admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-08 19:46:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Adds CVEs

Browse Source
This commit is contained in:
erwanlr 2021-05-03 09:29:41 +02:00
parent a488f260f8
commit fe02688cf7
23 changed files with 1765 additions and 347 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

92
2021/24xxx/CVE-2021-24255.json
View File

@ -1,18 +1,80 @@
{ {
"data_type": "CVE", "CVE_data_meta": {
"data_format": "MITRE", "ID": "CVE-2021-24255",
"data_version": "4.0", "ASSIGNER": "contact@wpscan.com",
"CVE_data_meta": { "STATE": "PUBLIC",
"ID": "CVE-2021-24255", "TITLE": "Essential Addons for Elementor < 4.5.4 - Contributor+ Stored Cross-Site Scripting (XSS)"
"ASSIGNER": "cve@mitre.org", },
"STATE": "RESERVED" "data_format": "MITRE",
}, "data_type": "CVE",
"description": { "data_version": "4.0",
"description_data": [ "generator": "WPScan CVE Generator",
{ "affects": {
"lang": "eng", "vendor": {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "vendor_data": [
} {
] "vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Essential Addons for Elementor",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4.5.4",
"version_value": "4.5.4"
}
]
}
}
]
}
}
]
} }
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Essential Addons for Elementor Lite WordPress Plugin before 4.5.4 has two widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, both via a similar method."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/7fb708da-e8c4-4455-b4f9-c4ad72f877da",
"name": "https://wpscan.com/vulnerability/7fb708da-e8c4-4455-b4f9-c4ad72f877da"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
}
],
"source": {
"discovery": "UNKNOWN"
}
} }

92
2021/24xxx/CVE-2021-24256.json
View File

@ -1,18 +1,80 @@
{ {
"data_type": "CVE", "CVE_data_meta": {
"data_format": "MITRE", "ID": "CVE-2021-24256",
"data_version": "4.0", "ASSIGNER": "contact@wpscan.com",
"CVE_data_meta": { "STATE": "PUBLIC",
"ID": "CVE-2021-24256", "TITLE": "Elementor - Header, Footer & Blocks Template < 1.5.8 - Contributor+ Stored XSS"
"ASSIGNER": "cve@mitre.org", },
"STATE": "RESERVED" "data_format": "MITRE",
}, "data_type": "CVE",
"description": { "data_version": "4.0",
"description_data": [ "generator": "WPScan CVE Generator",
{ "affects": {
"lang": "eng", "vendor": {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "vendor_data": [
} {
] "vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Elementor Header, Footer & Blocks Template",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.5.8",
"version_value": "1.5.8"
}
]
}
}
]
}
}
]
} }
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The “Elementor Header, Footer & Blocks Template” WordPress Plugin before 1.5.8 has two widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/a9412fed-aed3-4931-a504-1a86f876892e",
"name": "https://wpscan.com/vulnerability/a9412fed-aed3-4931-a504-1a86f876892e"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
}
],
"source": {
"discovery": "UNKNOWN"
}
} }

92
2021/24xxx/CVE-2021-24257.json
View File

@ -1,18 +1,80 @@
{ {
"data_type": "CVE", "CVE_data_meta": {
"data_format": "MITRE", "ID": "CVE-2021-24257",
"data_version": "4.0", "ASSIGNER": "contact@wpscan.com",
"CVE_data_meta": { "STATE": "PUBLIC",
"ID": "CVE-2021-24257", "TITLE": "Premium Addons for Elementor < 4.2.8 - Contributor+ Stored Cross-Site Scripting (XSS)"
"ASSIGNER": "cve@mitre.org", },
"STATE": "RESERVED" "data_format": "MITRE",
}, "data_type": "CVE",
"description": { "data_version": "4.0",
"description_data": [ "generator": "WPScan CVE Generator",
{ "affects": {
"lang": "eng", "vendor": {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "vendor_data": [
} {
] "vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Premium Addons for Elementor",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4.2.8",
"version_value": "4.2.8"
}
]
}
}
]
}
}
]
} }
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The “Premium Addons for Elementor” WordPress Plugin before 4.2.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/4ad8314e-1cbe-4642-b4ee-aac2060f9a25",
"name": "https://wpscan.com/vulnerability/4ad8314e-1cbe-4642-b4ee-aac2060f9a25"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
}
],
"source": {
"discovery": "UNKNOWN"
}
} }

