admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-08 11:37:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

Adds CVEs

Browse Source
This commit is contained in:
erwanlr 2021-05-03 09:29:41 +02:00
parent a488f260f8
commit fe02688cf7
23 changed files with 1765 additions and 347 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
2021/24xxx/CVE-2021-24255.json
View File

@ -1,18 +1,80 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24255",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Essential Addons for Elementor < 4.5.4 - Contributor+ Stored Cross-Site Scripting (XSS)"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Essential Addons for Elementor",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4.5.4",
"version_value": "4.5.4"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Essential Addons for Elementor Lite WordPress Plugin before 4.5.4 has two widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, both via a similar method."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/7fb708da-e8c4-4455-b4f9-c4ad72f877da",
"name": "https://wpscan.com/vulnerability/7fb708da-e8c4-4455-b4f9-c4ad72f877da"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

74
2021/24xxx/CVE-2021-24256.json
View File

@ -1,18 +1,80 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24256",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Elementor - Header, Footer & Blocks Template < 1.5.8 - Contributor+ Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Elementor Header, Footer & Blocks Template",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.5.8",
"version_value": "1.5.8"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The “Elementor Header, Footer & Blocks Template” WordPress Plugin before 1.5.8 has two widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/a9412fed-aed3-4931-a504-1a86f876892e",
"name": "https://wpscan.com/vulnerability/a9412fed-aed3-4931-a504-1a86f876892e"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

74
2021/24xxx/CVE-2021-24257.json
View File

@ -1,18 +1,80 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24257",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Premium Addons for Elementor < 4.2.8 - Contributor+ Stored Cross-Site Scripting (XSS)"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Premium Addons for Elementor",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4.2.8",
"version_value": "4.2.8"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The “Premium Addons for Elementor” WordPress Plugin before 4.2.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/4ad8314e-1cbe-4642-b4ee-aac2060f9a25",
"name": "https://wpscan.com/vulnerability/4ad8314e-1cbe-4642-b4ee-aac2060f9a25"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

86
2021/24xxx/CVE-2021-24258.json
View File

@ -1,18 +1,92 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24258",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "ElementsKit and ElementsKit Pro < 2.2.0 - Contributor+ Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Wpmet",
"product": {
"product_data": [
{
"product_name": "Elements Kit Lite",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.2.0",
"version_value": "2.2.0"
}
]
}
},
{
"product_name": "Elements Kit Pro",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.2.0",
"version_value": "2.2.0"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Elements Kit Lite and Elements Kit Pro WordPress Plugins before 2.2.0 have a number of widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/47b47b86-899b-4de3-8a3c-2d5d1774298f",
"name": "https://wpscan.com/vulnerability/47b47b86-899b-4de3-8a3c-2d5d1774298f"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

74
2021/24xxx/CVE-2021-24259.json
View File

@ -1,18 +1,80 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24259",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Elementor Addon Elements < 1.11.2 - Contributor+ Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Elementor Addon Elements",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.11.2",
"version_value": "1.11.2"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The “Elementor Addon Elements” WordPress Plugin before 1.11.2 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/0719063f-7743-4a34-94b9-f67fd98e5990",
"name": "https://wpscan.com/vulnerability/0719063f-7743-4a34-94b9-f67fd98e5990"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

74
2021/24xxx/CVE-2021-24260.json
View File

@ -1,18 +1,80 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24260",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Livemesh Addons for Elementor < 6.8 - Contributor+ Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Livemesh Addons for Elementor",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "6.8",
"version_value": "6.8"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The “Livemesh Addons for Elementor” WordPress Plugin before 6.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/fa6c7c7c-1027-4fa9-bb55-07ae2bb7f021",
"name": "https://wpscan.com/vulnerability/fa6c7c7c-1027-4fa9-bb55-07ae2bb7f021"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

74
2021/24xxx/CVE-2021-24261.json
View File

@ -1,18 +1,80 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24261",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "HT Mega - Absolute Addons for Elementor Page Builder < 1.5.7 - Contributor+ Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "HT Mega Absolute Addons for Elementor Page Builder",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.5.7",
"version_value": "1.5.7"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The “HT Mega Absolute Addons for Elementor Page Builder” WordPress Plugin before 1.5.7 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/0377705d-29e9-47db-a5bb-8acaf311a38f",
"name": "https://wpscan.com/vulnerability/0377705d-29e9-47db-a5bb-8acaf311a38f"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

74
2021/24xxx/CVE-2021-24262.json
View File

@ -1,18 +1,80 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24262",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "WooLentor - WooCommerce Elementor Addons + Builder < 1.8.6 - Contributor+ Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "WooLentor WooCommerce Elementor Addons + Builder",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.8.6",
"version_value": "1.8.6"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The “WooLentor WooCommerce Elementor Addons + Builder” WordPress Plugin before 1.8.6 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/d6d16357-2bc3-4053-8274-d0275026e56b",
"name": "https://wpscan.com/vulnerability/d6d16357-2bc3-4053-8274-d0275026e56b"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

