daffainfo
/
daffa.info
mirror of https://github.com/daffainfo/daffa.info.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

feat: added desc CVE-2022-32587

main
Muhammad Daffa 2022-11-16 00:20:03 +00:00
parent 5903fc3c13
commit 652a1d864c
19 changed files with 258 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
config.yml
View File

@ -16,7 +16,7 @@ params:
env: production # to enable google analytics, opengraph, twitter-cards and schema.
title: Muhammad Daffa
description: "Portfolio by Muhammad Daffa"
keywords: [Blog, Portfolio]
keywords: [Portfolio]
author: Muhammad Daffa
# author: ["Me", "You"] # multiple authors
images: ["<link or path of image for opengraph, twitter-cards>"]

54
content/cve/CVE-2022-32587.md Normal file
View File

@ -0,0 +1,54 @@
---
title: "CVE-2022-32587"
date: 2022-09-26T11:30:03+00:00
# weight: 1
# aliases: ["/first"]
tags: ["cve"]
author: "Muhammad Daffa"
# author: ["Me", "You"] # multiple authors
showToc: true
TocOpen: true
draft: false
hidemeta: true
comments: false
description: "WordPress WP Page Widget plugin <= 3.9 - Cross-Site Request Forgery"
canonicalURL: "https://canonical.url/to/page"
disableHLJS: false # to disable highlightjs
disableShare: false
hideSummary: false
searchHidden: true
ShowReadingTime: false
ShowBreadCrumbs: true
ShowPostNavLinks: true
ShowWordCount: false
ShowRssButtonInSectionTermList: true
UseHugoToc: true
cover:
image: "<image path/url>" # image path/url
alt: "<alt text>" # alt text
caption: "<text>" # display caption under cover
relative: false # when using page bundles set this to true
hidden: true # only hide on current single page
# editPost:
# URL: "https://github.com/<path_to_repo>/content"
# Text: "Suggest Changes" # edit text
# appendFilePath: true # to append file path to Edit link
---
## Description
Cross-Site Request Forgery (CSRF) vulnerability in CodeAndMore WP Page Widget plugin <= 3.9 on WordPress leading to plugin settings change.
## Plugin Name
[WP Page Widget](https://wordpress.org/plugins/wp-page-widget/)
## Installation Number
60,000+
## Affected Version
<= 3.9
## Fixed Version
4.0
## Advisory link
* [MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32587)
* [Patchstack](https://patchstack.com/database/vulnerability/wp-page-widget/wordpress-wp-page-widget-plugin-3-9-cross-site-request-forgery-csrf-vulnerability)

54
content/cve/CVE-2022-38137.md Normal file
View File

@ -0,0 +1,54 @@
---
title: "CVE-2022-38137"
date: 2022-09-26T11:30:03+00:00
# weight: 1
# aliases: ["/first"]
tags: ["cve"]
author: "Muhammad Daffa"
# author: ["Me", "You"] # multiple authors
showToc: true
TocOpen: true
draft: false
hidemeta: true
comments: false
description: "WordPress Analytify plugin <= 4.2.2 - Cross-Site Request Forgery"
canonicalURL: "https://canonical.url/to/page"
disableHLJS: false # to disable highlightjs
disableShare: false
hideSummary: false
searchHidden: true
ShowReadingTime: false
ShowBreadCrumbs: true
ShowPostNavLinks: true
ShowWordCount: false
ShowRssButtonInSectionTermList: true
UseHugoToc: true
cover:
image: "<image path/url>" # image path/url
alt: "<alt text>" # alt text
caption: "<text>" # display caption under cover
relative: false # when using page bundles set this to true
hidden: true # only hide on current single page
# editPost:
# URL: "https://github.com/<path_to_repo>/content"
# Text: "Suggest Changes" # edit text
# appendFilePath: true # to append file path to Edit link
---
## Description
-
## Plugin Name
[Analytify Google Analytics Dashboard For WordPress](https://wordpress.org/plugins/wp-analytify/)
## Installation Number
60,000+
## Affected Version
<= 4.2.2
## Fixed Version
4.2.3
## Advisory link
* [MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38137)
* [Patchstack](https://patchstack.com/database/vulnerability/wp-analytify/wordpress-analytify-plugin-4-2-2-cross-site-request-forgery-csrf-vulnerability)

5
public/cve/cve-2022-32587/index.html Normal file
View File

File diff suppressed because one or more lines are too long

3
public/cve/cve-2022-36340/index.html
View File

File diff suppressed because one or more lines are too long

6
public/cve/cve-2022-38137/index.html Normal file
View File

File diff suppressed because one or more lines are too long

2
public/cve/index.html
View File

File diff suppressed because one or more lines are too long

20
public/cve/index.xml
View File

@ -9,7 +9,25 @@
<link>https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E</link>
</image>
<generator>Hugo -- gohugo.io</generator>
<lastBuildDate>Fri, 23 Sep 2022 11:30:03 +0000</lastBuildDate><atom:link href="https://daffa.info/cve/index.xml" rel="self" type="application/rss+xml" />
<lastBuildDate>Mon, 26 Sep 2022 11:30:03 +0000</lastBuildDate><atom:link href="https://daffa.info/cve/index.xml" rel="self" type="application/rss+xml" />
<item>
<title>CVE-2022-32587</title>
<link>https://daffa.info/cve/cve-2022-32587/</link>
<pubDate>Mon, 26 Sep 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-32587/</guid>
<description>WordPress WP Page Widget plugin &amp;lt;= 3.9 - Cross-Site Request Forgery</description>
</item>
<item>
<title>CVE-2022-38137</title>
<link>https://daffa.info/cve/cve-2022-38137/</link>
<pubDate>Mon, 26 Sep 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-38137/</guid>
<description>WordPress Analytify plugin &amp;lt;= 4.2.2 - Cross-Site Request Forgery</description>
</item>
<item>
<title>CVE-2022-36340</title>
<link>https://daffa.info/cve/cve-2022-36340/</link>