104
2021/24xxx/CVE-2021-24258.json
View File

@ -1,18 +1,92 @@
{ {
"data_type": "CVE", "CVE_data_meta": {
"data_format": "MITRE", "ID": "CVE-2021-24258",
"data_version": "4.0", "ASSIGNER": "contact@wpscan.com",
"CVE_data_meta": { "STATE": "PUBLIC",
"ID": "CVE-2021-24258", "TITLE": "ElementsKit and ElementsKit Pro < 2.2.0 - Contributor+ Stored XSS"
"ASSIGNER": "cve@mitre.org", },
"STATE": "RESERVED" "data_format": "MITRE",
}, "data_type": "CVE",
"description": { "data_version": "4.0",
"description_data": [ "generator": "WPScan CVE Generator",
{ "affects": {
"lang": "eng", "vendor": {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "vendor_data": [
} {
] "vendor_name": "Wpmet",
"product": {
"product_data": [
{
"product_name": "Elements Kit Lite",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.2.0",
"version_value": "2.2.0"
}
]
}
},
{
"product_name": "Elements Kit Pro",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.2.0",
"version_value": "2.2.0"
}
]
}
}
]
}
}
]
} }
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Elements Kit Lite and Elements Kit Pro WordPress Plugins before 2.2.0 have a number of widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/47b47b86-899b-4de3-8a3c-2d5d1774298f",
"name": "https://wpscan.com/vulnerability/47b47b86-899b-4de3-8a3c-2d5d1774298f"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
}
],
"source": {
"discovery": "UNKNOWN"
}
} }

92
2021/24xxx/CVE-2021-24259.json
View File

@ -1,18 +1,80 @@
{ {
"data_type": "CVE", "CVE_data_meta": {
"data_format": "MITRE", "ID": "CVE-2021-24259",
"data_version": "4.0", "ASSIGNER": "contact@wpscan.com",
"CVE_data_meta": { "STATE": "PUBLIC",
"ID": "CVE-2021-24259", "TITLE": "Elementor Addon Elements < 1.11.2 - Contributor+ Stored XSS"
"ASSIGNER": "cve@mitre.org", },
"STATE": "RESERVED" "data_format": "MITRE",
}, "data_type": "CVE",
"description": { "data_version": "4.0",
"description_data": [ "generator": "WPScan CVE Generator",
{ "affects": {
"lang": "eng", "vendor": {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "vendor_data": [
} {
] "vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Elementor Addon Elements",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.11.2",
"version_value": "1.11.2"
}
]
}
}
]
}
}
]
} }
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The “Elementor Addon Elements” WordPress Plugin before 1.11.2 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/0719063f-7743-4a34-94b9-f67fd98e5990",
"name": "https://wpscan.com/vulnerability/0719063f-7743-4a34-94b9-f67fd98e5990"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
}
],
"source": {
"discovery": "UNKNOWN"
}
} }

92
2021/24xxx/CVE-2021-24260.json
View File

@ -1,18 +1,80 @@
{ {
"data_type": "CVE", "CVE_data_meta": {
"data_format": "MITRE", "ID": "CVE-2021-24260",
"data_version": "4.0", "ASSIGNER": "contact@wpscan.com",
"CVE_data_meta": { "STATE": "PUBLIC",
"ID": "CVE-2021-24260", "TITLE": "Livemesh Addons for Elementor < 6.8 - Contributor+ Stored XSS"
"ASSIGNER": "cve@mitre.org", },
"STATE": "RESERVED" "data_format": "MITRE",
}, "data_type": "CVE",
"description": { "data_version": "4.0",
"description_data": [ "generator": "WPScan CVE Generator",
{ "affects": {
"lang": "eng", "vendor": {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "vendor_data": [
} {
] "vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Livemesh Addons for Elementor",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "6.8",
"version_value": "6.8"
}
]
}
}
]
}
}
]
} }
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The “Livemesh Addons for Elementor” WordPress Plugin before 6.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/fa6c7c7c-1027-4fa9-bb55-07ae2bb7f021",
"name": "https://wpscan.com/vulnerability/fa6c7c7c-1027-4fa9-bb55-07ae2bb7f021"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
}
],
"source": {
"discovery": "UNKNOWN"
}
} }