74
2021/24xxx/CVE-2021-24263.json
View File

@ -1,18 +1,80 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24263",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "PowerPack Addons for Elementor < 2.3.2 - Contributor+ Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "PowerPack Addons for Elementor",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.3.2",
"version_value": "2.3.2"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The “Elementor Addons PowerPack Addons for Elementor” WordPress Plugin before 2.3.2 for WordPress has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/48876006-b00f-49b7-80a1-b1d6dc2f4eec",
"name": "https://wpscan.com/vulnerability/48876006-b00f-49b7-80a1-b1d6dc2f4eec"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

74
2021/24xxx/CVE-2021-24264.json
View File

@ -1,18 +1,80 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24264",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Image Hover Effects - Elementor Addon < 1.3.4 - Contributor+ Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Image Hover Effects Elementor Addon",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.3.4",
"version_value": "1.3.4"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The “Image Hover Effects Elementor Addon” WordPress Plugin before 1.3.4 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/7fd89a49-fbb0-4308-836b-1f12dc585b1f",
"name": "https://wpscan.com/vulnerability/7fd89a49-fbb0-4308-836b-1f12dc585b1f"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

74
2021/24xxx/CVE-2021-24265.json
View File

@ -1,18 +1,80 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24265",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Rife Elementor Extensions & Templates < 1.1.6 - Contributor+ Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Rife Elementor Extensions & Templates",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.1.6",
"version_value": "1.1.6"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The “Rife Elementor Extensions & Templates” WordPress Plugin before 1.1.6 has a widget that is vulnerable to stored Cross-Site Scripting(XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/9f4771dc-80b5-49ff-9f64-bf6c36f76863",
"name": "https://wpscan.com/vulnerability/9f4771dc-80b5-49ff-9f64-bf6c36f76863"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

74
2021/24xxx/CVE-2021-24266.json
View File

@ -1,18 +1,80 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24266",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "The Plus Addons for Elementor Page Builder Lite < 2.0.6 - Contributor+ Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "The Plus Addons for Elementor Page Builder Lite",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.0.6",
"version_value": "2.0.6"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The “The Plus Addons for Elementor Page Builder Lite” WordPress Plugin before 2.0.6 has four widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/78014ddd-1cc2-4723-8194-4bf478888578",
"name": "https://wpscan.com/vulnerability/78014ddd-1cc2-4723-8194-4bf478888578"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

74
2021/24xxx/CVE-2021-24267.json
View File

@ -1,18 +1,80 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24267",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "All-in-One Addons for Elementor - WidgetKit < 2.3.10 - Contributor+ Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "All-in-One Addons for Elementor WidgetKit",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.3.10",
"version_value": "2.3.10"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The “All-in-One Addons for Elementor WidgetKit” WordPress Plugin before 2.3.10 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/0c96f3a1-d192-481f-9035-5393f4aadc19",
"name": "https://wpscan.com/vulnerability/0c96f3a1-d192-481f-9035-5393f4aadc19"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

74
2021/24xxx/CVE-2021-24268.json
View File

@ -1,18 +1,80 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24268",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "JetWidgets For Elementor < 1.0.9 - Contributor+ Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "JetWidgets For Elementor",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.0.9",
"version_value": "1.0.9"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The “JetWidgets For Elementor” WordPress Plugin before 1.0.9 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/68ecb965-2a9d-4e67-b069-c3dbfb14016b",
"name": "https://wpscan.com/vulnerability/68ecb965-2a9d-4e67-b069-c3dbfb14016b"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

74
2021/24xxx/CVE-2021-24269.json
View File

@ -1,18 +1,80 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24269",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Sina Extension for Elementor < 3.3.12 - Contributor+ Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Sina Extension for Elementor",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.3.12",
"version_value": "3.3.12"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The “Sina Extension for Elementor” WordPress Plugin before 3.3.12 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/df953a91-f1d8-42e9-8966-f2012d4f97c9",
"name": "https://wpscan.com/vulnerability/df953a91-f1d8-42e9-8966-f2012d4f97c9"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

74
2021/24xxx/CVE-2021-24270.json
View File

@ -1,18 +1,80 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24270",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "DethemeKit For Elementor < 1.5.5.5 - Contributor+ Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "DethemeKit For Elementor",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.5.5.5",
"version_value": "1.5.5.5"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The “DeTheme Kit for Elementor” WordPress Plugin before 1.5.5.5 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/67967784-18b6-4e41-9597-3a4c051f3978",
"name": "https://wpscan.com/vulnerability/67967784-18b6-4e41-9597-3a4c051f3978"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