2
public/index.html
View File

File diff suppressed because one or more lines are too long

20
public/index.xml
View File

@ -9,7 +9,25 @@
<link>https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E</link>
</image>
<generator>Hugo -- gohugo.io</generator>
<lastBuildDate>Fri, 23 Sep 2022 11:30:03 +0000</lastBuildDate><atom:link href="https://daffa.info/index.xml" rel="self" type="application/rss+xml" />
<lastBuildDate>Mon, 26 Sep 2022 11:30:03 +0000</lastBuildDate><atom:link href="https://daffa.info/index.xml" rel="self" type="application/rss+xml" />
<item>
<title>CVE-2022-32587</title>
<link>https://daffa.info/cve/cve-2022-32587/</link>
<pubDate>Mon, 26 Sep 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-32587/</guid>
<description>WordPress WP Page Widget plugin &amp;lt;= 3.9 - Cross-Site Request Forgery</description>
</item>
<item>
<title>CVE-2022-38137</title>
<link>https://daffa.info/cve/cve-2022-38137/</link>
<pubDate>Mon, 26 Sep 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-38137/</guid>
<description>WordPress Analytify plugin &amp;lt;= 4.2.2 - Cross-Site Request Forgery</description>
</item>
<item>
<title>CVE-2022-36340</title>
<link>https://daffa.info/cve/cve-2022-36340/</link>

26
public/sitemap.xml
View File

@ -3,7 +3,22 @@
xmlns:xhtml="http://www.w3.org/1999/xhtml">
<url>
<loc>https://daffa.info/tags/cve/</loc>
<lastmod>2022-09-23T11:30:03+00:00</lastmod>
<lastmod>2022-09-26T11:30:03+00:00</lastmod>
</url><url>
<loc>https://daffa.info/cve/cve-2022-32587/</loc>
<lastmod>2022-09-26T11:30:03+00:00</lastmod>
</url><url>
<loc>https://daffa.info/cve/cve-2022-38137/</loc>
<lastmod>2022-09-26T11:30:03+00:00</lastmod>
</url><url>
<loc>https://daffa.info/cve/</loc>
<lastmod>2022-09-26T11:30:03+00:00</lastmod>
</url><url>
<loc>https://daffa.info/</loc>
<lastmod>2022-09-26T11:30:03+00:00</lastmod>
</url><url>
<loc>https://daffa.info/tags/</loc>
<lastmod>2022-09-26T11:30:03+00:00</lastmod>
</url><url>
<loc>https://daffa.info/cve/cve-2022-36340/</loc>
<lastmod>2022-09-23T11:30:03+00:00</lastmod>
@ -19,15 +34,6 @@
</url><url>
<loc>https://daffa.info/cve/cve-2022-40194/</loc>
<lastmod>2022-09-23T11:30:03+00:00</lastmod>
</url><url>
<loc>https://daffa.info/cve/</loc>
<lastmod>2022-09-23T11:30:03+00:00</lastmod>
</url><url>
<loc>https://daffa.info/</loc>
<lastmod>2022-09-23T11:30:03+00:00</lastmod>
</url><url>
<loc>https://daffa.info/tags/</loc>
<lastmod>2022-09-23T11:30:03+00:00</lastmod>
</url><url>
<loc>https://daffa.info/cve/cve-2022-38470/</loc>
<lastmod>2022-09-22T11:30:03+00:00</lastmod>