92
2021/24xxx/CVE-2021-24261.json
View File

@ -1,18 +1,80 @@
{ {
"data_type": "CVE", "CVE_data_meta": {
"data_format": "MITRE", "ID": "CVE-2021-24261",
"data_version": "4.0", "ASSIGNER": "contact@wpscan.com",
"CVE_data_meta": { "STATE": "PUBLIC",
"ID": "CVE-2021-24261", "TITLE": "HT Mega - Absolute Addons for Elementor Page Builder < 1.5.7 - Contributor+ Stored XSS"
"ASSIGNER": "cve@mitre.org", },
"STATE": "RESERVED" "data_format": "MITRE",
}, "data_type": "CVE",
"description": { "data_version": "4.0",
"description_data": [ "generator": "WPScan CVE Generator",
{ "affects": {
"lang": "eng", "vendor": {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "vendor_data": [
} {
] "vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "HT Mega Absolute Addons for Elementor Page Builder",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.5.7",
"version_value": "1.5.7"
}
]
}
}
]
}
}
]
} }
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The “HT Mega Absolute Addons for Elementor Page Builder” WordPress Plugin before 1.5.7 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/0377705d-29e9-47db-a5bb-8acaf311a38f",
"name": "https://wpscan.com/vulnerability/0377705d-29e9-47db-a5bb-8acaf311a38f"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
}
],
"source": {
"discovery": "UNKNOWN"
}
} }

92
2021/24xxx/CVE-2021-24262.json
View File

@ -1,18 +1,80 @@
{ {
"data_type": "CVE", "CVE_data_meta": {
"data_format": "MITRE", "ID": "CVE-2021-24262",
"data_version": "4.0", "ASSIGNER": "contact@wpscan.com",
"CVE_data_meta": { "STATE": "PUBLIC",
"ID": "CVE-2021-24262", "TITLE": "WooLentor - WooCommerce Elementor Addons + Builder < 1.8.6 - Contributor+ Stored XSS"
"ASSIGNER": "cve@mitre.org", },
"STATE": "RESERVED" "data_format": "MITRE",
}, "data_type": "CVE",
"description": { "data_version": "4.0",
"description_data": [ "generator": "WPScan CVE Generator",
{ "affects": {
"lang": "eng", "vendor": {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "vendor_data": [
} {
] "vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "WooLentor WooCommerce Elementor Addons + Builder",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.8.6",
"version_value": "1.8.6"
}
]
}
}
]
}
}
]
} }
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The “WooLentor WooCommerce Elementor Addons + Builder” WordPress Plugin before 1.8.6 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/d6d16357-2bc3-4053-8274-d0275026e56b",
"name": "https://wpscan.com/vulnerability/d6d16357-2bc3-4053-8274-d0275026e56b"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
}
],
"source": {
"discovery": "UNKNOWN"
}
} }

92
2021/24xxx/CVE-2021-24263.json
View File

@ -1,18 +1,80 @@
{ {
"data_type": "CVE", "CVE_data_meta": {
"data_format": "MITRE", "ID": "CVE-2021-24263",
"data_version": "4.0", "ASSIGNER": "contact@wpscan.com",
"CVE_data_meta": { "STATE": "PUBLIC",
"ID": "CVE-2021-24263", "TITLE": "PowerPack Addons for Elementor < 2.3.2 - Contributor+ Stored XSS"
"ASSIGNER": "cve@mitre.org", },
"STATE": "RESERVED" "data_format": "MITRE",
}, "data_type": "CVE",
"description": { "data_version": "4.0",
"description_data": [ "generator": "WPScan CVE Generator",
{ "affects": {
"lang": "eng", "vendor": {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "vendor_data": [
} {
] "vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "PowerPack Addons for Elementor",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.3.2",
"version_value": "2.3.2"
}
]
}
}
]
}
}
]
} }
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The “Elementor Addons PowerPack Addons for Elementor” WordPress Plugin before 2.3.2 for WordPress has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/48876006-b00f-49b7-80a1-b1d6dc2f4eec",
"name": "https://wpscan.com/vulnerability/48876006-b00f-49b7-80a1-b1d6dc2f4eec"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
}
],
"source": {
"discovery": "UNKNOWN"
}
} }

