daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

updated 2022 CVEs

patch-1
Prince Chaddha 2023-09-06 17:29:08 +05:30
parent 137cf38b8b
commit 449651f076
434 changed files with 1928 additions and 1156 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
http/cves/2022/CVE-2022-0140.yaml
View File

@ -6,6 +6,8 @@ info:
severity: medium
description: |
WordPress Visual Form Builder plugin before 3.0.8 contains a cross-site scripting vulnerability. The plugin does not perform access control on entry form export, allowing an unauthenticated user to export the form entries as CSV files using the vfb-export endpoint.
remediation: |
Update to the latest version of the WordPress Visual Form Builder plugin (3.0.8) or apply the vendor-supplied patch to mitigate this vulnerability.
reference:
- https://wpscan.com/vulnerability/9fa2b3b6-2fe3-40f0-8f71-371dd58fe336
- https://www.fortiguard.com/zeroday/FG-VD-21-082
@ -16,13 +18,13 @@ info:
cve-id: CVE-2022-0140
cwe-id: CWE-306
epss-score: 0.01084
cpe: cpe:2.3:a:vfbpro:visual_form_builder:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.82506
cpe: cpe:2.3:a:vfbpro:visual_form_builder:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
framework: wordpress
vendor: vfbpro
product: visual_form_builder
framework: wordpress
tags: wpscan,cve,cve2022,xss,wordpress
http:

8
http/cves/2022/CVE-2022-0147.yaml
View File

@ -6,6 +6,8 @@ info:
severity: medium
description: |
WordPress Cookie Information/Free GDPR Consent Solution plugin prior to 2.0.8 contains a cross-site scripting vulnerability via the admin dashboard. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
remediation: |
Update to the latest version of the WordPress Cookie Information/Free GDPR Consent Solution plugin (2.0.8 or higher) to mitigate this vulnerability.
reference:
- https://wpscan.com/vulnerability/2c735365-69c0-4652-b48e-c4a192dfe0d1
- https://wordpress.org/plugins/wp-gdpr-compliance/
@ -17,14 +19,14 @@ info:
cve-id: CVE-2022-0147
cwe-id: CWE-79
epss-score: 0.00133
cpe: cpe:2.3:a:cookieinformation:wp-gdpr-compliance:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.47722
cpe: cpe:2.3:a:cookieinformation:wp-gdpr-compliance:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 2
verified: true
framework: wordpress
max-request: 2
vendor: cookieinformation
product: wp-gdpr-compliance
framework: wordpress
tags: cve2022,wordpress,xss,wp,authenticated,cve,wp-plugin,wp-gdpr-compliance,wpscan
http:

6
http/cves/2022/CVE-2022-0148.yaml
View File

@ -5,6 +5,8 @@ info:
author: DhiyaneshDK
severity: medium
description: WordPress All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon Tabs plugin before 2.0.4 contains a reflected cross-site scripting vulnerability on the my-sticky-elements-leads admin page.
remediation: |
Update the WordPress All-in-one Floating Contact Form plugin to version 2.0.4 or later to mitigate the vulnerability.
reference:
- https://wpscan.com/vulnerability/37665ee1-c57f-4445-9596-df4f7d72c8cd
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0148
@ -16,13 +18,13 @@ info:
cve-id: CVE-2022-0148
cwe-id: CWE-79
epss-score: 0.00165
cpe: cpe:2.3:a:premio:mystickyelements:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.52528
cpe: cpe:2.3:a:premio:mystickyelements:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 2
framework: wordpress
vendor: premio
product: mystickyelements
framework: wordpress
tags: xss,wp-plugin,authenticated,wpscan,cve,cve2022,wordpress
http:

6
http/cves/2022/CVE-2022-0149.yaml
View File

@ -5,6 +5,8 @@ info:
author: dhiyaneshDk
severity: medium
description: The plugin was affected by a reflected cross-site scripting vulnerability in the woo_ce admin page.
remediation: |
Update to the latest version of the WooCommerce Stored Exporter WordPress Plugin (2.7.1) or apply the vendor-provided patch to mitigate this vulnerability.
reference:
- https://wpscan.com/vulnerability/e47c288a-2ea3-4926-93cc-113867cbc77c
- https://nvd.nist.gov/vuln/detail/CVE-2022-0149
@ -15,13 +17,13 @@ info:
cve-id: CVE-2022-0149
cwe-id: CWE-79
epss-score: 0.00115
cpe: cpe:2.3:a:visser:store_exporter_for_woocommerce:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.44376
cpe: cpe:2.3:a:visser:store_exporter_for_woocommerce:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 2
framework: wordpress
vendor: visser
product: store_exporter_for_woocommerce
framework: wordpress
tags: wpscan,cve,cve2022,wordpress,wp-plugin,xss,woocommerce,authenticated
http:

6
http/cves/2022/CVE-2022-0150.yaml
View File

@ -6,6 +6,8 @@ info:
severity: medium
description: |
WordPress Accessibility Helper plugin before 0.6.0.7 contains a cross-site scripting vulnerability. It does not sanitize and escape the wahi parameter before outputting back its base64 decode value in the page.
remediation: |
Update to WordPress Accessibility Helper version 0.6.0.7 or later to mitigate this vulnerability.
reference:
- https://wpscan.com/vulnerability/7142a538-7c3d-4dd0-bd2c-cbd2efaf53c5
- https://plugins.trac.wordpress.org/changeset/2661008
@ -15,13 +17,13 @@ info:
cve-id: CVE-2022-0150
cwe-id: CWE-79
epss-score: 0.00133
cpe: cpe:2.3:a:wp_accessibility_helper_project:wp_accessibility_helper:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.47722
cpe: cpe:2.3:a:wp_accessibility_helper_project:wp_accessibility_helper:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
framework: wordpress
vendor: wp_accessibility_helper_project
product: wp_accessibility_helper
framework: wordpress
tags: wordpress,wp-plugin,wp,wpscan,cve,cve2022,xss
http:

6
http/cves/2022/CVE-2022-0165.yaml
View File

@ -5,6 +5,8 @@ info:
author: akincibor
severity: medium
description: WordPress Page Builder KingComposer 2.9.6 and prior does not validate the id parameter before redirecting the user to it via the kc_get_thumbn AJAX action (which is available to both unauthenticated and authenticated users).
remediation: |
Update to the latest version of KingComposer (>=2.9.7) to fix the open redirect vulnerability.
reference:
- https://wpscan.com/vulnerability/906d0c31-370e-46b4-af1f-e52fbddd00cb
- https://nvd.nist.gov/vuln/detail/CVE-2022-0165
@ -14,13 +16,13 @@ info:
cve-id: CVE-2022-0165
cwe-id: CWE-601
epss-score: 0.00133
cpe: cpe:2.3:a:king-theme:kingcomposer:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.47728
cpe: cpe:2.3:a:king-theme:kingcomposer:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
framework: wordpress
vendor: king-theme
product: kingcomposer
framework: wordpress
tags: cve,cve2022,wp-plugin,redirect,wordpress,wp,wpscan
http:

10
http/cves/2022/CVE-2022-0169.yaml
View File

@ -6,27 +6,27 @@ info:
severity: critical
description: |
The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not validate and escape the bwg_tag_id_bwg_thumbnails_0 parameter before using it in a SQL statement via the bwg_frontend_data AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL injection
remediation: This is resolved in release 1.6.0.
reference:
- https://wpscan.com/vulnerability/0b4d870f-eab8-4544-91f8-9c5f0538709c
- https://wordpress.org/plugins/photo-gallery/advanced/
- https://nvd.nist.gov/vuln/detail/CVE-2022-0169
- https://plugins.trac.wordpress.org/changeset/2672822/photo-gallery#file9
remediation: This is resolved in release 1.6.0.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2022-0169
cwe-id: CWE-89
epss-score: 0.01109
cpe: cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.82695
cpe: cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
verified: true
publicwww-query: "/wp-content/plugins/photo-gallery"
framework: wordpress
max-request: 1
vendor: 10web
product: photo_gallery
framework: wordpress
publicwww-query: "/wp-content/plugins/photo-gallery"
tags: wpscan,cve,cve2022,wp,wp-plugin,wordpress,sqli,photo-gallery
variables:
num: "999999999"

6
http/cves/2022/CVE-2022-0189.yaml
View File

@ -5,6 +5,8 @@ info:
author: DhiyaneshDK
severity: medium
description: WordPress RSS Aggregator < 4.20 is susceptible to cross-site scripting. The plugin does not sanitize and escape the id parameter in the wprss_fetch_items_row_action AJAX action before outputting it back in the response, leading to reflected cross-site scripting.
remediation: |
Update WordPress RSS Aggregator plugin to version 4.20 or later to mitigate the vulnerability.
reference:
- https://wpscan.com/vulnerability/52a71bf1-b8bc-479e-b741-eb8fb9685014
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0189
@ -15,13 +17,13 @@ info:
cve-id: CVE-2022-0189
cwe-id: CWE-79
epss-score: 0.00133
cpe: cpe:2.3:a:wprssaggregator:wp_rss_aggregator:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.47722
cpe: cpe:2.3:a:wprssaggregator:wp_rss_aggregator:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 2
framework: wordpress
vendor: wprssaggregator
product: wp_rss_aggregator
framework: wordpress
tags: wpscan,cve,cve2022,wordpress,xss,wp-plugin,authenticated
http:

6
http/cves/2022/CVE-2022-0201.yaml
View File

@ -6,6 +6,8 @@ info:
severity: medium
description: |
WordPress Permalink Manager Lite and Pro plugins before 2.2.15 contain a reflected cross-site scripting vulnerability. They do not sanitize and escape query parameters before outputting them back in the debug page.
remediation: |
Update to WordPress Permalink Manager version 2.2.15 or later to mitigate the vulnerability.
reference:
- https://wpscan.com/vulnerability/f274b0d8-74bf-43de-9051-29ce36d78ad4
- https://plugins.trac.wordpress.org/changeset/2656512
@ -15,13 +17,13 @@ info:
cve-id: CVE-2022-0201
cwe-id: CWE-79
epss-score: 0.00115
cpe: cpe:2.3:a:permalink_manager_lite_project:permalink_manager_lite:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.44376
cpe: cpe:2.3:a:permalink_manager_lite_project:permalink_manager_lite:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
framework: wordpress
vendor: permalink_manager_lite_project
product: permalink_manager_lite
framework: wordpress
tags: wp-plugin,wpscan,cve,cve2022,xss,wordpress
http:

8
http/cves/2022/CVE-2022-0206.yaml
View File

@ -6,25 +6,25 @@ info:
severity: medium
description: |
WordPress NewStatPress plugin before 1.3.6 is susceptible to cross-site scripting. The plugin does not properly escape the whatX parameters before outputting them back in attributes. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
remediation: Fixed in version 1.3.6.
reference:
- https://wpscan.com/vulnerability/ce12437a-d440-4c4a-9247-95a8f39d00b9
- https://wordpress.org/plugins/newstatpress
- https://nvd.nist.gov/vuln/detail/CVE-2022-0206
remediation: Fixed in version 1.3.6.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-0206
cwe-id: CWE-79
epss-score: 0.00122
cpe: cpe:2.3:a:newstatpress_project:newstatpress:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.45705
cpe: cpe:2.3:a:newstatpress_project:newstatpress:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 2
verified: true
framework: wordpress
max-request: 2
vendor: newstatpress_project
product: newstatpress
framework: wordpress
tags: xss,wp,authenticated,cve2022,wordpress,wp-plugin,newstatpress,wpscan,cve
http:

6
http/cves/2022/CVE-2022-0208.yaml
View File

@ -6,6 +6,8 @@ info:
severity: medium
description: |
WordPress Plugin MapPress before version 2.73.4 does not sanitize and escape the 'mapid' parameter before outputting it back in the "Bad mapid" error message, leading to reflected cross-site scripting.
remediation: |
Update to the latest version of MapPress (2.73.4 or higher) or apply the vendor-provided patch to fix the XSS vulnerability.
reference:
- https://wpscan.com/vulnerability/59a2abd0-4aee-47aa-ad3a-865f624fa0fc
- https://nvd.nist.gov/vuln/detail/CVE-2022-0208
@ -15,13 +17,13 @@ info:
cve-id: CVE-2022-0208
cwe-id: CWE-79
epss-score: 0.00122
cpe: cpe:2.3:a:mappresspro:mappress:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.45705
cpe: cpe:2.3:a:mappresspro:mappress:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
framework: wordpress
vendor: mappresspro
product: mappress
framework: wordpress
tags: cve2022,mappress,xss,wordpress,wp-plugin,wpscan,cve
http:

8
http/cves/2022/CVE-2022-0212.yaml
View File

@ -6,6 +6,8 @@ info:
severity: medium
description: |
WorsPress Spider Calendar plugin through 1.5.65 is susceptible to cross-site scripting. The plugin does not sanitize and escape the callback parameter before outputting it back in the page via the window AJAX action, available to both unauthenticated and authenticated users. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
remediation: |
Update to the latest version of WordPress Spider Calendar plugin (>=1.5.66) or apply the vendor-supplied patch to fix the XSS vulnerability.
reference:
- https://wpscan.com/vulnerability/15be2d2b-baa3-4845-82cf-3c351c695b47
- https://wordpress.org/plugins/spider-event-calendar/
@ -16,14 +18,14 @@ info:
cve-id: CVE-2022-0212
cwe-id: CWE-79
epss-score: 0.00099
cpe: cpe:2.3:a:10web:spidercalendar:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.40308
cpe: cpe:2.3:a:10web:spidercalendar:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
verified: true
framework: wordpress
max-request: 1
vendor: 10web
product: spidercalendar
framework: wordpress
tags: cve,cve2022,xss,wpscan,wordpress,wp-plugin,wp,spider-event-calendar,unauthenticated
http:

6
http/cves/2022/CVE-2022-0218.yaml
View File

@ -5,6 +5,8 @@ info:
author: hexcat
severity: medium
description: WordPress Email Template Designer WP HTML Mail allows stored cross-site scripting through an unprotected REST-API endpoint.
remediation: |
Update to version 3.1 or later of the HTML Email Template Designer plugin to fix the vulnerability.
reference:
- https://www.wordfence.com/blog/2022/01/unauthenticated-xss-vulnerability-patched-in-html-email-template-designer-plugin/
- https://wordpress.org/plugins/wp-html-mail/
@ -16,13 +18,13 @@ info:
cve-id: CVE-2022-0218
cwe-id: CWE-79
epss-score: 0.03872
cpe: cpe:2.3:a:codemiq:wordpress_email_template_designer:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.90766
cpe: cpe:2.3:a:codemiq:wordpress_email_template_designer:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
framework: wordpress
vendor: codemiq
product: wordpress_email_template_designer
framework: wordpress
tags: wordpress,wp-plugin,xss,cve,cve2022
http:

6
http/cves/2022/CVE-2022-0220.yaml
View File

@ -6,23 +6,23 @@ info:
severity: medium
description: |
WordPress GDPR & CCPA plugin before 1.9.27 contains a cross-site scripting vulnerability. The check_privacy_settings AJAX action, available to both unauthenticated and authenticated users, responds with JSON data without an "application/json" content-type, and JavaScript code may be executed on a victim's browser.
remediation: Version 1.9.26 has added a CSRF check. This vulnerability is only exploitable against unauthenticated users.
reference:
- https://wpscan.com/vulnerability/a91a01b9-7e36-4280-bc50-f6cff3e66059
- https://nvd.nist.gov/vuln/detail/CVE-2022-0220
remediation: Version 1.9.26 has added a CSRF check. This vulnerability is only exploitable against unauthenticated users.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-0220
cwe-id: CWE-116
epss-score: 0.00124
cpe: cpe:2.3:a:welaunch:wordpress_gdpr\&ccpa:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.46073
cpe: cpe:2.3:a:welaunch:wordpress_gdpr\&ccpa:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 2
framework: wordpress
vendor: welaunch
product: wordpress_gdpr\&ccpa
framework: wordpress
tags: wpscan,cve,cve2022,wordpress,wp-plugin,wp,xss,unauth
http:

10
http/cves/2022/CVE-2022-0234.yaml
View File

@ -6,6 +6,8 @@ info:
severity: medium
description: |
WordPress WOOCS plugin before 1.3.7.5 is susceptible to cross-site scripting. The plugin does not sanitize and escape the woocs_in_order_currency parameter of the woocs_get_products_price_html AJAX action, available to both unauthenticated and authenticated users, before outputting it back in the response. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
remediation: |
Update the WordPress WOOCS plugin to version 1.3.7.5 or later to mitigate the XSS vulnerability.
reference:
- https://wpscan.com/vulnerability/fd568a1f-bd51-41bb-960d-f8573b84527b
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0234
@ -17,15 +19,15 @@ info:
cve-id: CVE-2022-0234
cwe-id: CWE-79
epss-score: 0.00133
cpe: cpe:2.3:a:pluginus:woocs:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.47722
cpe: cpe:2.3:a:pluginus:woocs:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
google-query: inurl:"wp-content/plugins/woocommerce-currency-switcher"
verified: true
framework: wordpress
max-request: 1
vendor: pluginus
product: woocs
framework: wordpress
google-query: inurl:"wp-content/plugins/woocommerce-currency-switcher"
tags: wpscan,cve,cve2022,wordpress,wp-plugin,wp,xss,woocs
http:

6
http/cves/2022/CVE-2022-0271.yaml
View File

@ -6,6 +6,8 @@ info:
severity: medium
description: |
WordPress LearnPress plugin before 4.1.6 contains a cross-site scripting vulnerability. It does not sanitize and escape the lp-dismiss-notice before outputting it back via the lp_background_single_email AJAX action.
remediation: |
Upgrade LearnPress to version 4.1.6 or later to mitigate this vulnerability.
reference:
- https://wpscan.com/vulnerability/ad07d9cd-8a75-4f7c-bbbe-3b6b89b699f2
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0271
@ -16,13 +18,13 @@ info:
cve-id: CVE-2022-0271
cwe-id: CWE-79
epss-score: 0.00119
cpe: cpe:2.3:a:thimpress:learnpress:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.45304
cpe: cpe:2.3:a:thimpress:learnpress:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
framework: wordpress
vendor: thimpress
product: learnpress
framework: wordpress
tags: wp,wp-plugin,wordpress,cve,cve2022,learnpress,wpscan,xss
http:

6
http/cves/2022/CVE-2022-0281.yaml
View File

@ -5,6 +5,8 @@ info:
author: pikpikcu
severity: high
description: Microweber contains a vulnerability that allows exposure of sensitive information to an unauthorized actor in Packagist microweber/microweber prior to 1.2.11.
remediation: |
Apply the latest security patch or update provided by the Microweber CMS vendor to fix the information disclosure vulnerability (CVE-2022-0281).
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2022-0281
- https://github.com/microweber/microweber/commit/e680e134a4215c979bfd2eaf58336be34c8fc6e6
@ -15,13 +17,13 @@ info:
cve-id: CVE-2022-0281
cwe-id: CWE-200
epss-score: 0.00492
cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:*
epss-percentile: 0.7314
cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:*
metadata:
max-request: 1
shodan-query: http.favicon.hash:780351152
vendor: microweber
product: microweber
shodan-query: http.favicon.hash:780351152
tags: cve,cve2022,microweber,disclosure,huntr
http:

6
http/cves/2022/CVE-2022-0288.yaml
View File

@ -6,23 +6,23 @@ info:
severity: medium
description: |
WordPress Ad Inserter plugin before 2.7.10 contains a cross-site scripting vulnerability. It does not sanitize and escape the html_element_selection parameter before outputting it back in the page.
remediation: Fixed in version 2.7.12
reference:
- https://wpscan.com/vulnerability/27b64412-33a4-462c-bc45-f81697e4fe42
- https://nvd.nist.gov/vuln/detail/CVE-2022-0288
remediation: Fixed in version 2.7.12
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-0288
cwe-id: CWE-79
epss-score: 0.00141
cpe: cpe:2.3:a:ad_inserter_pro_project:ad_inserter_pro:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.49173
cpe: cpe:2.3:a:ad_inserter_pro_project:ad_inserter_pro:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
framework: wordpress
vendor: ad_inserter_pro_project
product: ad_inserter_pro
framework: wordpress
tags: wordpress,xss,wpscan,cve,cve2022
http:

8
http/cves/2022/CVE-2022-0346.yaml
View File

@ -6,6 +6,8 @@ info:
severity: medium
description: |
WordPress XML Sitemap Generator for Google plugin before 2.0.4 contains a cross-site scripting vulnerability that can lead to remote code execution. It does not validate a parameter which can be set to an arbitrary value, thus causing cross-site scripting via error message or remote code execution if allow_url_include is turned on.
remediation: |
Update the WordPress XML Sitemap Generator for Google plugin to version 2.0.4 or later to mitigate the XSS and RCE vulnerabilities.
reference:
- https://wpscan.com/vulnerability/4b339390-d71a-44e0-8682-51a12bd2bfe6
- https://wordpress.org/plugins/www-xml-sitemap-generator-org/
@ -16,14 +18,14 @@ info:
cve-id: CVE-2022-0346
cwe-id: CWE-79
epss-score: 0.00099
cpe: cpe:2.3:a:xmlsitemapgenerator:xml_sitemap_generator:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.40272
cpe: cpe:2.3:a:xmlsitemapgenerator:xml_sitemap_generator:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 2
verified: true
framework: wordpress
max-request: 2
vendor: xmlsitemapgenerator
product: xml_sitemap_generator
framework: wordpress
tags: wpscan,cve,cve2022,wp,wordpress,wp-plugin,xss,www-xml-sitemap-generator-org
http:

8
http/cves/2022/CVE-2022-0349.yaml
View File

@ -6,6 +6,8 @@ info:
severity: critical
description: |
WordPress NotificationX plugin prior to 2.3.9 contains a SQL injection vulnerability. The plugin does not sanitize and escape the nx_id parameter before using it in a SQL statement, leading to an unauthenticated blind SQL injection. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
remediation: |
Update to the latest version of the WordPress NotificationX plugin (2.3.9 or higher) to mitigate the SQL Injection vulnerability.
reference:
- https://wpscan.com/vulnerability/1d0dd7be-29f3-4043-a9c6-67d02746463a
- https://wordpress.org/plugins/notificationx/advanced/
@ -16,14 +18,14 @@ info:
cve-id: CVE-2022-0349
cwe-id: CWE-89
epss-score: 0.01307
cpe: cpe:2.3:a:wpdeveloper:notificationx:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.84219
cpe: cpe:2.3:a:wpdeveloper:notificationx:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
verified: true
framework: wordpress
max-request: 1
vendor: wpdeveloper
product: notificationx
framework: wordpress
tags: cve2022,wordpress,wp-plugin,wp,sqli,notificationx,wpscan,cve
http:

6
http/cves/2022/CVE-2022-0378.yaml
View File

@ -5,6 +5,8 @@ info:
author: pikpikcu
severity: medium
description: Microweber contains a reflected cross-site scripting in Packagist microweber/microweber prior to 1.2.11.
remediation: |
Apply the latest security patch or upgrade to a version that has addressed the vulnerability.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2022-0378
- https://github.com/microweber/microweber/commit/fc7e1a026735b93f0e0047700d08c44954fce9ce
@ -15,13 +17,13 @@ info:
cve-id: CVE-2022-0378
cwe-id: CWE-79
epss-score: 0.001
cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:*
epss-percentile: 0.40521
cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:*
metadata:
max-request: 1
shodan-query: http.favicon.hash:780351152
vendor: microweber
product: microweber
shodan-query: http.favicon.hash:780351152
tags: cve,cve2022,microweber,xss,huntr
http:

6
http/cves/2022/CVE-2022-0381.yaml
View File

@ -6,6 +6,8 @@ info:
severity: medium
description: |
WordPress Embed Swagger plugin 1.0.0 and prior contains a reflected cross-site scripting vulnerability due to insufficient escaping/sanitization and validation via the url parameter found in the ~/swagger-iframe.php file, which allows attackers to inject arbitrary web scripts onto the page.
remediation: |
Update to the latest version of the WordPress Embed Swagger plugin (1.0.0) or apply a patch provided by the vendor.
reference:
- https://gist.github.com/Xib3rR4dAr/4b3ea7960914e23c3a875b973a5b37a3
- https://www.wordfence.com/vulnerability-advisories/#CVE-2022-0381
@ -17,13 +19,13 @@ info:
cve-id: CVE-2022-0381
cwe-id: CWE-79
epss-score: 0.00218
cpe: cpe:2.3:a:embed_swagger_project:embed_swagger:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.59071
cpe: cpe:2.3:a:embed_swagger_project:embed_swagger:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
framework: wordpress
vendor: embed_swagger_project
product: embed_swagger
framework: wordpress
tags: cve,cve2022,swagger,xss,wordpress
http:

8
http/cves/2022/CVE-2022-0412.yaml
View File

@ -6,6 +6,8 @@ info:
severity: critical
description: |
WordPress TI WooCommerce Wishlist plugin before 1.40.1 contains a SQL injection vulnerability. The plugin does not sanitize and escape the item_id parameter before using it in a SQL statement via the wishlist/remove_product REST endpoint.
remediation: |
Update to the latest version of the TI WooCommerce Wishlist plugin (1.40.1 or higher).
reference:
- https://wpscan.com/vulnerability/e984ba11-abeb-4ed4-9dad-0bfd539a9682
- https://wordpress.org/plugins/ti-woocommerce-wishlist/advanced/
@ -17,14 +19,14 @@ info:
cve-id: CVE-2022-0412
cwe-id: CWE-89
epss-score: 0.02963
cpe: cpe:2.3:a:templateinvaders:ti_woocommerce_wishlist:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.89567
cpe: cpe:2.3:a:templateinvaders:ti_woocommerce_wishlist:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
verified: true
framework: wordpress
max-request: 1
vendor: templateinvaders
product: ti_woocommerce_wishlist
framework: wordpress
tags: sqli,ti-woocommerce-wishlist,wpscan,cve,cve2022,woocommerce,wordpress,wp-plugin,wp
http:

6
http/cves/2022/CVE-2022-0415.yaml
View File

@ -6,22 +6,22 @@ info:
severity: high
description: |
Gogs before 0.12.6 is susceptible to remote command execution via the uploading repository file in GitHub repository gogs/gogs. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
remediation: Fixed in version 0.12.6.
reference:
- https://github.com/gogs/gogs/commit/0fef3c9082269e9a4e817274942a5d7c50617284
- https://huntr.dev/bounties/b4928cfe-4110-462f-a180-6d5673797902
- https://nvd.nist.gov/vuln/detail/CVE-2022-0415
remediation: Fixed in version 0.12.6.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.8
cve-id: CVE-2022-0415
cwe-id: CWE-20,CWE-434
epss-score: 0.27369
cpe: cpe:2.3:a:gogs:gogs:*:*:*:*:*:*:*:*
epss-percentile: 0.96168
cpe: cpe:2.3:a:gogs:gogs:*:*:*:*:*:*:*:*
metadata:
max-request: 6
verified: true
max-request: 6
vendor: gogs
product: gogs
tags: rce,gogs,authenticated,huntr,cve,cve2022,intrusive