23
public/tags/cve/index.html
View File

@ -1,5 +1,14 @@
<!doctype html><html lang=en dir=auto><head><meta charset=utf-8><meta http-equiv=x-ua-compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=robots content="index, follow"><title>cve | Muhammad Daffa</title><meta name=keywords content><meta name=description content="Portfolio by Muhammad Daffa"><meta name=author content="Muhammad Daffa"><link rel=canonical href=https://daffa.info/tags/cve/><link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style><link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E><meta name=theme-color content="#2e2e33"><meta name=msapplication-TileColor content="#2e2e33"><link rel=alternate type=application/rss+xml href=https://daffa.info/tags/cve/index.xml><noscript><style>#theme-toggle,.top-link{display:none}</style><style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style></noscript><meta property="og:title" content="cve"><meta property="og:description" content="Portfolio by Muhammad Daffa"><meta property="og:type" content="website"><meta property="og:url" content="https://daffa.info/tags/cve/"><meta property="og:image" content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E"><meta property="og:site_name" content="Muhammad Daffa"><meta name=twitter:card content="summary_large_image"><meta name=twitter:image content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E"><meta name=twitter:title content="cve"><meta name=twitter:description content="Portfolio by Muhammad Daffa"></head><body class=list id=top><script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add("dark"):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove("dark"):window.matchMedia("(prefers-color-scheme: dark)").matches&&document.body.classList.add("dark")</script><header class=header><nav class=nav><div class=logo><a href=https://daffa.info/ accesskey=h title="Home (Alt + H)"><img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a><div class=logo-switches><button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg></button></div></div><button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg></button><ul class="menu hidden"><li><a href=https://daffa.info/about/ title=About><span>About</span></a></li><li><a href=https://daffa.info/blog/ title=Blog><span>Blog</span></a></li><li><a href=https://daffa.info/portfolio/ title=Portfolio><span>Portfolio</span></a></li><li><a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/><span>Search</span></a></li></ul></nav></header><main class=main><header class=page-header><div class=breadcrumbs><a href=https://daffa.info/>Home</a>&nbsp;»&nbsp;<a href=https://daffa.info/tags/>Tags</a></div><h1>cve
<a href=index.xml title=RSS aria-label=RSS><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" height="23"><path d="M4 11a9 9 0 019 9"/><path d="M4 4a16 16 0 0116 16"/><circle cx="5" cy="19" r="1"/></svg></a></h1></header><article class="post-entry tag-entry"><header class=entry-header><h2>CVE-2022-36340</h2></header><div class=entry-content><p>Description Unauthenticated Optin Campaign Cache Deletion vulnerability in MailOptin plugin &lt;= 1.2.49.0 at WordPress.
<a href=index.xml title=RSS aria-label=RSS><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" height="23"><path d="M4 11a9 9 0 019 9"/><path d="M4 4a16 16 0 0116 16"/><circle cx="5" cy="19" r="1"/></svg></a></h1></header><article class="post-entry tag-entry"><header class=entry-header><h2>CVE-2022-32587</h2></header><div class=entry-content><p>Description Cross-Site Request Forgery (CSRF) vulnerability in CodeAndMore WP Page Widget plugin &lt;= 3.9 on WordPress leading to plugin settings change.
Plugin Name WP Page Widget
Installation Number 60,000+
Affected Version &lt;= 3.9
Fixed Version 4.0
Advisory link MITRE Patchstack</p></div><a class=entry-link aria-label="post link to CVE-2022-32587" href=https://daffa.info/cve/cve-2022-32587/></a></article><article class="post-entry tag-entry"><header class=entry-header><h2>CVE-2022-38137</h2></header><div class=entry-content><p>Description Plugin Name Analytify Google Analytics Dashboard For WordPress
Installation Number 60,000+
Affected Version &lt;= 4.2.2
Fixed Version 4.2.3
Advisory link MITRE Patchstack</p></div><a class=entry-link aria-label="post link to CVE-2022-38137" href=https://daffa.info/cve/cve-2022-38137/></a></article><article class="post-entry tag-entry"><header class=entry-header><h2>CVE-2022-36340</h2></header><div class=entry-content><p>Description Unauthenticated Optin Campaign Cache Deletion vulnerability in MailOptin plugin &lt;= 1.2.49.0 at WordPress.
Plugin Name Popup, Optin Form & Email Newsletters for Mailchimp, HubSpot, AWeber MailOptin
Installation Number 30,000+
Affected Version &lt;= 1.2.49.0
@ -14,17 +23,7 @@ Plugin Name Customer Reviews for WooCommerce
Installation Number 50,000+
Affected Version &lt;= 5.3.5
Fixed Version 5.3.6
Advisory link MITRE Patchstack</p></div><a class=entry-link aria-label="post link to CVE-2022-38134" href=https://daffa.info/cve/cve-2022-38134/></a></article><article class="post-entry tag-entry"><header class=entry-header><h2>CVE-2022-40132</h2></header><div class=entry-content><p>Description Cross-Site Request Forgery (CSRF) vulnerability in Seriously Simple Podcasting plugin &lt;= 2.16.0 at WordPress, leading to plugin settings change.
Plugin Name Seriously Simple Podcasting
Installation Number 30,000+
Affected Version &lt;= 2.16.0
Fixed Version 2.16.1
Advisory link MITRE Patchstack</p></div><a class=entry-link aria-label="post link to CVE-2022-40132" href=https://daffa.info/cve/cve-2022-40132/></a></article><article class="post-entry tag-entry"><header class=entry-header><h2>CVE-2022-40194</h2></header><div class=entry-content><p>Description Unauthenticated Sensitive Information Disclosure vulnerability in Customer Reviews for WooCommerce plugin &lt;= 5.3.5 at WordPress
Plugin Name Customer Reviews for WooCommerce
Installation Number 50,000+
Affected Version &lt;= 5.3.5
Fixed Version 5.3.6
Advisory link MITRE Patchstack</p></div><a class=entry-link aria-label="post link to CVE-2022-40194" href=https://daffa.info/cve/cve-2022-40194/></a></article><footer class=page-footer><nav class=pagination><a class=next href=https://daffa.info/tags/cve/page/2/>Next&nbsp;&nbsp;»</a></nav></footer></main><footer class=footer><span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
Advisory link MITRE Patchstack</p></div><a class=entry-link aria-label="post link to CVE-2022-38134" href=https://daffa.info/cve/cve-2022-38134/></a></article><footer class=page-footer><nav class=pagination><a class=next href=https://daffa.info/tags/cve/page/2/>Next&nbsp;&nbsp;»</a></nav></footer></main><footer class=footer><span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a></span></footer><a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg></a><script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(e){b.contains(e.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script><script>let menu=document.getElementById("menu");menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(e=>{e.addEventListener("click",function(e){e.preventDefault();var t=this.getAttribute("href").substr(1);window.matchMedia("(prefers-reduced-motion: reduce)").matches?document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView({behavior:"smooth"}),t==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${t}`)})})</script><script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script><script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove("dark"),localStorage.setItem("pref-theme","light")):(document.body.classList.add("dark"),localStorage.setItem("pref-theme","dark"))})</script></body></html>

