admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2021/24xxx/CVE-2021-24993.json
erwanlr 6411bd9298 Updates CWE
2022-02-15 09:03:52 +01:00

81 lines
2.1 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"CVE_data_meta": {
"ID": "CVE-2021-24993",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Ultimate Product Catalog < 5.0.26 - Subscriber+ Arbitrary Product Creation & Settings Update"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Ultimate Product Catalog WordPress Catalog Plugin",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.0.26",
"version_value": "5.0.26"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Ultimate Product Catalog WordPress plugin before 5.0.26 does not have authorisation and CSRF checks in some AJAX actions, which could allow any authenticated users, such as subscriber to call them and add arbitrary products, or change the plugin's settings for example"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/514416fa-d915-4953-bf1b-6dbf40b4d7e5",
"name": "https://wpscan.com/vulnerability/514416fa-d915-4953-bf1b-6dbf40b4d7e5"
},
{
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2650578",
"name": "https://plugins.trac.wordpress.org/changeset/2650578"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-862 Missing Authorization",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Krzysztof Zając"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
Reference in New Issue View Git Blame Copy Permalink