92
2021/24xxx/CVE-2021-24264.json
View File

@ -1,18 +1,80 @@
{ {
"data_type": "CVE", "CVE_data_meta": {
"data_format": "MITRE", "ID": "CVE-2021-24264",
"data_version": "4.0", "ASSIGNER": "contact@wpscan.com",
"CVE_data_meta": { "STATE": "PUBLIC",
"ID": "CVE-2021-24264", "TITLE": "Image Hover Effects - Elementor Addon < 1.3.4 - Contributor+ Stored XSS"
"ASSIGNER": "cve@mitre.org", },
"STATE": "RESERVED" "data_format": "MITRE",
}, "data_type": "CVE",
"description": { "data_version": "4.0",
"description_data": [ "generator": "WPScan CVE Generator",
{ "affects": {
"lang": "eng", "vendor": {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "vendor_data": [
} {
] "vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Image Hover Effects Elementor Addon",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.3.4",
"version_value": "1.3.4"
}
]
}
}
]
}
}
]
} }
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The “Image Hover Effects Elementor Addon” WordPress Plugin before 1.3.4 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/7fd89a49-fbb0-4308-836b-1f12dc585b1f",
"name": "https://wpscan.com/vulnerability/7fd89a49-fbb0-4308-836b-1f12dc585b1f"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
}
],
"source": {
"discovery": "UNKNOWN"
}
} }

92
2021/24xxx/CVE-2021-24265.json
View File

@ -1,18 +1,80 @@
{ {
"data_type": "CVE", "CVE_data_meta": {
"data_format": "MITRE", "ID": "CVE-2021-24265",
"data_version": "4.0", "ASSIGNER": "contact@wpscan.com",
"CVE_data_meta": { "STATE": "PUBLIC",
"ID": "CVE-2021-24265", "TITLE": "Rife Elementor Extensions & Templates < 1.1.6 - Contributor+ Stored XSS"
"ASSIGNER": "cve@mitre.org", },
"STATE": "RESERVED" "data_format": "MITRE",
}, "data_type": "CVE",
"description": { "data_version": "4.0",
"description_data": [ "generator": "WPScan CVE Generator",
{ "affects": {
"lang": "eng", "vendor": {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "vendor_data": [
} {
] "vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Rife Elementor Extensions & Templates",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.1.6",
"version_value": "1.1.6"
}
]
}
}
]
}
}
]
} }
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The “Rife Elementor Extensions & Templates” WordPress Plugin before 1.1.6 has a widget that is vulnerable to stored Cross-Site Scripting(XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/9f4771dc-80b5-49ff-9f64-bf6c36f76863",
"name": "https://wpscan.com/vulnerability/9f4771dc-80b5-49ff-9f64-bf6c36f76863"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
}
],
"source": {
"discovery": "UNKNOWN"
}
} }

92
2021/24xxx/CVE-2021-24266.json
View File

@ -1,18 +1,80 @@
{ {
"data_type": "CVE", "CVE_data_meta": {
"data_format": "MITRE", "ID": "CVE-2021-24266",
"data_version": "4.0", "ASSIGNER": "contact@wpscan.com",
"CVE_data_meta": { "STATE": "PUBLIC",
"ID": "CVE-2021-24266", "TITLE": "The Plus Addons for Elementor Page Builder Lite < 2.0.6 - Contributor+ Stored XSS"
"ASSIGNER": "cve@mitre.org", },
"STATE": "RESERVED" "data_format": "MITRE",
}, "data_type": "CVE",
"description": { "data_version": "4.0",
"description_data": [ "generator": "WPScan CVE Generator",
{ "affects": {
"lang": "eng", "vendor": {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "vendor_data": [
} {
] "vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "The Plus Addons for Elementor Page Builder Lite",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.0.6",
"version_value": "2.0.6"
}
]
}
}
]
}
}
]
} }
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The “The Plus Addons for Elementor Page Builder Lite” WordPress Plugin before 2.0.6 has four widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/78014ddd-1cc2-4723-8194-4bf478888578",
"name": "https://wpscan.com/vulnerability/78014ddd-1cc2-4723-8194-4bf478888578"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
}
],
"source": {
"discovery": "UNKNOWN"
}
} }