20
public/tags/cve/index.xml
View File

@ -9,7 +9,25 @@
<link>https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E</link>
</image>
<generator>Hugo -- gohugo.io</generator>
<lastBuildDate>Fri, 23 Sep 2022 11:30:03 +0000</lastBuildDate><atom:link href="https://daffa.info/tags/cve/index.xml" rel="self" type="application/rss+xml" />
<lastBuildDate>Mon, 26 Sep 2022 11:30:03 +0000</lastBuildDate><atom:link href="https://daffa.info/tags/cve/index.xml" rel="self" type="application/rss+xml" />
<item>
<title>CVE-2022-32587</title>
<link>https://daffa.info/cve/cve-2022-32587/</link>
<pubDate>Mon, 26 Sep 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-32587/</guid>
<description>WordPress WP Page Widget plugin &amp;lt;= 3.9 - Cross-Site Request Forgery</description>
</item>
<item>
<title>CVE-2022-38137</title>
<link>https://daffa.info/cve/cve-2022-38137/</link>
<pubDate>Mon, 26 Sep 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-38137/</guid>
<description>WordPress Analytify plugin &amp;lt;= 4.2.2 - Cross-Site Request Forgery</description>
</item>
<item>
<title>CVE-2022-36340</title>
<link>https://daffa.info/cve/cve-2022-36340/</link>

24
public/tags/cve/page/2/index.html
View File

@ -1,5 +1,15 @@
<!doctype html><html lang=en dir=auto><head><meta charset=utf-8><meta http-equiv=x-ua-compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=robots content="index, follow"><title>cve | Muhammad Daffa</title><meta name=keywords content><meta name=description content="Portfolio by Muhammad Daffa"><meta name=author content="Muhammad Daffa"><link rel=canonical href=https://daffa.info/tags/cve/><link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style><link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E><meta name=theme-color content="#2e2e33"><meta name=msapplication-TileColor content="#2e2e33"><link rel=alternate type=application/rss+xml href=https://daffa.info/tags/cve/index.xml><noscript><style>#theme-toggle,.top-link{display:none}</style><style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style></noscript><meta property="og:title" content="cve"><meta property="og:description" content="Portfolio by Muhammad Daffa"><meta property="og:type" content="website"><meta property="og:url" content="https://daffa.info/tags/cve/"><meta property="og:image" content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E"><meta property="og:site_name" content="Muhammad Daffa"><meta name=twitter:card content="summary_large_image"><meta name=twitter:image content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E"><meta name=twitter:title content="cve"><meta name=twitter:description content="Portfolio by Muhammad Daffa"></head><body class=list id=top><script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add("dark"):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove("dark"):window.matchMedia("(prefers-color-scheme: dark)").matches&&document.body.classList.add("dark")</script><header class=header><nav class=nav><div class=logo><a href=https://daffa.info/ accesskey=h title="Home (Alt + H)"><img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a><div class=logo-switches><button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg></button></div></div><button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg></button><ul class="menu hidden"><li><a href=https://daffa.info/about/ title=About><span>About</span></a></li><li><a href=https://daffa.info/blog/ title=Blog><span>Blog</span></a></li><li><a href=https://daffa.info/portfolio/ title=Portfolio><span>Portfolio</span></a></li><li><a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/><span>Search</span></a></li></ul></nav></header><main class=main><header class=page-header><div class=breadcrumbs><a href=https://daffa.info/>Home</a>&nbsp;»&nbsp;<a href=https://daffa.info/tags/>Tags</a></div><h1>cve
<a href=index.xml title=RSS aria-label=RSS><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" height="23"><path d="M4 11a9 9 0 019 9"/><path d="M4 4a16 16 0 0116 16"/><circle cx="5" cy="19" r="1"/></svg></a></h1></header><article class="post-entry tag-entry"><header class=entry-header><h2>CVE-2022-38470</h2></header><div class=entry-content><p>Description Authenticated (subscriber+) Broken Access Control vulnerability in Customer Reviews for WooCommerce plugin &lt;= 5.3.5 at WordPress.