74
2021/24xxx/CVE-2021-24271.json
View File

@ -1,18 +1,80 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24271",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Ultimate Addons for Elementor < 1.30.0 - Contributor+ Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Ultimate Addons for Elementor",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.30.0",
"version_value": "1.30.0"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The “Ultimate Addons for Elementor” WordPress Plugin before 1.30.0 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/1ce8e188-6ded-413e-b4d1-bf80258acf79",
"name": "https://wpscan.com/vulnerability/1ce8e188-6ded-413e-b4d1-bf80258acf79"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

69
2021/24xxx/CVE-2021-24272.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24272",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Fitness Calculators < 1.9.6 - Cross-Site Request Forgery to Cross-Site Scripting (XSS)"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "fitness calculators",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.9.6",
"version_value": "1.9.6"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The fitness calculators WordPress plugin before 1.9.6 add calculators for Water intake, BMI calculator, protein Intake, and Body Fat and was lacking CSRF check, allowing attackers to make logged in users perform unwanted actions, such as change the calculator headers. Due to the lack of sanitisation, this could also lead to a Stored Cross-Site Scripting issue"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/e643040b-1f3b-4c13-8a20-acfd069dcc4f",
"name": "https://wpscan.com/vulnerability/e643040b-1f3b-4c13-8a20-acfd069dcc4f"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "0xB9"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

74
2021/24xxx/CVE-2021-24273.json
View File

@ -1,18 +1,80 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24273",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Clever Addons for Elementor < 2.1.0 - Contributor+ Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "CleverSoft",
"product": {
"product_data": [
{
"product_name": "Clever Addons for Elementor",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.1.0",
"version_value": "2.1.0"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The “Clever Addons for Elementor” WordPress Plugin before 2.1.0 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/70ddb3fd-d819-4d85-9f8b-1451a3e3e5a6",
"name": "https://wpscan.com/vulnerability/70ddb3fd-d819-4d85-9f8b-1451a3e3e5a6"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

69
2021/24xxx/CVE-2021-24274.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24274",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Ultimate Maps by Supsystic < 1.2.5 - Reflected Cross-Site scripting (XSS)"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Supsystic",
"product": {
"product_data": [
{
"product_name": "Ultimate Maps by Supsystic",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.2.5",
"version_value": "1.2.5"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Ultimate Maps by Supsystic WordPress plugin before 1.2.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/200a3031-7c42-4189-96b1-bed9e0ab7c1d",
"name": "https://wpscan.com/vulnerability/200a3031-7c42-4189-96b1-bed9e0ab7c1d"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "0xB9"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

69
2021/24xxx/CVE-2021-24275.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24275",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Popup by Supsystic < 1.10.5 - Reflected Cross-Site scripting (XSS)"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Supsystic",
"product": {
"product_data": [
{
"product_name": "Popup by Supsystic",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.10.5",
"version_value": "1.10.5"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Popup by Supsystic WordPress plugin before 1.10.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/efdc76e0-c14a-4baf-af70-9d381107308f",
"name": "https://wpscan.com/vulnerability/efdc76e0-c14a-4baf-af70-9d381107308f"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "0xB9"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

69
2021/24xxx/CVE-2021-24276.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24276",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Contact Form by Supsystic < 1.7.15 - Reflected Cross-Site scripting (XSS)"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Supsystic",
"product": {
"product_data": [
{
"product_name": "Contact Form by Supsystic",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.7.15",
"version_value": "1.7.15"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Contact Form by Supsystic WordPress plugin before 1.7.15 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/1301123c-5e63-432a-ab90-3221ca532d9c",
"name": "https://wpscan.com/vulnerability/1301123c-5e63-432a-ab90-3221ca532d9c"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "0xB9"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

74
2021/24xxx/CVE-2021-24293.json
View File

@ -1,18 +1,80 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24293",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "NextGEN Gallery Pro < 3.1.11 - Reflected Cross-Site Scripting (XSS)"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "NextGen Gallery Pro",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.1.11",
"version_value": "3.1.11"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the eCommerce module of the NextGEN Gallery Pro WordPress plugin before 3.1.11, there is an action to call get_cart_items via photocrati_ajax , after that the settings[shipping_address][name] is able to inject malicious javascript."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/5e1a4725-3d20-44b0-8a35-bbf4263957f7",
"name": "https://wpscan.com/vulnerability/5e1a4725-3d20-44b0-8a35-bbf4263957f7"
},
{
"refsource": "MISC",
"url": "https://www.imagely.com/wordpress-gallery-plugin/nextgen-pro/changelog/",
"name": "https://www.imagely.com/wordpress-gallery-plugin/nextgen-pro/changelog/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "mgthuramoemyint"
}
],
"source": {
"discovery": "UNKNOWN"
}
}