92
2021/24xxx/CVE-2021-24267.json
View File

@ -1,18 +1,80 @@
{ {
"data_type": "CVE", "CVE_data_meta": {
"data_format": "MITRE", "ID": "CVE-2021-24267",
"data_version": "4.0", "ASSIGNER": "contact@wpscan.com",
"CVE_data_meta": { "STATE": "PUBLIC",
"ID": "CVE-2021-24267", "TITLE": "All-in-One Addons for Elementor - WidgetKit < 2.3.10 - Contributor+ Stored XSS"
"ASSIGNER": "cve@mitre.org", },
"STATE": "RESERVED" "data_format": "MITRE",
}, "data_type": "CVE",
"description": { "data_version": "4.0",
"description_data": [ "generator": "WPScan CVE Generator",
{ "affects": {
"lang": "eng", "vendor": {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "vendor_data": [
} {
] "vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "All-in-One Addons for Elementor WidgetKit",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.3.10",
"version_value": "2.3.10"
}
]
}
}
]
}
}
]
} }
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The “All-in-One Addons for Elementor WidgetKit” WordPress Plugin before 2.3.10 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/0c96f3a1-d192-481f-9035-5393f4aadc19",
"name": "https://wpscan.com/vulnerability/0c96f3a1-d192-481f-9035-5393f4aadc19"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
}
],
"source": {
"discovery": "UNKNOWN"
}
} }

92
2021/24xxx/CVE-2021-24268.json
View File

@ -1,18 +1,80 @@
{ {
"data_type": "CVE", "CVE_data_meta": {
"data_format": "MITRE", "ID": "CVE-2021-24268",
"data_version": "4.0", "ASSIGNER": "contact@wpscan.com",
"CVE_data_meta": { "STATE": "PUBLIC",
"ID": "CVE-2021-24268", "TITLE": "JetWidgets For Elementor < 1.0.9 - Contributor+ Stored XSS"
"ASSIGNER": "cve@mitre.org", },
"STATE": "RESERVED" "data_format": "MITRE",
}, "data_type": "CVE",
"description": { "data_version": "4.0",
"description_data": [ "generator": "WPScan CVE Generator",
{ "affects": {
"lang": "eng", "vendor": {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "vendor_data": [
} {
] "vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "JetWidgets For Elementor",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.0.9",
"version_value": "1.0.9"
}
]
}
}
]
}
}
]
} }
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The “JetWidgets For Elementor” WordPress Plugin before 1.0.9 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/68ecb965-2a9d-4e67-b069-c3dbfb14016b",
"name": "https://wpscan.com/vulnerability/68ecb965-2a9d-4e67-b069-c3dbfb14016b"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
}
],
"source": {
"discovery": "UNKNOWN"
}
} }

92
2021/24xxx/CVE-2021-24269.json
View File

@ -1,18 +1,80 @@
{ {
"data_type": "CVE", "CVE_data_meta": {
"data_format": "MITRE", "ID": "CVE-2021-24269",
"data_version": "4.0", "ASSIGNER": "contact@wpscan.com",
"CVE_data_meta": { "STATE": "PUBLIC",
"ID": "CVE-2021-24269", "TITLE": "Sina Extension for Elementor < 3.3.12 - Contributor+ Stored XSS"
"ASSIGNER": "cve@mitre.org", },
"STATE": "RESERVED" "data_format": "MITRE",
}, "data_type": "CVE",
"description": { "data_version": "4.0",
"description_data": [ "generator": "WPScan CVE Generator",
{ "affects": {
"lang": "eng", "vendor": {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "vendor_data": [
} {
] "vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Sina Extension for Elementor",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.3.12",
"version_value": "3.3.12"
}
]
}
}
]
}
}
]
} }
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The “Sina Extension for Elementor” WordPress Plugin before 3.3.12 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/df953a91-f1d8-42e9-8966-f2012d4f97c9",
"name": "https://wpscan.com/vulnerability/df953a91-f1d8-42e9-8966-f2012d4f97c9"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
}
],
"source": {
"discovery": "UNKNOWN"
}
} }