<a href=index.xml title=RSS aria-label=RSS><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" height="23"><path d="M4 11a9 9 0 019 9"/><path d="M4 4a16 16 0 0116 16"/><circle cx="5" cy="19" r="1"/></svg></a></h1></header><article class="post-entry tag-entry"><header class=entry-header><h2>CVE-2022-40132</h2></header><div class=entry-content><p>Description Cross-Site Request Forgery (CSRF) vulnerability in Seriously Simple Podcasting plugin &lt;= 2.16.0 at WordPress, leading to plugin settings change.
Plugin Name Seriously Simple Podcasting
Installation Number 30,000+
Affected Version &lt;= 2.16.0
Fixed Version 2.16.1
Advisory link MITRE Patchstack</p></div><a class=entry-link aria-label="post link to CVE-2022-40132" href=https://daffa.info/cve/cve-2022-40132/></a></article><article class="post-entry tag-entry"><header class=entry-header><h2>CVE-2022-40194</h2></header><div class=entry-content><p>Description Unauthenticated Sensitive Information Disclosure vulnerability in Customer Reviews for WooCommerce plugin &lt;= 5.3.5 at WordPress
Plugin Name Customer Reviews for WooCommerce
Installation Number 50,000+
Affected Version &lt;= 5.3.5
Fixed Version 5.3.6
Advisory link MITRE Patchstack</p></div><a class=entry-link aria-label="post link to CVE-2022-40194" href=https://daffa.info/cve/cve-2022-40194/></a></article><article class="post-entry tag-entry"><header class=entry-header><h2>CVE-2022-38470</h2></header><div class=entry-content><p>Description Authenticated (subscriber+) Broken Access Control vulnerability in Customer Reviews for WooCommerce plugin &lt;= 5.3.5 at WordPress.
Plugin Name Customer Reviews for WooCommerce
Installation Number 50,000+
Affected Version &lt;= 5.3.5
@ -14,17 +24,7 @@ Plugin Name Download Manager
Installation Number 100,000+
Affected Version &lt;= 3.2.48
Fixed Version 3.2.49
Advisory Link MITRE WPScan Patchstack</p></div><footer class=entry-footer><span title='2022-08-22 11:30:03 +0000 UTC'>August 22, 2022</span>&nbsp;·&nbsp;Muhammad Daffa</footer><a class=entry-link aria-label="post link to CVE-2022-34347" href=https://daffa.info/cve/cve-2022-34347/></a></article><article class="post-entry tag-entry"><header class=entry-header><h2>CVE-2022-36346</h2></header><div class=entry-content><p>Description Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Max Foundry MaxButtons plugin &lt;= 9.2 at WordPress.
Plugin Name MaxButtons
Installation Number 100,000+
Affected Version &lt;= 9.2
Fixed Version 9.3
Advisory Link MITRE WPScan Patchstack</p></div><footer class=entry-footer><span title='2022-08-22 11:30:03 +0000 UTC'>August 22, 2022</span>&nbsp;·&nbsp;Muhammad Daffa</footer><a class=entry-link aria-label="post link to CVE-2022-36346" href=https://daffa.info/cve/cve-2022-36346/></a></article><article class="post-entry tag-entry"><header class=entry-header><h2>CVE-2022-33201</h2></header><div class=entry-content><p>Description Cross-Site Request Forgery (CSRF) vulnerability in MailerLite Signup forms (official) plugin &lt;= 1.5.7 at WordPress allows an attacker to change the API key.
Plugin Name MailerLite Signup forms (official)
Installation Number 60,000+
Affected Version &lt;= 1.5.6
Fixed Version 1.5.7
Advisory link MITRE WPScan Patchstack</p></div><footer class=entry-footer><span title='2022-05-08 11:30:03 +0000 UTC'>May 8, 2022</span>&nbsp;·&nbsp;Muhammad Daffa</footer><a class=entry-link aria-label="post link to CVE-2022-33201" href=https://daffa.info/cve/cve-2022-33201/></a></article><footer class=page-footer><nav class=pagination><a class=prev href=https://daffa.info/tags/cve/>«&nbsp;Prev&nbsp;</a>
Advisory Link MITRE WPScan Patchstack</p></div><footer class=entry-footer><span title='2022-08-22 11:30:03 +0000 UTC'>August 22, 2022</span>&nbsp;·&nbsp;Muhammad Daffa</footer><a class=entry-link aria-label="post link to CVE-2022-34347" href=https://daffa.info/cve/cve-2022-34347/></a></article><footer class=page-footer><nav class=pagination><a class=prev href=https://daffa.info/tags/cve/>«&nbsp;Prev&nbsp;</a>
<a class=next href=https://daffa.info/tags/cve/page/3/>Next&nbsp;&nbsp;»</a></nav></footer></main><footer class=footer><span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &

24
public/tags/cve/page/3/index.html
View File

@ -1,5 +1,15 @@
<!doctype html><html lang=en dir=auto><head><meta charset=utf-8><meta http-equiv=x-ua-compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=robots content="index, follow"><title>cve | Muhammad Daffa</title><meta name=keywords content><meta name=description content="Portfolio by Muhammad Daffa"><meta name=author content="Muhammad Daffa"><link rel=canonical href=https://daffa.info/tags/cve/><link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style><link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E><meta name=theme-color content="#2e2e33"><meta name=msapplication-TileColor content="#2e2e33"><link rel=alternate type=application/rss+xml href=https://daffa.info/tags/cve/index.xml><noscript><style>#theme-toggle,.top-link{display:none}</style><style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style></noscript><meta property="og:title" content="cve"><meta property="og:description" content="Portfolio by Muhammad Daffa"><meta property="og:type" content="website"><meta property="og:url" content="https://daffa.info/tags/cve/"><meta property="og:image" content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E"><meta property="og:site_name" content="Muhammad Daffa"><meta name=twitter:card content="summary_large_image"><meta name=twitter:image content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E"><meta name=twitter:title content="cve"><meta name=twitter:description content="Portfolio by Muhammad Daffa"></head><body class=list id=top><script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add("dark"):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove("dark"):window.matchMedia("(prefers-color-scheme: dark)").matches&&document.body.classList.add("dark")</script><header class=header><nav class=nav><div class=logo><a href=https://daffa.info/ accesskey=h title="Home (Alt + H)"><img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a><div class=logo-switches><button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg></button></div></div><button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg></button><ul class="menu hidden"><li><a href=https://daffa.info/about/ title=About><span>About</span></a></li><li><a href=https://daffa.info/blog/ title=Blog><span>Blog</span></a></li><li><a href=https://daffa.info/portfolio/ title=Portfolio><span>Portfolio</span></a></li><li><a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/><span>Search</span></a></li></ul></nav></header><main class=main><header class=page-header><div class=breadcrumbs><a href=https://daffa.info/>Home</a>&nbsp;»&nbsp;<a href=https://daffa.info/tags/>Tags</a></div><h1>cve
<a href=index.xml title=RSS aria-label=RSS><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" height="23"><path d="M4 11a9 9 0 019 9"/><path d="M4 4a16 16 0 0116 16"/><circle cx="5" cy="19" r="1"/></svg></a></h1></header><article class="post-entry tag-entry"><header class=entry-header><h2>CVE-2022-27848</h2></header><div class=entry-content><p>Description Authenticated (admin+ user) Stored Cross-Site Scripting (XSS) in Modern Events Calendar Lite (WordPress plugin) &lt;= 6.5.1
<a href=index.xml title=RSS aria-label=RSS><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" height="23"><path d="M4 11a9 9 0 019 9"/><path d="M4 4a16 16 0 0116 16"/><circle cx="5" cy="19" r="1"/></svg></a></h1></header><article class="post-entry tag-entry"><header class=entry-header><h2>CVE-2022-36346</h2></header><div class=entry-content><p>Description Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Max Foundry MaxButtons plugin &lt;= 9.2 at WordPress.
Plugin Name MaxButtons
Installation Number 100,000+
Affected Version &lt;= 9.2
Fixed Version 9.3
Advisory Link MITRE WPScan Patchstack</p></div><footer class=entry-footer><span title='2022-08-22 11:30:03 +0000 UTC'>August 22, 2022</span>&nbsp;·&nbsp;Muhammad Daffa</footer><a class=entry-link aria-label="post link to CVE-2022-36346" href=https://daffa.info/cve/cve-2022-36346/></a></article><article class="post-entry tag-entry"><header class=entry-header><h2>CVE-2022-33201</h2></header><div class=entry-content><p>Description Cross-Site Request Forgery (CSRF) vulnerability in MailerLite Signup forms (official) plugin &lt;= 1.5.7 at WordPress allows an attacker to change the API key.
Plugin Name MailerLite Signup forms (official)
Installation Number 60,000+
Affected Version &lt;= 1.5.6
Fixed Version 1.5.7
Advisory link MITRE WPScan Patchstack</p></div><footer class=entry-footer><span title='2022-05-08 11:30:03 +0000 UTC'>May 8, 2022</span>&nbsp;·&nbsp;Muhammad Daffa</footer><a class=entry-link aria-label="post link to CVE-2022-33201" href=https://daffa.info/cve/cve-2022-33201/></a></article><article class="post-entry tag-entry"><header class=entry-header><h2>CVE-2022-27848</h2></header><div class=entry-content><p>Description Authenticated (admin+ user) Stored Cross-Site Scripting (XSS) in Modern Events Calendar Lite (WordPress plugin) &lt;= 6.5.1
Plugin Name Modern Events Calendar Lite
Installation Number 100,000+ (Closed)
Affected Version &lt;= 6.5.1
@ -14,17 +24,7 @@ Plugin Name wpDataTables
Installation Number 60,000+
Affected Version &lt;= 2.1.27
Fixed Version 2.1.28
Advisory link MITRE WPScan Patchstack</p></div><footer class=entry-footer><span title='2022-04-04 11:30:03 +0000 UTC'>April 4, 2022</span>&nbsp;·&nbsp;Muhammad Daffa</footer><a class=entry-link aria-label="post link to CVE-2022-25618" href=https://daffa.info/cve/cve-2022-25618/></a></article><article class="post-entry tag-entry"><header class=entry-header><h2>CVE-2022-38704</h2></header><div class=entry-content><p>Description Cross-Site Request Forgery (CSRF) vulnerability in SEO Redirection plugin &lt;= 8.9 at WordPress, leading to deletion of 404 errors and redirection history.
Plugin Name SEO Redirection Plugin 301 Redirect Manager
Installation Number 30,000+
Affected Version &lt;= 8.9
Fixed Version 9.1
Advisory link MITRE Patchstack</p></div><a class=entry-link aria-label="post link to CVE-2022-38704" href=https://daffa.info/cve/cve-2022-38704/></a></article><article class="post-entry tag-entry"><header class=entry-header><h2>CVE-2022-23983</h2></header><div class=entry-content><p>Description Cross-Site Request Forgery (CSRF) vulnerability leading to plugin Settings Update discovered in WP Content Copy Protection & No Right Click WordPress plugin (versions &lt;= 3.4.4).
Plugin Name WP Content Copy Protection & No Right Click
Installation Number 100,000+
Affected Version &lt;= 3.4.4
Fixed Version 3.4.5
Advisory link MITRE WPScan Patchstack</p></div><a class=entry-link aria-label="post link to CVE-2022-23983" href=https://daffa.info/cve/cve-2022-23983/></a></article><footer class=page-footer><nav class=pagination><a class=prev href=https://daffa.info/tags/cve/page/2/>«&nbsp;Prev&nbsp;</a>
Advisory link MITRE WPScan Patchstack</p></div><footer class=entry-footer><span title='2022-04-04 11:30:03 +0000 UTC'>April 4, 2022</span>&nbsp;·&nbsp;Muhammad Daffa</footer><a class=entry-link aria-label="post link to CVE-2022-25618" href=https://daffa.info/cve/cve-2022-25618/></a></article><footer class=page-footer><nav class=pagination><a class=prev href=https://daffa.info/tags/cve/page/2/>«&nbsp;Prev&nbsp;</a>
<a class=next href=https://daffa.info/tags/cve/page/4/>Next&nbsp;&nbsp;»</a></nav></footer></main><footer class=footer><span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &

20
public/tags/cve/page/4/index.html
View File

@ -1,5 +1,15 @@
<!doctype html><html lang=en dir=auto><head><meta charset=utf-8><meta http-equiv=x-ua-compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=robots content="index, follow"><title>cve | Muhammad Daffa</title><meta name=keywords content><meta name=description content="Portfolio by Muhammad Daffa"><meta name=author content="Muhammad Daffa"><link rel=canonical href=https://daffa.info/tags/cve/><link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style><link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E><meta name=theme-color content="#2e2e33"><meta name=msapplication-TileColor content="#2e2e33"><link rel=alternate type=application/rss+xml href=https://daffa.info/tags/cve/index.xml><noscript><style>#theme-toggle,.top-link{display:none}</style><style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style></noscript><meta property="og:title" content="cve"><meta property="og:description" content="Portfolio by Muhammad Daffa"><meta property="og:type" content="website"><meta property="og:url" content="https://daffa.info/tags/cve/"><meta property="og:image" content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E"><meta property="og:site_name" content="Muhammad Daffa"><meta name=twitter:card content="summary_large_image"><meta name=twitter:image content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E"><meta name=twitter:title content="cve"><meta name=twitter:description content="Portfolio by Muhammad Daffa"></head><body class=list id=top><script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add("dark"):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove("dark"):window.matchMedia("(prefers-color-scheme: dark)").matches&&document.body.classList.add("dark")</script><header class=header><nav class=nav><div class=logo><a href=https://daffa.info/ accesskey=h title="Home (Alt + H)"><img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a><div class=logo-switches><button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg></button></div></div><button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg></button><ul class="menu hidden"><li><a href=https://daffa.info/about/ title=About><span>About</span></a></li><li><a href=https://daffa.info/blog/ title=Blog><span>Blog</span></a></li><li><a href=https://daffa.info/portfolio/ title=Portfolio><span>Portfolio</span></a></li><li><a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/><span>Search</span></a></li></ul></nav></header><main class=main><header class=page-header><div class=breadcrumbs><a href=https://daffa.info/>Home</a>&nbsp;»&nbsp;<a href=https://daffa.info/tags/>Tags</a></div><h1>cve
<a href=index.xml title=RSS aria-label=RSS><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" height="23"><path d="M4 11a9 9 0 019 9"/><path d="M4 4a16 16 0 0116 16"/><circle cx="5" cy="19" r="1"/></svg></a></h1></header><article class="post-entry tag-entry"><header class=entry-header><h2>CVE-2022-23984</h2></header><div class=entry-content><p>Description Sensitive information disclosure discovered in wpDiscuz WordPress plugin (versions &lt;= 7.3.11).
<a href=index.xml title=RSS aria-label=RSS><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" height="23"><path d="M4 11a9 9 0 019 9"/><path d="M4 4a16 16 0 0116 16"/><circle cx="5" cy="19" r="1"/></svg></a></h1></header><article class="post-entry tag-entry"><header class=entry-header><h2>CVE-2022-38704</h2></header><div class=entry-content><p>Description Cross-Site Request Forgery (CSRF) vulnerability in SEO Redirection plugin &lt;= 8.9 at WordPress, leading to deletion of 404 errors and redirection history.
Plugin Name SEO Redirection Plugin 301 Redirect Manager
Installation Number 30,000+
Affected Version &lt;= 8.9
Fixed Version 9.1
Advisory link MITRE Patchstack</p></div><a class=entry-link aria-label="post link to CVE-2022-38704" href=https://daffa.info/cve/cve-2022-38704/></a></article><article class="post-entry tag-entry"><header class=entry-header><h2>CVE-2022-23983</h2></header><div class=entry-content><p>Description Cross-Site Request Forgery (CSRF) vulnerability leading to plugin Settings Update discovered in WP Content Copy Protection & No Right Click WordPress plugin (versions &lt;= 3.4.4).
Plugin Name WP Content Copy Protection & No Right Click
Installation Number 100,000+
Affected Version &lt;= 3.4.4
Fixed Version 3.4.5
Advisory link MITRE WPScan Patchstack</p></div><a class=entry-link aria-label="post link to CVE-2022-23983" href=https://daffa.info/cve/cve-2022-23983/></a></article><article class="post-entry tag-entry"><header class=entry-header><h2>CVE-2022-23984</h2></header><div class=entry-content><p>Description Sensitive information disclosure discovered in wpDiscuz WordPress plugin (versions &lt;= 7.3.11).
Plugin Name wpDiscuz
Installation Number 90,000+
Affected Version &lt;= 7.3.11
@ -14,12 +24,8 @@ Plugin Name Charitable
Installation Number 10,000+
Affected Version &lt;= 1.6.50
Fixed Version 1.6.51
Advisory Link MITRE WPScan</p></div><footer class=entry-footer><span title='2021-07-21 11:30:03 +0000 UTC'>July 21, 2021</span>&nbsp;·&nbsp;Muhammad Daffa</footer><a class=entry-link aria-label="post link to CVE-2021-24531" href=https://daffa.info/cve/cve-2021-24531/></a></article><article class="post-entry tag-entry"><header class=entry-header><h2>CVE-2021-24519</h2></header><div class=entry-content><p>Description The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the Text Next to Icon field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue
Plugin Name VikRentCar
Installation Number 1,000+
Affected Version &lt;= 1.1.9
Fixed Version 1.1.10
Advisory Link MITRE WPScan</p></div><footer class=entry-footer><span title='2021-07-19 11:30:03 +0000 UTC'>July 19, 2021</span>&nbsp;·&nbsp;Muhammad Daffa</footer><a class=entry-link aria-label="post link to CVE-2021-24519" href=https://daffa.info/cve/cve-2021-24519/></a></article><footer class=page-footer><nav class=pagination><a class=prev href=https://daffa.info/tags/cve/page/3/>«&nbsp;Prev&nbsp;</a></nav></footer></main><footer class=footer><span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
Advisory Link MITRE WPScan</p></div><footer class=entry-footer><span title='2021-07-21 11:30:03 +0000 UTC'>July 21, 2021</span>&nbsp;·&nbsp;Muhammad Daffa</footer><a class=entry-link aria-label="post link to CVE-2021-24531" href=https://daffa.info/cve/cve-2021-24531/></a></article><footer class=page-footer><nav class=pagination><a class=prev href=https://daffa.info/tags/cve/page/3/>«&nbsp;Prev&nbsp;</a>
<a class=next href=https://daffa.info/tags/cve/page/5/>Next&nbsp;&nbsp;»</a></nav></footer></main><footer class=footer><span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a></span></footer><a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg></a><script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(e){b.contains(e.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script><script>let menu=document.getElementById("menu");menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(e=>{e.addEventListener("click",function(e){e.preventDefault();var t=this.getAttribute("href").substr(1);window.matchMedia("(prefers-reduced-motion: reduce)").matches?document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView({behavior:"smooth"}),t==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${t}`)})})</script><script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script><script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove("dark"),localStorage.setItem("pref-theme","light")):(document.body.classList.add("dark"),localStorage.setItem("pref-theme","dark"))})</script></body></html>

