link/Group Deletion via CSRF"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "URL Shortify Simple, Powerful and Easy URL Shortener Plugin For WordPress",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.5.1",
"version_value": "1.5.1"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The URL Shortify WordPress plugin before 1.5.1 does not have CSRF check in place when bulk-deleting links or groups, which could allow attackers to make a logged in admin delete arbitrary link and group via a CSRF attack."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/4b4e417d-0ae2-4c3c-81e6-4dcf39eb5697",
"name": "https://wpscan.com/vulnerability/4b4e417d-0ae2-4c3c-81e6-4dcf39eb5697"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "apple502j"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

87
2021/24xxx/CVE-2021-24751.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24751",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24751",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "GenerateBlocks < 1.4.0 - Contributor+ Stored Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "GenerateBlocks",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.4.0",
"version_value": "1.4.0"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The GenerateBlocks WordPress plugin before 1.4.0 does not validate the generateblocks/container block's tagName attribute, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/e0131980-d2d3-4780-8a68-a81ee8c90b7a",
"name": "https://wpscan.com/vulnerability/e0131980-d2d3-4780-8a68-a81ee8c90b7a"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "apple502j"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

87
2021/24xxx/CVE-2021-24755.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24755",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24755",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "myCred < 2.3 - Subscriber+ SQL Injection"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "myCred Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.3",
"version_value": "2.3"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The myCred WordPress plugin before 2.3 does not validate or escape the fields parameter before using it in a SQL statement, leading to an SQL injection exploitable by any authenticated user"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/01419d03-54d6-413d-9a67-64c63c26d741",
"name": "https://wpscan.com/vulnerability/01419d03-54d6-413d-9a67-64c63c26d741"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-89 SQL Injection",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "bl4derunner"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

87
2021/24xxx/CVE-2021-24768.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24768",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24768",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "WP RSS Aggregator < 4.19.2 - Admin+ Stored Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "WP RSS Aggregator News Feeds, Autoblogging, Youtube Video Feeds and More",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4.19.2",
"version_value": "4.19.2"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WP RSS Aggregator WordPress plugin before 4.19.2 does not properly sanitise and escape the URL to Blacklist field, allowing malicious HTML to be inserted by high privilege users even when the unfiltered_html capability is disallowed, which could lead to Cross-Site Scripting issues."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/3673e13f-7ce6-4d72-b179-ae4bab55514c",
"name": "https://wpscan.com/vulnerability/3673e13f-7ce6-4d72-b179-ae4bab55514c"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Huy Nguyen"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

87
2021/24xxx/CVE-2021-24811.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24811",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24811",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Shop Page WP < 1.2.8 - Admin+ Stored Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Shop Page WP",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.2.8",
"version_value": "1.2.8"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Shop Page WP WordPress plugin before 1.2.8 does not sanitise and escape some of the Product fields, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/000e65f1-89cd-4dd5-a09d-5febd9fdfbdb",
"name": "https://wpscan.com/vulnerability/000e65f1-89cd-4dd5-a09d-5febd9fdfbdb"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Mika"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

87
2021/24xxx/CVE-2021-24822.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24822",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24822",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Stylish Cost Calculator < 7.04 - Subscriber+ Unauthorised AJAX Calls to Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Stylish Cost Calculator",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "7.0.4",
"version_value": "7.0.4"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Stylish Cost Calculator WordPress plugin before 7.0.4 does not have any authorisation and CSRF checks on some of its AJAX actions (available to authenticated users), which could allow any authenticated users, such as subscriber to call them, and perform Stored Cross-Site Scripting attacks against logged in admin, as well as frontend users due to the lack of sanitisation and escaping in some parameters"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/db84a782-d4c8-4abf-99ea-ea672a9b806e",
"name": "https://wpscan.com/vulnerability/db84a782-d4c8-4abf-99ea-ea672a9b806e"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-862 Missing Authorization",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "apple502j"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

92
2021/24xxx/CVE-2021-24842.json
View File

@ -1,18 +1,80 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24842",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24842",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Bulk Datetime Change < 1.12 - Missing Authorisation"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Bulk Datetime Change",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.12",
"version_value": "1.12"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Bulk Datetime Change WordPress plugin before 1.12 does not enforce capability checks which allows users with Contributor roles to 1) list private post titles of other users and 2) change the posted date of other users' posts."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/054bd981-dbdd-47dd-bad0-fa327e5860a2",
"name": "https://wpscan.com/vulnerability/054bd981-dbdd-47dd-bad0-fa327e5860a2"
},
{
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2618982",
"name": "https://plugins.trac.wordpress.org/changeset/2618982"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-862 Missing Authorization",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "apple502j"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

87
2021/24xxx/CVE-2021-24860.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24860",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24860",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "BSK PDF Manager < 3.1.2 - Admin+ SQL Injection"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "BSK PDF Manager",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.1.2",
"version_value": "3.1.2"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The BSK PDF Manager WordPress plugin before 3.1.2 does not validate and escape the orderby and order parameters before using them in a SQL statement, leading to a SQL injection issue"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/d5891973-37d0-48cb-a5a3-a26c771b3369",
"name": "https://wpscan.com/vulnerability/d5891973-37d0-48cb-a5a3-a26c771b3369"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-89 SQL Injection",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "JrXnm"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

87
2021/24xxx/CVE-2021-24876.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24876",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24876",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Registrations for The Events Calendar < 2.7.5 - Reflected Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Registrations for the Events Calendar Event Registration Plugin",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.7.5",
"version_value": "2.7.5"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Registrations for the Events Calendar WordPress plugin before 2.7.5 does not escape the v parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/e77c2493-993d-418d-9629-a1f07b5a2b6f",
"name": "https://wpscan.com/vulnerability/e77c2493-993d-418d-9629-a1f07b5a2b6f"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "JrXnm"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