92
2021/24xxx/CVE-2021-24270.json
View File

@ -1,18 +1,80 @@
{ {
"data_type": "CVE", "CVE_data_meta": {
"data_format": "MITRE", "ID": "CVE-2021-24270",
"data_version": "4.0", "ASSIGNER": "contact@wpscan.com",
"CVE_data_meta": { "STATE": "PUBLIC",
"ID": "CVE-2021-24270", "TITLE": "DethemeKit For Elementor < 1.5.5.5 - Contributor+ Stored XSS"
"ASSIGNER": "cve@mitre.org", },
"STATE": "RESERVED" "data_format": "MITRE",
}, "data_type": "CVE",
"description": { "data_version": "4.0",
"description_data": [ "generator": "WPScan CVE Generator",
{ "affects": {
"lang": "eng", "vendor": {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "vendor_data": [
} {
] "vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "DethemeKit For Elementor",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.5.5.5",
"version_value": "1.5.5.5"
}
]
}
}
]
}
}
]
} }
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The “DeTheme Kit for Elementor” WordPress Plugin before 1.5.5.5 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/67967784-18b6-4e41-9597-3a4c051f3978",
"name": "https://wpscan.com/vulnerability/67967784-18b6-4e41-9597-3a4c051f3978"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
}
],
"source": {
"discovery": "UNKNOWN"
}
} }

92
2021/24xxx/CVE-2021-24271.json
View File

@ -1,18 +1,80 @@
{ {
"data_type": "CVE", "CVE_data_meta": {
"data_format": "MITRE", "ID": "CVE-2021-24271",
"data_version": "4.0", "ASSIGNER": "contact@wpscan.com",
"CVE_data_meta": { "STATE": "PUBLIC",
"ID": "CVE-2021-24271", "TITLE": "Ultimate Addons for Elementor < 1.30.0 - Contributor+ Stored XSS"
"ASSIGNER": "cve@mitre.org", },
"STATE": "RESERVED" "data_format": "MITRE",
}, "data_type": "CVE",
"description": { "data_version": "4.0",
"description_data": [ "generator": "WPScan CVE Generator",
{ "affects": {
"lang": "eng", "vendor": {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "vendor_data": [
} {
] "vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Ultimate Addons for Elementor",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.30.0",
"version_value": "1.30.0"
}
]
}
}
]
}
}
]
} }
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The “Ultimate Addons for Elementor” WordPress Plugin before 1.30.0 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/1ce8e188-6ded-413e-b4d1-bf80258acf79",
"name": "https://wpscan.com/vulnerability/1ce8e188-6ded-413e-b4d1-bf80258acf79"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
}
],
"source": {
"discovery": "UNKNOWN"
}
} }

87
2021/24xxx/CVE-2021-24272.json
View File

@ -1,18 +1,75 @@
{ {
"data_type": "CVE", "CVE_data_meta": {
"data_format": "MITRE", "ID": "CVE-2021-24272",
"data_version": "4.0", "ASSIGNER": "contact@wpscan.com",
"CVE_data_meta": { "STATE": "PUBLIC",
"ID": "CVE-2021-24272", "TITLE": "Fitness Calculators < 1.9.6 - Cross-Site Request Forgery to Cross-Site Scripting (XSS)"
"ASSIGNER": "cve@mitre.org", },
"STATE": "RESERVED" "data_format": "MITRE",
}, "data_type": "CVE",
"description": { "data_version": "4.0",
"description_data": [ "generator": "WPScan CVE Generator",
{ "affects": {
"lang": "eng", "vendor": {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "vendor_data": [
} {
] "vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "fitness calculators",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.9.6",
"version_value": "1.9.6"
}
]
}
}
]
}
}
]
} }
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The fitness calculators WordPress plugin before 1.9.6 add calculators for Water intake, BMI calculator, protein Intake, and Body Fat and was lacking CSRF check, allowing attackers to make logged in users perform unwanted actions, such as change the calculator headers. Due to the lack of sanitisation, this could also lead to a Stored Cross-Site Scripting issue"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/e643040b-1f3b-4c13-8a20-acfd069dcc4f",
"name": "https://wpscan.com/vulnerability/e643040b-1f3b-4c13-8a20-acfd069dcc4f"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "0xB9"
}
],
"source": {
"discovery": "UNKNOWN"
}
} }