6
http/cves/2022/CVE-2022-0422.yaml
View File

@ -6,6 +6,8 @@ info:
severity: medium
description: |
WordPress White Label CMS plugin before 2.2.9 contains a reflected cross-site scripting vulnerability. It does not sanitize and validate the wlcms[_login_custom_js] parameter before outputting it back in the response while previewing.
remediation: |
Update to WordPress White Label CMS plugin version 2.2.9 or later to mitigate this vulnerability.
reference:
- https://wpscan.com/vulnerability/429be4eb-8a6b-4531-9465-9ef0d35c12cc
- https://plugins.trac.wordpress.org/changeset/2672615
@ -16,13 +18,13 @@ info:
cve-id: CVE-2022-0422
cwe-id: CWE-79
epss-score: 0.00133
cpe: cpe:2.3:a:videousermanuals:white_label_cms:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.47722
cpe: cpe:2.3:a:videousermanuals:white_label_cms:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
framework: wordpress
vendor: videousermanuals
product: white_label_cms
framework: wordpress
tags: cve,cve2022,wordpress,xss,wp-plugin,wpscan
http:

4
http/cves/2022/CVE-2022-0432.yaml
View File

@ -5,6 +5,8 @@ info:
author: pikpikcu
severity: medium
description: The GitHub repository mastodon/mastodon prior to 3.5.0 contains a Prototype Pollution vulnerability.
remediation: |
Apply the latest security patches and updates provided by the Mastodon project to mitigate the vulnerability.
reference:
- https://github.com/mastodon/mastodon/commit/4d6d4b43c6186a13e67b92eaf70fe1b70ea24a09
- https://drive.google.com/file/d/1vpZ0CcmFhTEUasLTPUBf8o-4l7G6ojtG/view
@ -16,8 +18,8 @@ info:
cve-id: CVE-2022-0432
cwe-id: CWE-1321
epss-score: 0.001
cpe: cpe:2.3:a:joinmastodon:mastodon:*:*:*:*:*:*:*:*
epss-percentile: 0.40521
cpe: cpe:2.3:a:joinmastodon:mastodon:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: joinmastodon

8
http/cves/2022/CVE-2022-0434.yaml
View File

@ -6,6 +6,8 @@ info:
severity: critical
description: |
WordPress Page Views Count plugin prior to 2.4.15 contains an unauthenticated SQL injection vulnerability. It does not sanitise and escape the post_ids parameter before using it in a SQL statement via a REST endpoint. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
remediation: |
Update to the latest version of the WordPress Page Views Count plugin (2.4.15) to mitigate the SQL Injection vulnerability.
reference:
- https://wpscan.com/vulnerability/be895016-7365-4ce4-a54f-f36d0ef2d6f1
- https://wordpress.org/plugins/page-views-count/
@ -16,14 +18,14 @@ info:
cve-id: CVE-2022-0434
cwe-id: CWE-89
epss-score: 0.02274
cpe: cpe:2.3:a:a3rev:page_view_count:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.88217
cpe: cpe:2.3:a:a3rev:page_view_count:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
verified: true
framework: wordpress
max-request: 1
vendor: a3rev
product: page_view_count
framework: wordpress
tags: cve,cve2022,wordpress,wp-plugin,wp,sqli,wpscan,unauth
variables:
num: "999999999"

6
http/cves/2022/CVE-2022-0437.yaml
View File

@ -5,6 +5,8 @@ info:
author: pikpikcu
severity: medium
description: NPM karma prior to 6.3.14. contains a DOM-based cross-site Scripting vulnerability.
remediation: |
Upgrade to the latest version of karma-runner that includes proper input sanitization to mitigate this vulnerability.
reference:
- https://huntr.dev/bounties/64b67ea1-5487-4382-a5f6-e8a95f798885
- https://github.com/karma-runner/karma/commit/839578c45a8ac42fbc1d72105f97eab77dd3eb8a
@ -16,13 +18,13 @@ info:
cve-id: CVE-2022-0437
cwe-id: CWE-79
epss-score: 0.001
cpe: cpe:2.3:a:karma_project:karma:*:*:*:*:*:node.js:*:*
epss-percentile: 0.40521
cpe: cpe:2.3:a:karma_project:karma:*:*:*:*:*:node.js:*:*
metadata:
max-request: 2
framework: node.js
vendor: karma_project
product: karma
framework: node.js
tags: oss,huntr,cve,cve2022,karma,xss
http:

8
http/cves/2022/CVE-2022-0441.yaml
View File

@ -6,6 +6,8 @@ info:
severity: critical
description: |
WordPress MasterStudy LMS plugin before 2.7.6 is susceptible to improper access control. The plugin does not validate some parameters given when registering a new account, which can allow an attacker to register as an admin, thus potentially being able to obtain sensitive information, modify data, and/or execute unauthorized operations.
remediation: |
Upgrade to the latest version of the MasterStudy LMS plugin (2.7.6 or higher) to fix the improper access control issue.
reference:
- https://wpscan.com/vulnerability/173c2efe-ee9c-4539-852f-c242b4f728ed
- https://wordpress.org/plugins/masterstudy-lms-learning-management-system/
@ -17,14 +19,14 @@ info:
cve-id: CVE-2022-0441
cwe-id: CWE-269
epss-score: 0.37209
cpe: cpe:2.3:a:stylemixthemes:masterstudy_lms:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.96672
cpe: cpe:2.3:a:stylemixthemes:masterstudy_lms:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 2
verified: true
framework: wordpress
max-request: 2
vendor: stylemixthemes
product: masterstudy_lms
framework: wordpress
tags: cve,cve2022,wordpress,wp-plugin,wpscan,wp,unauth
variables:
username: "{{to_lower(rand_text_alphanumeric(6))}}"

6
http/cves/2022/CVE-2022-0482.yaml
View File

@ -6,6 +6,8 @@ info:
severity: critical
description: |
Easy!Appointments prior to 1.4.3 allows exposure of Private Personal Information to an unauthorized actor via the GitHub repository alextselegidis/easyappointments.
remediation: |
Upgrade Easy!Appointments to version 1.4.4 or above to fix the Broken Access Control vulnerability.
reference:
- https://huntr.dev/bounties/2fe771ef-b615-45ef-9b4d-625978042e26/
- https://github.com/alextselegidis/easyappointments
@ -18,13 +20,13 @@ info:
cve-id: CVE-2022-0482
cwe-id: CWE-359,CWE-863
epss-score: 0.02425
cpe: cpe:2.3:a:easyappointments:easyappointments:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.88566
cpe: cpe:2.3:a:easyappointments:easyappointments:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 2
framework: wordpress
vendor: easyappointments
product: easyappointments
framework: wordpress
tags: cve,cve2022,easyappointments,huntr
http:

8
http/cves/2022/CVE-2022-0535.yaml
View File

@ -6,6 +6,8 @@ info:
severity: medium
description: |
WordPress E2Pdf plugin before 1.16.45 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape some of its settings, even when the unfiltered_html capability is disallowed. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, making it possible to steal cookie-based authentication credentials and launch other attacks.
remediation: |
Update the WordPress E2Pdf plugin to version 1.16.45 or later to mitigate the vulnerability.
reference:
- https://wpscan.com/vulnerability/a4162e96-a3c5-4f38-a60b-aa3ed9508985
- https://wordpress.org/plugins/e2pdf/
@ -18,14 +20,14 @@ info:
cve-id: CVE-2022-0535
cwe-id: CWE-79
epss-score: 0.00112
cpe: cpe:2.3:a:e2pdf:e2pdf:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.43647
cpe: cpe:2.3:a:e2pdf:e2pdf:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 4
verified: true
framework: wordpress
max-request: 4
vendor: e2pdf
product: e2pdf
framework: wordpress
tags: cve2022,wp-plugin,xss,authenticated,e2pdf,wpscan,cve,wordpress,wp
http:

6
http/cves/2022/CVE-2022-0540.yaml
View File

@ -6,26 +6,26 @@ info:
severity: critical
description: |
Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0 and later before 8.22.0. This also affects Atlassian Jira Service Management Server and Data Center versions before 4.13.18, versions 4.14.0 and later before 4.20.6, and versions 4.21.0 and later before 4.22.0.
remediation: Ensure you are using the latest version and that all security patches have been applied.
reference:
- https://blog.viettelcybersecurity.com/cve-2022-0540-authentication-bypass-in-seraph/
- https://nvd.nist.gov/vuln/detail/CVE-2022-0540
- https://confluence.atlassian.com/display/JIRA/Jira+Security+Advisory+2022-04-20
- https://jira.atlassian.com/browse/JRASERVER-73650
- https://jira.atlassian.com/browse/JSDSERVER-11224
remediation: Ensure you are using the latest version and that all security patches have been applied.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2022-0540
cwe-id: CWE-287
epss-score: 0.16241
cpe: cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*
epss-percentile: 0.95289
cpe: cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*
metadata:
max-request: 1
shodan-query: http.component:"Atlassian Jira"
vendor: atlassian
product: jira_data_center
shodan-query: http.component:"Atlassian Jira"
tags: cve,cve2022,atlassian,jira,exposure,auth-bypass
http:

10
http/cves/2022/CVE-2022-0591.yaml
View File

@ -6,6 +6,8 @@ info:
severity: critical
description: |
Formcraft3 before version 3.8.2 does not validate the URL parameter in the formcraft3_get AJAX action, leading to server-side request forgery issues exploitable by unauthenticated users.
remediation: |
Upgrade to Formcraft3 version 3.8.28 or later to fix the SSRF vulnerability.
reference:
- https://wpscan.com/vulnerability/b5303e63-d640-4178-9237-d0f524b13d47
- https://nvd.nist.gov/vuln/detail/CVE-2022-0591
@ -15,15 +17,15 @@ info:
cve-id: CVE-2022-0591
cwe-id: CWE-918
epss-score: 0.00694
cpe: cpe:2.3:a:subtlewebinc:formcraft3:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.77706
cpe: cpe:2.3:a:subtlewebinc:formcraft3:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
verified: true
fofa-query: body="formcraft3" && body="wp-"
framework: wordpress
max-request: 1
vendor: subtlewebinc
product: formcraft3
framework: wordpress
fofa-query: body="formcraft3" && body="wp-"
tags: wp,wp-plugin,wordpress,cve,formcraft3,wpscan,ssrf,cve2022,unauth
http:

8
http/cves/2022/CVE-2022-0594.yaml
View File

@ -5,6 +5,8 @@ info:
author: atomiczsec
severity: medium
description: WordPress Shareaholic plugin prior to 9.7.6 is susceptible to information disclosure. The plugin does not have proper authorization check in one of the AJAX actions, available to both unauthenticated (before 9.7.5) and authenticated (in 9.7.5) users, allowing them to possibly obtain sensitive information such as active plugins and different versions (PHP, cURL, WP, etc.).
remediation: |
Update the Shareaholic plugin to version 9.7.6 or later to fix the information disclosure vulnerability.
reference:
- https://wpscan.com/vulnerability/4de9451e-2c8d-4d99-a255-b027466d29b1
- https://wordpress.org/plugins/shareaholic/
@ -16,14 +18,14 @@ info:
cve-id: CVE-2022-0594
cwe-id: CWE-863
epss-score: 0.00257
cpe: cpe:2.3:a:shareaholic:shareaholic:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.62773
cpe: cpe:2.3:a:shareaholic:shareaholic:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
verified: true
framework: wordpress
max-request: 1
vendor: shareaholic
product: shareaholic
framework: wordpress
tags: cve,cve2022,wordpress,wp,wp-plugin,exposure,wpscan
http:

6
http/cves/2022/CVE-2022-0595.yaml
View File

@ -6,6 +6,8 @@ info:
severity: medium
description: |
WordPress Contact Form 7 before 1.3.6.3 contains an unauthenticated stored cross-site scripting vulnerability in the Drag and Drop Multiple File Upload plugin. SVG files can be uploaded by default via the dnd_codedropz_upload AJAX action.
remediation: |
Update the WordPress Contact Form 7 plugin to version 1.3.6.3 or later to mitigate the vulnerability.
reference:
- https://wpscan.com/vulnerability/1b849957-eaca-47ea-8f84-23a3a98cc8de
- https://plugins.trac.wordpress.org/changeset/2686614
@ -15,13 +17,13 @@ info:
cve-id: CVE-2022-0595
cwe-id: CWE-79
epss-score: 0.00135
cpe: cpe:2.3:a:codedropz:drag_and_drop_multiple_file_upload_-_contact_form_7:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.48139
cpe: cpe:2.3:a:codedropz:drag_and_drop_multiple_file_upload_-_contact_form_7:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 2
framework: wordpress
vendor: codedropz
product: drag_and_drop_multiple_file_upload_-_contact_form_7
framework: wordpress
tags: cve,cve2022,xss,wordpress,wp-plugin,wpscan,fileupload,intrusive,unauth
http:

6
http/cves/2022/CVE-2022-0599.yaml
View File

@ -6,6 +6,8 @@ info:
severity: medium
description: |
WordPress Mapping Multiple URLs Redirect Same Page plugin 5.8 and prior contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the mmursp_id parameter before outputting it back in an admin page.
remediation: |
Update to the latest version of the WordPress Mapping Multiple URLs Redirect Same Page plugin (version 5.8 or higher) to mitigate this vulnerability.
reference:
- https://wpscan.com/vulnerability/4f1d45bc-d3bd-472c-959d-05abeff32765
- https://wordpress.org/plugins/mapping-multiple-urls-redirect-same-page/
@ -16,13 +18,13 @@ info:
cve-id: CVE-2022-0599
cwe-id: CWE-79
epss-score: 0.00119
cpe: cpe:2.3:a:mapping_multiple_urls_redirect_same_page_project:mapping_multiple_urls_redirect_same_page:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.45304
cpe: cpe:2.3:a:mapping_multiple_urls_redirect_same_page_project:mapping_multiple_urls_redirect_same_page:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 2
framework: wordpress
vendor: mapping_multiple_urls_redirect_same_page_project
product: mapping_multiple_urls_redirect_same_page
framework: wordpress
tags: cve,cve2022,wordpress,wp-plugin,xss,wp,authenticated,wpscan
http:

6
http/cves/2022/CVE-2022-0653.yaml
View File

@ -6,24 +6,24 @@ info:
severity: medium
description: |
The Profile Builder User Profile & User Registration Forms WordPress plugin is vulnerable to cross-site scripting due to insufficient escaping and sanitization of the site_url parameter found in the ~/assets/misc/fallback-page.php file which allows attackers to inject arbitrary web scripts onto a pages that executes whenever a user clicks on a specially crafted link by an attacker. This affects versions up to and including 3.6.1..
remediation: Upgrade to version 3.6.5 or later.
reference:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-0653
- https://www.wordfence.com/blog/2022/02/reflected-cross-site-scripting-vulnerability-patched-in-wordpress-profile-builder-plugin/
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2655168%40profile-builder&new=2655168%40profile-builder&sfp_email=&sfph_mail=
remediation: Upgrade to version 3.6.5 or later.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-0653
cwe-id: CWE-79
epss-score: 0.00274
cpe: cpe:2.3:a:cozmoslabs:profile_builder:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.64008
cpe: cpe:2.3:a:cozmoslabs:profile_builder:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
framework: wordpress
vendor: cozmoslabs
product: profile_builder
framework: wordpress
tags: cve,cve2022,wordpress,xss,wp-plugin
http:

8
http/cves/2022/CVE-2022-0656.yaml
View File

@ -5,6 +5,8 @@ info:
author: akincibor
severity: high
description: uDraw before 3.3.3 does not validate the url parameter in its udraw_convert_url_to_base64 AJAX action (available to both unauthenticated and authenticated users) before using it in the file_get_contents function and returning its content base64 encoded in the response. As a result, unauthenticated users could read arbitrary files on the web server (such as /etc/passwd, wp-config.php etc).
remediation: |
Upgrade uDraw to version 3.3.3 or later to mitigate the vulnerability.
reference:
- https://wpscan.com/vulnerability/925c4c28-ae94-4684-a365-5f1e34e6c151
- https://nvd.nist.gov/vuln/detail/CVE-2022-0656
@ -14,14 +16,14 @@ info:
cve-id: CVE-2022-0656
cwe-id: CWE-552
epss-score: 0.00641
cpe: cpe:2.3:a:webtoprint:web_to_print_shop\:udraw:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.76583
cpe: cpe:2.3:a:webtoprint:web_to_print_shop\:udraw:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
google-query: inurl:"/wp-content/plugins/udraw"
verified: true
max-request: 1
vendor: webtoprint
product: web_to_print_shop\
google-query: inurl:"/wp-content/plugins/udraw"
tags: wp,wordpress,wp-plugin,unauth,cve,cve2022,lfi,udraw,wpscan
http:

6
http/cves/2022/CVE-2022-0660.yaml
View File

@ -6,6 +6,8 @@ info:
severity: high
description: |
Microweber before 1.2.11 is susceptible to information disclosure. An error message is generated in microweber/microweber which contains sensitive information while viewing comments from load_module:comments#search=. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
remediation: |
Upgrade Microweber to version 1.2.11 or later to mitigate the vulnerability.
reference:
- https://huntr.dev/bounties/01fd2e0d-b8cf-487f-a16c-7b088ef3a291/
- https://github.com/advisories/GHSA-hhrj-wp42-32v3
@ -18,11 +20,11 @@ info:
cve-id: CVE-2022-0660
cwe-id: CWE-209
epss-score: 0.00654
cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:*
epss-percentile: 0.76848
cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:*
metadata:
max-request: 2
verified: true
max-request: 2
vendor: microweber
product: microweber
tags: cve2022,microweber,disclosure,authenticated,huntr,cve

8
http/cves/2022/CVE-2022-0678.yaml
View File

@ -6,6 +6,8 @@ info:
severity: medium
description: |
Packagist prior to 1.2.11 contains a cross-site scripting vulnerability via microweber/microweber. User can escape the meta tag because the user doesn't escape the double-quote in the $redirectUrl parameter when logging out.
remediation: |
Upgrade Microweber CMS to version 1.2.11 or later, which includes a fix for this vulnerability.
reference:
- https://huntr.dev/bounties/d707137a-aace-44c5-b15c-1807035716c0/
- https://twitter.com/CVEnew/status/1495001503249178624?s=20&t=sfABvm7oG39Fd6rG44vQWg
@ -18,14 +20,14 @@ info:
cve-id: CVE-2022-0678
cwe-id: CWE-79
epss-score: 0.00135
cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:*
epss-percentile: 0.4804
cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:*
metadata:
max-request: 1
shodan-query: http.favicon.hash:780351152
verified: true
max-request: 1
vendor: microweber
product: microweber
shodan-query: http.favicon.hash:780351152
tags: huntr,cve,cve2022,xss,microweber
http:

8
http/cves/2022/CVE-2022-0679.yaml
View File

@ -6,6 +6,8 @@ info:
severity: critical
description: |
WordPress Narnoo Distributor plugin 2.5.1 and prior is susceptible to local file inclusion. The plugin does not validate and sanitize the lib_path parameter before being passed into a call to require() via the narnoo_distributor_lib_request AJAX action, and the content of the file is displayed in the response as JSON data. This can also lead to a remote code execution vulnerability depending on system and configuration.
remediation: |
Update to the latest version of the WordPress Narnoo Distributor plugin (>=2.5.2) to mitigate the LFI vulnerability.
reference:
- https://wpscan.com/vulnerability/0ea79eb1-6561-4c21-a20b-a1870863b0a8
- https://nvd.nist.gov/vuln/detail/CVE-2022-0679
@ -15,14 +17,14 @@ info:
cve-id: CVE-2022-0679
cwe-id: CWE-22
epss-score: 0.02484
cpe: cpe:2.3:a:narnoo_distributor_project:narnoo_distributor:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.88704
cpe: cpe:2.3:a:narnoo_distributor_project:narnoo_distributor:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
verified: true
framework: wordpress
max-request: 1
vendor: narnoo_distributor_project
product: narnoo_distributor
framework: wordpress
tags: narnoo-distributor,cve,cve2022,wordpress,wp-plugin,wpscan,wp,rce,unauth,lfi
http:

4
http/cves/2022/CVE-2022-0692.yaml
View File

@ -5,6 +5,8 @@ info:
author: 0x_Akoko
severity: medium
description: An open redirect vulnerability exists in Rudloff/alltube that could let an attacker construct a URL within the application that causes redirection to an arbitrary external domain via Packagist in versions prior to 3.0.1.
remediation: |
Upgrade to version 3.0.1 or later to fix the open redirect vulnerability.
reference:
- https://huntr.dev/bounties/4fb39400-e08b-47af-8c1f-5093c9a51203/
- https://nvd.nist.gov/vuln/detail/CVE-2022-0692
@ -16,8 +18,8 @@ info:
cve-id: CVE-2022-0692
cwe-id: CWE-601
epss-score: 0.00133
cpe: cpe:2.3:a:alltube_project:alltube:*:*:*:*:*:*:*:*
epss-percentile: 0.47722
cpe: cpe:2.3:a:alltube_project:alltube:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: alltube_project

8
http/cves/2022/CVE-2022-0693.yaml
View File

@ -6,6 +6,8 @@ info:
severity: critical
description: |
WordPress Master Elements plugin through 8.0 contains a SQL injection vulnerability. The plugin does not validate and escape the meta_ids parameter of its remove_post_meta_condition AJAX action, available to both unauthenticated and authenticated users, before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
remediation: |
Update to the latest version of WordPress Master Elements plugin (>=8.1) to mitigate the SQL Injection vulnerability.
reference:
- https://wpscan.com/vulnerability/a72bf075-fd4b-4aa5-b4a4-5f62a0620643
- https://wordpress.org/plugins/master-elements
@ -16,14 +18,14 @@ info:
cve-id: CVE-2022-0693
cwe-id: CWE-89
epss-score: 0.01196
cpe: cpe:2.3:a:devbunch:master_elements:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.83424
cpe: cpe:2.3:a:devbunch:master_elements:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
verified: true
framework: wordpress
max-request: 1
vendor: devbunch
product: master_elements
framework: wordpress
tags: unauth,wpscan,wp-plugin,wp,sqli,wordpress,master-elements,cve,cve2022
http:

6
http/cves/2022/CVE-2022-0735.yaml
View File

@ -5,6 +5,8 @@ info:
author: GitLab Red Team
severity: critical
description: GitLab CE/EE is susceptible to information disclosure. An attacker can access runner registration tokens using quick actions commands, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations. Affected versions are from 12.10 before 14.6.5, from 14.7 before 14.7.4, and from 14.8 before 14.8.2.
remediation: |
Apply the necessary patches or updates provided by GitLab to fix the vulnerability.
reference:
- https://gitlab.com/gitlab-com/gl-security/threatmanagement/redteam/redteam-public/cve-hash-harvester
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0735.json
@ -17,13 +19,13 @@ info:
cve-id: CVE-2022-0735
cwe-id: CWE-863
epss-score: 0.02744
cpe: cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
epss-percentile: 0.89212
cpe: cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
metadata:
max-request: 1
shodan-query: http.title:"GitLab"
vendor: gitlab
product: gitlab
shodan-query: http.title:"GitLab"
tags: cve,cve2022,gitlab
http:

8
http/cves/2022/CVE-2022-0747.yaml
View File

@ -6,26 +6,26 @@ info:
severity: critical
description: |
The Infographic Maker WordPress plugin before 4.3.8 does not validate and escape the post_id parameter before using it in a SQL statement via the qcld_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL Injection.
remediation: Fixed in version 4.3.8
reference:
- https://wpscan.com/vulnerability/a8575322-c2cf-486a-9c37-71a22167aac3
- https://wordpress.org/plugins/infographic-and-list-builder-ilist/
- https://nvd.nist.gov/vuln/detail/CVE-2022-0747
- https://plugins.trac.wordpress.org/changeset/2684336
remediation: Fixed in version 4.3.8
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2022-0747
cwe-id: CWE-89
epss-score: 0.011
cpe: cpe:2.3:a:quantumcloud:infographic_maker:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.82632
cpe: cpe:2.3:a:quantumcloud:infographic_maker:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 2
verified: true
framework: wordpress
max-request: 2
vendor: quantumcloud
product: infographic_maker
framework: wordpress
tags: cve,cve2022,sqli,wordpress,wp-plugin,wp,infographic-and-list-builder-ilist,wpscan
http:

8
http/cves/2022/CVE-2022-0760.yaml
View File

@ -6,6 +6,8 @@ info:
severity: critical
description: |
WordPress Simple Link Directory plugin before 7.7.2 contains a SQL injection vulnerability. The plugin does not validate and escape the post_id parameter before using it in a SQL statement via the qcopd_upvote_action AJAX action, available to unauthenticated and authenticated users. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
remediation: |
Update to the latest version of WordPress Simple Link Directory plugin (7.7.2 or higher) to mitigate the SQL injection vulnerability.
reference:
- https://wpscan.com/vulnerability/1c83ed73-ef02-45c0-a9ab-68a3468d2210
- https://wordpress.org/plugins/simple-link-directory/
@ -17,14 +19,14 @@ info:
cve-id: CVE-2022-0760
cwe-id: CWE-89
epss-score: 0.011
cpe: cpe:2.3:a:quantumcloud:simple_link_directory:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.82632
cpe: cpe:2.3:a:quantumcloud:simple_link_directory:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
verified: true
framework: wordpress
max-request: 1
vendor: quantumcloud
product: simple_link_directory
framework: wordpress
tags: cve,cve2022,sqli,wordpress,wp-plugin,wp,simple-link-directory,unauth,wpscan
http:

8
http/cves/2022/CVE-2022-0769.yaml
View File

@ -6,6 +6,8 @@ info:
severity: critical
description: |
The Users Ultra WordPress plugin through 3.1.0 fails to properly sanitize and escape the data_target parameter before it is being interpolated in an SQL statement and then executed via the rating_vote AJAX action (available to both unauthenticated and authenticated users), leading to an SQL Injection.
remediation: |
Update to Users Ultra version 3.1.0 or later to mitigate this vulnerability.
reference:
- https://wpscan.com/vulnerability/05eab45d-ebe9-440f-b9c3-73ec40ef1141
- https://wordpress.org/plugins/users-ultra/
@ -16,14 +18,14 @@ info:
cve-id: CVE-2022-0769
cwe-id: CWE-89
epss-score: 0.01196
cpe: cpe:2.3:a:usersultra:users_ultra:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.83424
cpe: cpe:2.3:a:usersultra:users_ultra:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
verified: true
framework: wordpress
max-request: 1
vendor: usersultra
product: users_ultra
framework: wordpress
tags: wp,users-ultra,wpscan,cve,cve2022,sqli,wordpress,wp-plugin
http:

8
http/cves/2022/CVE-2022-0773.yaml
View File

@ -6,6 +6,8 @@ info:
severity: critical
description: |
The Documentor WordPress plugin through 1.5.3 fails to sanitize and escape user input before it is being interpolated in an SQL statement and then executed, leading to an SQL Injection exploitable by unauthenticated users.
remediation: |
Update to Documentor version 1.5.3 or later to mitigate this vulnerability.
reference:
- https://wpscan.com/vulnerability/55b89de0-30ed-4f98-935e-51f069faf6fc
- https://wordpress.org/plugins/documentor-lite/
@ -16,14 +18,14 @@ info:
cve-id: CVE-2022-0773
cwe-id: CWE-89
epss-score: 0.02077
cpe: cpe:2.3:a:documentor_project:documentor:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.87641
cpe: cpe:2.3:a:documentor_project:documentor:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 2
verified: true
framework: wordpress
max-request: 2
vendor: documentor_project
product: documentor
framework: wordpress
tags: unauth,cve2022,sqli,wp-plugin,wp,documentor-lite,wpscan,cve,wordpress
http:

6
http/cves/2022/CVE-2022-0776.yaml
View File

@ -5,6 +5,8 @@ info:
author: LogicalHunter
severity: medium
description: RevealJS postMessage before 4.3.0 contains a cross-site scripting vulnerability via the document object model.
remediation: |
Upgrade to RevealJS postMessage version 4.3.0 or later to mitigate this vulnerability.
reference:
- https://hackerone.com/reports/691977
- https://github.com/hakimel/reveal.js/pull/3137
@ -17,12 +19,12 @@ info:
cve-id: CVE-2022-0776
cwe-id: CWE-79
epss-score: 0.00133
cpe: cpe:2.3:a:revealjs:reveal.js:*:*:*:*:*:node.js:*:*
epss-percentile: 0.47722
cpe: cpe:2.3:a:revealjs:reveal.js:*:*:*:*:*:node.js:*:*
metadata:
framework: node.js
vendor: revealjs
product: reveal.js
framework: node.js
tags: hackerone,huntr,cve,cve2022,headless,postmessage,revealjs
headless:
- steps:

8
http/cves/2022/CVE-2022-0781.yaml
View File

@ -6,6 +6,8 @@ info:
severity: critical
description: |
WordPress Nirweb support plugin before 2.8.2 contains a SQL injection vulnerability. The plugin does not sanitize and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information from a database, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
remediation: |
Update to the latest version of the WordPress Nirweb Support plugin (2.8.2 or higher) to mitigate the SQL Injection vulnerability.
reference:
- https://wpscan.com/vulnerability/1a8f9c7b-a422-4f45-a516-c3c14eb05161
- https://wordpress.org/plugins/nirweb-support/
@ -16,14 +18,14 @@ info:
cve-id: CVE-2022-0781
cwe-id: CWE-89
epss-score: 0.00974
cpe: cpe:2.3:a:nirweb:nirweb_support:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.81449
cpe: cpe:2.3:a:nirweb:nirweb_support:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
verified: true
framework: wordpress
max-request: 1
vendor: nirweb
product: nirweb_support
framework: wordpress
tags: cve,cve2022,wordpress,wp-plugin,wp,sqli,wpscan,nirweb-support,unauth
variables:
num: "999999999"

8
http/cves/2022/CVE-2022-0784.yaml
View File

@ -6,6 +6,8 @@ info:
severity: critical
description: |
WordPress Title Experiments Free plugin before 9.0.1 contains a SQL injection vulnerability. The plugin does not sanitize and escape the id parameter before using it in a SQL statement via the wpex_titles AJAX action, available to unauthenticated users. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
remediation: |
Update to the latest version of WordPress Title Experiments Free plugin (9.0.1 or higher) to mitigate the vulnerability.
reference:
- https://wpscan.com/vulnerability/6672b59f-14bc-4a22-9e0b-fcab4e01d97f
- https://wordpress.org/plugins/wp-experiments-free/
@ -16,14 +18,14 @@ info:
cve-id: CVE-2022-0784
cwe-id: CWE-89
epss-score: 0.02077
cpe: cpe:2.3:a:title_experiments_free_project:title_experiments_free:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.87641
cpe: cpe:2.3:a:title_experiments_free_project:title_experiments_free:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
verified: true
framework: wordpress
max-request: 1
vendor: title_experiments_free_project
product: title_experiments_free
framework: wordpress
tags: cve,wpscan,wp-plugin,wp,sqli,wp-experiments-free,unauth,cve2022,wordpress
http:

8
http/cves/2022/CVE-2022-0785.yaml
View File

@ -6,6 +6,8 @@ info:
severity: critical
description: |
WordPress Daily Prayer Time plugin prior to 2022.03.01 contains a SQL injection vulnerability.. It does not sanitise and escape the month parameter before using it in a SQL statement via the get_monthly_timetable AJAX action, available to unauthenticated users, leading to SQL injection.
remediation: |
Update to the latest version of the WordPress Daily Prayer Time plugin (2022.03.01) to fix the SQL Injection vulnerability.
reference:
- https://wpscan.com/vulnerability/e1e09f56-89a4-4d6f-907b-3fb2cb825255
- https://wordpress.org/plugins/daily-prayer-time-for-mosques/
@ -16,14 +18,14 @@ info:
cve-id: CVE-2022-0785
cwe-id: CWE-89
epss-score: 0.02077
cpe: cpe:2.3:a:daily_prayer_time_project:daily_prayer_time:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.87641
cpe: cpe:2.3:a:daily_prayer_time_project:daily_prayer_time:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
verified: true
framework: wordpress
max-request: 1
vendor: daily_prayer_time_project
product: daily_prayer_time
framework: wordpress
tags: sqli,wordpress,wp-plugin,unauth,daily-prayer-time-for-mosques,wpscan,cve,cve2022,wp
http:

8
http/cves/2022/CVE-2022-0786.yaml
View File

@ -6,6 +6,8 @@ info:
severity: critical
description: |
WordPress KiviCare plugin before 2.3.9 contains a SQL injection vulnerability. The plugin does not sanitize and escape some parameters before using them in SQL statements via the ajax_post AJAX action with the get_doctor_details route. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
remediation: |
Update to the latest version of the KiviCare plugin (2.3.9) or apply the provided patch to fix the SQL Injection vulnerability.
reference:
- https://wpscan.com/vulnerability/53f493e9-273b-4349-8a59-f2207e8f8f30
- https://wordpress.org/plugins/kivicare-clinic-management-system/
@ -16,14 +18,14 @@ info:
cve-id: CVE-2022-0786
cwe-id: CWE-89
epss-score: 0.01851
cpe: cpe:2.3:a:iqonic:kivicare:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.8685
cpe: cpe:2.3:a:iqonic:kivicare:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
verified: true
framework: wordpress
max-request: 1
vendor: iqonic
product: kivicare
framework: wordpress
tags: sqli,kivicare-clinic-management-system,unauth,wordpress,wp-plugin,wp,cve,cve2022,wpscan
http:

8
http/cves/2022/CVE-2022-0788.yaml
View File

@ -6,6 +6,8 @@ info:
severity: critical
description: |
WordPress WP Fundraising Donation and Crowdfunding Platform plugin before 1.5.0 contains an unauthenticated SQL injection vulnerability. It does not sanitize and escape a parameter before using it in a SQL statement via a REST route. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
remediation: |
Update WP Fundraising Donation and Crowdfunding Platform to version 1.5.0 or later to mitigate the vulnerability.
reference:
- https://wpscan.com/vulnerability/fbc71710-123f-4c61-9796-a6a4fd354828
- https://wordpress.org/plugins/wp-fundraising-donation/
@ -16,14 +18,14 @@ info:
cve-id: CVE-2022-0788
cwe-id: CWE-89
epss-score: 0.02077
cpe: cpe:2.3:a:wpmet:wp_fundraising_donation_and_crowdfunding_platform:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.87641
cpe: cpe:2.3:a:wpmet:wp_fundraising_donation_and_crowdfunding_platform:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
verified: true
framework: wordpress
max-request: 1
vendor: wpmet
product: wp_fundraising_donation_and_crowdfunding_platform
framework: wordpress
tags: cve,sqli,wordpress,wp-plugin,cve2022,wp,wp-fundraising-donation,unauth,wpscan
http:

8
http/cves/2022/CVE-2022-0817.yaml
View File

@ -6,6 +6,8 @@ info:
severity: critical
description: |
WordPress BadgeOS plugin through 3.7.0 contains a SQL injection vulnerability. It does not sanitize and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
remediation: |
Update to the latest version of the BadgeOS plugin (>=3.7.1) to mitigate this vulnerability.
reference:
- https://wpscan.com/vulnerability/69263610-f454-4f27-80af-be523d25659e
- https://wordpress.org/plugins/badgeos/
@ -16,14 +18,14 @@ info:
cve-id: CVE-2022-0817
cwe-id: CWE-89
epss-score: 0.02077
cpe: cpe:2.3:a:badgeos:badgeos:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.87641
cpe: cpe:2.3:a:badgeos:badgeos:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
verified: true
framework: wordpress
max-request: 1
vendor: badgeos
product: badgeos
framework: wordpress
tags: cve2022,wp,unauth,sqli,cve,wp-plugin,badgeos,wpscan,wordpress
variables:
num: "999999999"

4
http/cves/2022/CVE-2022-0824.yaml
View File

@ -5,6 +5,8 @@ info:
author: cckuailong
severity: high
description: Webmin before 1.990 is susceptible to improper access control in GitHub repository webmin/webmin. This in turn can lead to remote code execution, by which an attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
remediation: |
Upgrade Webmin to version 1.990 or later to mitigate this vulnerability.
reference:
- https://github.com/faisalfs10x/Webmin-CVE-2022-0824-revshell/blob/main/Webmin-revshell.py
- https://github.com/webmin/webmin/commit/39ea464f0c40b325decd6a5bfb7833fa4a142e38
@ -16,8 +18,8 @@ info:
cve-id: CVE-2022-0824
cwe-id: CWE-284,CWE-863
epss-score: 0.97243
cpe: cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*
epss-percentile: 0.99757
cpe: cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*
metadata:
max-request: 2
vendor: webmin