97
2021/24xxx/CVE-2021-24883.json
View File

@ -1,18 +1,85 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24883",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24883",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Popup Anything < 2.0.4 - Contributor+ Stored Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Popup Anything A Marketing Popup",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.0.4",
"version_value": "2.0.4"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Popup Anything WordPress plugin before 2.0.4 does not escape the Link Text and Button Text fields of Popup, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/c5dd3812-ea20-4e05-a5d3-84830b452822",
"name": "https://wpscan.com/vulnerability/c5dd3812-ea20-4e05-a5d3-84830b452822"
},
{
"refsource": "MISC",
"url": "https://www.fortiguard.com/zeroday/FG-VD-21-069",
"name": "https://www.fortiguard.com/zeroday/FG-VD-21-069"
},
{
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2610975",
"name": "https://plugins.trac.wordpress.org/changeset/2610975"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Vishnupriya ilango"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

87
2021/24xxx/CVE-2021-24889.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24889",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24889",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Ninja Forms < 3.6.4 - Admin+ SQL Injection"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Ninja Forms Contact Form The Drag and Drop Form Builder for WordPress",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.6.4",
"version_value": "3.6.4"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Ninja Forms Contact Form WordPress plugin before 3.6.4 does not escape keys of the fields POST parameter, which could allow high privilege users to perform SQL injections attacks"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/55008a42-eb56-436c-bce0-10ee616d0495",
"name": "https://wpscan.com/vulnerability/55008a42-eb56-436c-bce0-10ee616d0495"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-89 SQL Injection",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "JrXnm"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

87
2021/24xxx/CVE-2021-24899.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24899",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24899",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Media-Tags <= 3.2.0.2 - Admin+ Stored Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Media Tags",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "3.2.0.2",
"version_value": "3.2.0.2"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Media-Tags WordPress plugin through 3.2.0.2 does not sanitise and escape any of its Labels settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_htnl capability is disallowed."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/cf4b266c-d68e-4add-892a-d01a31987a4b",
"name": "https://wpscan.com/vulnerability/cf4b266c-d68e-4add-892a-d01a31987a4b"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Akash Rajendra Patil"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

87
2021/24xxx/CVE-2021-24908.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24908",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24908",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Check & Log Email < 1.0.4 - Reflected Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Check & Log Email",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.0.4",
"version_value": "1.0.4"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Check & Log Email WordPress plugin before 1.0.4 does not escape the d parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/77f50129-4b1f-4e50-8321-9dd32deba6e1",
"name": "https://wpscan.com/vulnerability/77f50129-4b1f-4e50-8321-9dd32deba6e1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "JrXnm"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

92
2021/24xxx/CVE-2021-24915.json
View File

@ -1,18 +1,80 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24915",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24915",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Contest Gallery < 13.1.0.6 - Missing Access Controls to Unauthenticated SQL injection / Email Address Disclosure"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Contest Gallery Photo Contest Plugin for WordPress",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "13.1.0.6",
"version_value": "13.1.0.6"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Contest Gallery WordPress plugin before 13.1.0.6 does not have capability checks and does not sanitise or escape the cg-search-user-name-original parameter before using it in a SQL statement when exporting users from a gallery, which could allow unauthenticated to perform SQL injections attacks, as well as get the list of all users registered on the blog, including their username and email address"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/45ee86a7-1497-4c81-98b8-9a8e5b3d4fac",
"name": "https://wpscan.com/vulnerability/45ee86a7-1497-4c81-98b8-9a8e5b3d4fac"
},
{
"refsource": "MISC",
"url": "https://gist.github.com/tpmiller87/6c05596fe27dd6f69f1aaba4cbb9c917",
"name": "https://gist.github.com/tpmiller87/6c05596fe27dd6f69f1aaba4cbb9c917"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-862 Missing Authorization",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Tyler Miller"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

92
2021/24xxx/CVE-2021-24918.json
View File

@ -1,18 +1,80 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24918",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24918",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Smash Balloon Social Post Feed < 4.0.1 - Subscriber+ Arbitrary Plugin Settings Update to Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Smash Balloon Social Post Feed",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4.0.1",
"version_value": "4.0.1"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Smash Balloon Social Post Feed WordPress plugin before 4.0.1 did not have any privilege or nonce validation before saving the plugin's setting. As a result, any logged-in user on a vulnerable site could update the settings and store rogue JavaScript on each of its posts and pages."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/5d252ad7-bf28-44f3-8cd0-c4fe05c48f35",
"name": "https://wpscan.com/vulnerability/5d252ad7-bf28-44f3-8cd0-c4fe05c48f35"
},
{
"refsource": "MISC",
"url": "https://jetpack.com/2021/10/29/security-issues-patched-in-smash-balloon-social-post-feed-plugin/",
"name": "https://jetpack.com/2021/10/29/security-issues-patched-in-smash-balloon-social-post-feed-plugin/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-284 Improper Access Control",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Marc Montpas"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

87
2021/24xxx/CVE-2021-24927.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24927",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24927",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "My Calendar < 3.2.18 - Subscriber+ Reflected Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "My Calendar",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.2.18",
"version_value": "3.2.18"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The My Calendar WordPress plugin before 3.2.18 does not sanitise and escape the callback parameter of the mc_post_lookup AJAX action (available to any authenticated user) before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/86f3acc7-8902-4215-bd75-6105d601524e",
"name": "https://wpscan.com/vulnerability/86f3acc7-8902-4215-bd75-6105d601524e"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Krzysztof Zając"
}
],
"source": {
"discovery": "EXTERNAL"
}
}