94
2021/24xxx/CVE-2021-24273.json
View File

@ -1,18 +1,80 @@
{ {
"data_type": "CVE", "CVE_data_meta": {
"data_format": "MITRE", "ID": "CVE-2021-24273",
"data_version": "4.0", "ASSIGNER": "contact@wpscan.com",
"CVE_data_meta": { "STATE": "PUBLIC",
"ID": "CVE-2021-24273", "TITLE": "Clever Addons for Elementor < 2.1.0 - Contributor+ Stored XSS"
"ASSIGNER": "cve@mitre.org", },
"STATE": "RESERVED" "data_format": "MITRE",
}, "data_type": "CVE",
"description": { "data_version": "4.0",
"description_data": [ "generator": "WPScan CVE Generator",
{ "affects": {
"lang": "eng", "vendor": {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "vendor_data": [
} {
] "vendor_name": "CleverSoft",
"product": {
"product_data": [
{
"product_name": "Clever Addons for Elementor",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.1.0",
"version_value": "2.1.0"
}
]
}
}
]
}
}
]
} }
} },
"description": {
"description_data": [
{
"lang": "eng",
"value": "The “Clever Addons for Elementor” WordPress Plugin before 2.1.0 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/70ddb3fd-d819-4d85-9f8b-1451a3e3e5a6",
"name": "https://wpscan.com/vulnerability/70ddb3fd-d819-4d85-9f8b-1451a3e3e5a6"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

87
2021/24xxx/CVE-2021-24274.json
View File

@ -1,18 +1,75 @@
{ {
"data_type": "CVE", "CVE_data_meta": {
"data_format": "MITRE", "ID": "CVE-2021-24274",
"data_version": "4.0", "ASSIGNER": "contact@wpscan.com",
"CVE_data_meta": { "STATE": "PUBLIC",
"ID": "CVE-2021-24274", "TITLE": "Ultimate Maps by Supsystic < 1.2.5 - Reflected Cross-Site scripting (XSS)"
"ASSIGNER": "cve@mitre.org", },
"STATE": "RESERVED" "data_format": "MITRE",
}, "data_type": "CVE",
"description": { "data_version": "4.0",
"description_data": [ "generator": "WPScan CVE Generator",
{ "affects": {
"lang": "eng", "vendor": {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "vendor_data": [
} {
] "vendor_name": "Supsystic",
"product": {
"product_data": [
{
"product_name": "Ultimate Maps by Supsystic",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.2.5",
"version_value": "1.2.5"
}
]
}
}
]
}
}
]
} }
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Ultimate Maps by Supsystic WordPress plugin before 1.2.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/200a3031-7c42-4189-96b1-bed9e0ab7c1d",
"name": "https://wpscan.com/vulnerability/200a3031-7c42-4189-96b1-bed9e0ab7c1d"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "0xB9"
}
],
"source": {
"discovery": "UNKNOWN"
}
} }