10
public/tags/cve/page/5/index.html Normal file
View File

@ -0,0 +1,10 @@
<!doctype html><html lang=en dir=auto><head><meta charset=utf-8><meta http-equiv=x-ua-compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=robots content="index, follow"><title>cve | Muhammad Daffa</title><meta name=keywords content><meta name=description content="Portfolio by Muhammad Daffa"><meta name=author content="Muhammad Daffa"><link rel=canonical href=https://daffa.info/tags/cve/><link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style><link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E><meta name=theme-color content="#2e2e33"><meta name=msapplication-TileColor content="#2e2e33"><link rel=alternate type=application/rss+xml href=https://daffa.info/tags/cve/index.xml><noscript><style>#theme-toggle,.top-link{display:none}</style><style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style></noscript><meta property="og:title" content="cve"><meta property="og:description" content="Portfolio by Muhammad Daffa"><meta property="og:type" content="website"><meta property="og:url" content="https://daffa.info/tags/cve/"><meta property="og:image" content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E"><meta property="og:site_name" content="Muhammad Daffa"><meta name=twitter:card content="summary_large_image"><meta name=twitter:image content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E"><meta name=twitter:title content="cve"><meta name=twitter:description content="Portfolio by Muhammad Daffa"></head><body class=list id=top><script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add("dark"):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove("dark"):window.matchMedia("(prefers-color-scheme: dark)").matches&&document.body.classList.add("dark")</script><header class=header><nav class=nav><div class=logo><a href=https://daffa.info/ accesskey=h title="Home (Alt + H)"><img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a><div class=logo-switches><button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg></button></div></div><button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg></button><ul class="menu hidden"><li><a href=https://daffa.info/about/ title=About><span>About</span></a></li><li><a href=https://daffa.info/blog/ title=Blog><span>Blog</span></a></li><li><a href=https://daffa.info/portfolio/ title=Portfolio><span>Portfolio</span></a></li><li><a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/><span>Search</span></a></li></ul></nav></header><main class=main><header class=page-header><div class=breadcrumbs><a href=https://daffa.info/>Home</a>&nbsp;»&nbsp;<a href=https://daffa.info/tags/>Tags</a></div><h1>cve
<a href=index.xml title=RSS aria-label=RSS><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" height="23"><path d="M4 11a9 9 0 019 9"/><path d="M4 4a16 16 0 0116 16"/><circle cx="5" cy="19" r="1"/></svg></a></h1></header><article class="post-entry tag-entry"><header class=entry-header><h2>CVE-2021-24519</h2></header><div class=entry-content><p>Description The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the Text Next to Icon field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue
Plugin Name VikRentCar
Installation Number 1,000+
Affected Version &lt;= 1.1.9
Fixed Version 1.1.10
Advisory Link MITRE WPScan</p></div><footer class=entry-footer><span title='2021-07-19 11:30:03 +0000 UTC'>July 19, 2021</span>&nbsp;·&nbsp;Muhammad Daffa</footer><a class=entry-link aria-label="post link to CVE-2021-24519" href=https://daffa.info/cve/cve-2021-24519/></a></article><footer class=page-footer><nav class=pagination><a class=prev href=https://daffa.info/tags/cve/page/4/>«&nbsp;Prev&nbsp;</a></nav></footer></main><footer class=footer><span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a></span></footer><a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg></a><script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(e){b.contains(e.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script><script>let menu=document.getElementById("menu");menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(e=>{e.addEventListener("click",function(e){e.preventDefault();var t=this.getAttribute("href").substr(1);window.matchMedia("(prefers-reduced-motion: reduce)").matches?document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView({behavior:"smooth"}),t==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${t}`)})})</script><script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script><script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove("dark"),localStorage.setItem("pref-theme","light")):(document.body.classList.add("dark"),localStorage.setItem("pref-theme","dark"))})</script></body></html>

2
public/tags/index.html
View File

File diff suppressed because one or more lines are too long

4
public/tags/index.xml
View File

@ -9,11 +9,11 @@
<link>https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E</link>
</image>
<generator>Hugo -- gohugo.io</generator>
<lastBuildDate>Fri, 23 Sep 2022 11:30:03 +0000</lastBuildDate><atom:link href="https://daffa.info/tags/index.xml" rel="self" type="application/rss+xml" />
<lastBuildDate>Mon, 26 Sep 2022 11:30:03 +0000</lastBuildDate><atom:link href="https://daffa.info/tags/index.xml" rel="self" type="application/rss+xml" />
<item>
<title>cve</title>
<link>https://daffa.info/tags/cve/</link>
<pubDate>Fri, 23 Sep 2022 11:30:03 +0000</pubDate>
<pubDate>Mon, 26 Sep 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/tags/cve/</guid>
<description></description>