87
2021/24xxx/CVE-2021-24275.json
View File

@ -1,18 +1,75 @@
{ {
"data_type": "CVE", "CVE_data_meta": {
"data_format": "MITRE", "ID": "CVE-2021-24275",
"data_version": "4.0", "ASSIGNER": "contact@wpscan.com",
"CVE_data_meta": { "STATE": "PUBLIC",
"ID": "CVE-2021-24275", "TITLE": "Popup by Supsystic < 1.10.5 - Reflected Cross-Site scripting (XSS)"
"ASSIGNER": "cve@mitre.org", },
"STATE": "RESERVED" "data_format": "MITRE",
}, "data_type": "CVE",
"description": { "data_version": "4.0",
"description_data": [ "generator": "WPScan CVE Generator",
{ "affects": {
"lang": "eng", "vendor": {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "vendor_data": [
} {
] "vendor_name": "Supsystic",
"product": {
"product_data": [
{
"product_name": "Popup by Supsystic",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.10.5",
"version_value": "1.10.5"
}
]
}
}
]
}
}
]
} }
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Popup by Supsystic WordPress plugin before 1.10.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/efdc76e0-c14a-4baf-af70-9d381107308f",
"name": "https://wpscan.com/vulnerability/efdc76e0-c14a-4baf-af70-9d381107308f"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "0xB9"
}
],
"source": {
"discovery": "UNKNOWN"
}
} }

87
2021/24xxx/CVE-2021-24276.json
View File

@ -1,18 +1,75 @@
{ {
"data_type": "CVE", "CVE_data_meta": {
"data_format": "MITRE", "ID": "CVE-2021-24276",
"data_version": "4.0", "ASSIGNER": "contact@wpscan.com",
"CVE_data_meta": { "STATE": "PUBLIC",
"ID": "CVE-2021-24276", "TITLE": "Contact Form by Supsystic < 1.7.15 - Reflected Cross-Site scripting (XSS)"
"ASSIGNER": "cve@mitre.org", },
"STATE": "RESERVED" "data_format": "MITRE",
}, "data_type": "CVE",
"description": { "data_version": "4.0",
"description_data": [ "generator": "WPScan CVE Generator",
{ "affects": {
"lang": "eng", "vendor": {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "vendor_data": [
} {
] "vendor_name": "Supsystic",
"product": {
"product_data": [
{
"product_name": "Contact Form by Supsystic",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.7.15",
"version_value": "1.7.15"
}
]
}
}
]
}
}
]
} }
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Contact Form by Supsystic WordPress plugin before 1.7.15 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/1301123c-5e63-432a-ab90-3221ca532d9c",
"name": "https://wpscan.com/vulnerability/1301123c-5e63-432a-ab90-3221ca532d9c"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "0xB9"
}
],
"source": {
"discovery": "UNKNOWN"
}
} }

94
2021/24xxx/CVE-2021-24293.json
View File

@ -1,18 +1,80 @@
{ {
"data_type": "CVE", "CVE_data_meta": {
"data_format": "MITRE", "ID": "CVE-2021-24293",
"data_version": "4.0", "ASSIGNER": "contact@wpscan.com",
"CVE_data_meta": { "STATE": "PUBLIC",
"ID": "CVE-2021-24293", "TITLE": "NextGEN Gallery Pro < 3.1.11 - Reflected Cross-Site Scripting (XSS)"
"ASSIGNER": "cve@mitre.org", },
"STATE": "RESERVED" "data_format": "MITRE",
}, "data_type": "CVE",
"description": { "data_version": "4.0",
"description_data": [ "generator": "WPScan CVE Generator",
{ "affects": {
"lang": "eng", "vendor": {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "vendor_data": [
} {
] "vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "NextGen Gallery Pro",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.1.11",
"version_value": "3.1.11"
}
]
}
}
]
}
}
]
} }
} },
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the eCommerce module of the NextGEN Gallery Pro WordPress plugin before 3.1.11, there is an action to call get_cart_items via photocrati_ajax , after that the settings[shipping_address][name] is able to inject malicious javascript."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/5e1a4725-3d20-44b0-8a35-bbf4263957f7",
"name": "https://wpscan.com/vulnerability/5e1a4725-3d20-44b0-8a35-bbf4263957f7"
},
{
"refsource": "MISC",
"url": "https://www.imagely.com/wordpress-gallery-plugin/nextgen-pro/changelog/",
"name": "https://www.imagely.com/wordpress-gallery-plugin/nextgen-pro/changelog/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "mgthuramoemyint"
}
],
"source": {
"discovery": "UNKNOWN"
}
}