8
http/cves/2022/CVE-2022-0826.yaml
View File

@ -6,6 +6,8 @@ info:
severity: critical
description: |
WordPress WP Video Gallery plugin through 1.7.1 contains a SQL injection vulnerability. The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
remediation: |
Update to the latest version of WP Video Gallery plugin (>=1.7.2) or apply the vendor-provided patch to mitigate the SQL Injection vulnerability.
reference:
- https://wpscan.com/vulnerability/7a3eed3b-c643-4e24-b833-eba60ab631c5
- https://wordpress.org/plugins/wp-video-gallery-free/
@ -16,14 +18,14 @@ info:
cve-id: CVE-2022-0826
cwe-id: CWE-89
epss-score: 0.02077
cpe: cpe:2.3:a:wp-video-gallery-free_project:wp-video-gallery-free:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.87641
cpe: cpe:2.3:a:wp-video-gallery-free_project:wp-video-gallery-free:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
verified: true
framework: wordpress
max-request: 1
vendor: wp-video-gallery-free_project
product: wp-video-gallery-free
framework: wordpress
tags: cve2022,wp-plugin,wpscan,cve,wordpress,wp,sqli,wp-video-gallery-free,unauth
http:

8
http/cves/2022/CVE-2022-0827.yaml
View File

@ -6,6 +6,8 @@ info:
severity: critical
description: |
WordPress Best Books plugin through 2.6.3 is susceptible to SQL injection. The plugin does not sanitize and escape some parameters before using them in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
remediation: |
Update to WordPress Best Books plugin version 2.6.3 or later to fix the SQL injection vulnerability.
reference:
- https://wpscan.com/vulnerability/0d208ebc-7805-457b-aa5f-ffd5adb2f3be
- https://wordpress.org/plugins/bestbooks/
@ -16,14 +18,14 @@ info:
cve-id: CVE-2022-0827
cwe-id: CWE-89
epss-score: 0.01851
cpe: cpe:2.3:a:presspage:bestbooks:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.8685
cpe: cpe:2.3:a:presspage:bestbooks:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
verified: true
framework: wordpress
max-request: 1
vendor: presspage
product: bestbooks
framework: wordpress
tags: cve,cve2022,sqli,wpscan,wordpress,wp-plugin,wp,bestbooks,unauthenticated
http:

8
http/cves/2022/CVE-2022-0846.yaml
View File

@ -6,25 +6,25 @@ info:
severity: critical
description: |
The SpeakOut! Email Petitions WordPress plugin before 2.14.15.1 does not sanitise and escape the id parameter before using it in a SQL statement via the dk_speakout_sendmail AJAX action, leading to an SQL Injection exploitable by unauthenticated users.
remediation: Fixed in version 2.14.15.1
reference:
- https://wpscan.com/vulnerability/b030296d-688e-44a4-a48a-140375f2c5f4
- https://wordpress.org/plugins/speakout/
- https://nvd.nist.gov/vuln/detail/CVE-2022-0846
remediation: Fixed in version 2.14.15.1
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2022-0846
cwe-id: CWE-89
epss-score: 0.02077
cpe: cpe:2.3:a:speakout\!_email_petitions_project:speakout\!_email_petitions:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.87641
cpe: cpe:2.3:a:speakout\!_email_petitions_project:speakout\!_email_petitions:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
verified: true
framework: wordpress
max-request: 1
vendor: speakout\!_email_petitions_project
product: speakout\!_email_petitions
framework: wordpress
tags: wordpress,wp-plugin,wp,unauth,wpscan,cve,cve2022,sqli,speakout,speakout-email-petitions
http:

8
http/cves/2022/CVE-2022-0864.yaml
View File

@ -6,6 +6,8 @@ info:
severity: medium
description: |
The plugin does not sanitise and escape the updraft_interval parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting (XSS) vulnerability.
remediation: |
Update UpdraftPlus plugin to version 1.22.9 or later to mitigate the vulnerability.
reference:
- https://wpscan.com/vulnerability/7337543f-4c2c-4365-aebf-3423e9d2f872
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0864
@ -16,14 +18,14 @@ info:
cve-id: CVE-2022-0864
cwe-id: CWE-79
epss-score: 0.00359
cpe: cpe:2.3:a:updraftplus:updraftplus:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.68676
cpe: cpe:2.3:a:updraftplus:updraftplus:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 2
verified: true
framework: wordpress
max-request: 2
vendor: 'updraftplus'
product: 'updraftplus'
framework: wordpress
tags: cve2022,xss,authenticated,updraftplus,wpscan,cve,wp-plugin,wp,wordpress
http:

8
http/cves/2022/CVE-2022-0867.yaml
View File

@ -6,6 +6,8 @@ info:
severity: critical
description: |
WordPress ARPrice plugin prior to 3.6.1 contains a SQL injection vulnerability. It fails to properly sanitize and escape user supplied POST data before being inserted in an SQL statement and executed via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
remediation: |
Update to the latest version of ARPrice plugin (3.6.1) or apply the vendor-provided patch.
reference:
- https://wpscan.com/vulnerability/62803aae-9896-410b-9398-3497a838e494
- https://wordpress.org/plugins/arprice-responsive-pricing-table/
@ -16,14 +18,14 @@ info:
cve-id: CVE-2022-0867
cwe-id: CWE-89
epss-score: 0.04152
cpe: cpe:2.3:a:reputeinfosystems:pricing_table:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.9107
cpe: cpe:2.3:a:reputeinfosystems:pricing_table:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 2
verified: true
framework: wordpress
max-request: 2
vendor: reputeinfosystems
product: pricing_table
framework: wordpress
tags: unauth,wp,cve2022,wordpress,wp-plugin,arprice-responsive-pricing-table,sqli,wpscan,cve
http:

4
http/cves/2022/CVE-2022-0869.yaml
View File

@ -6,6 +6,8 @@ info:
severity: medium
description: |
Multiple Open Redirect in GitHub repository nitely/spirit prior to 0.12.3.
remediation: |
Upgrade to a patched version of nitely/spirit to mitigate the open redirect vulnerability (CVE-2022-0869).
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2022-0869
- https://huntr.dev/bounties/ed335a88-f68c-4e4d-ac85-f29a51b03342
@ -16,8 +18,8 @@ info:
cve-id: CVE-2022-0869
cwe-id: CWE-601
epss-score: 0.00153
cpe: cpe:2.3:a:spirit-project:spirit:*:*:*:*:*:*:*:*
epss-percentile: 0.50846
cpe: cpe:2.3:a:spirit-project:spirit:*:*:*:*:*:*:*:*
metadata:
max-request: 4
vendor: spirit-project

6
http/cves/2022/CVE-2022-0870.yaml
View File

@ -6,22 +6,22 @@ info:
severity: medium
description: |
Gogs GitHub repository before 0.12.5 is susceptible to server-side request forgery. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
remediation: Fixed in version 0.12.5.
reference:
- https://github.com/gogs/gogs/commit/91f2cde5e95f146bfe4765e837e7282df6c7cabb
- https://huntr.dev/bounties/327797d7-ae41-498f-9bff-cc0bf98cf531
- https://nvd.nist.gov/vuln/detail/CVE-2022-0870
remediation: Fixed in version 0.12.5.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cve-id: CVE-2022-0870
cwe-id: CWE-918
epss-score: 0.00218
cpe: cpe:2.3:a:gogs:gogs:*:*:*:*:*:*:*:*
epss-percentile: 0.59068
cpe: cpe:2.3:a:gogs:gogs:*:*:*:*:*:*:*:*
metadata:
max-request: 4
verified: true
max-request: 4
vendor: gogs
product: gogs
tags: cve,cve2022,ssrf,gogs,authenticated,huntr

8
http/cves/2022/CVE-2022-0885.yaml
View File

@ -6,6 +6,8 @@ info:
severity: critical
description: |
WordPress Member Hero plugin through 1.0.9 is susceptible to remote code execution. The plugin lacks authorization checks and does not validate the a request parameter in an AJAX action, allowing an attacker to call arbitrary PHP functions with no arguments. An attacker can thus execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
remediation: |
Update to the latest version of the Member Hero plugin (1.0.9 or higher) to mitigate this vulnerability.
reference:
- https://wpscan.com/vulnerability/8b08b72e-5584-4f25-ab73-5ab0f47412df
- https://wordpress.org/plugins/member-hero/
@ -16,14 +18,14 @@ info:
cve-id: CVE-2022-0885
cwe-id: CWE-862
epss-score: 0.13941
cpe: cpe:2.3:a:memberhero:member_hero:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.94944
cpe: cpe:2.3:a:memberhero:member_hero:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
verified: true
framework: wordpress
max-request: 1
vendor: memberhero
product: member_hero
framework: wordpress
tags: unauth,wpscan,wp-plugin,rce,wp,wordpress,member-hero,cve,cve2022
http:

6
http/cves/2022/CVE-2022-0928.yaml
View File

@ -6,6 +6,8 @@ info:
severity: medium
description: |
Microweber prior to 1.2.12 contains a stored cross-site scripting vulnerability via the Type parameter in the body of POST request, which is triggered by Add/Edit Tax.
remediation: |
Upgrade Microweber to version 1.2.12 or later to mitigate this vulnerability.
reference:
- https://huntr.dev/bounties/085aafdd-ba50-44c7-9650-fa573da29bcd
- https://github.com/microweber/microweber/commit/fc9137c031f7edec5f50d73b300919fb519c924a
@ -16,11 +18,11 @@ info:
cve-id: CVE-2022-0928
cwe-id: CWE-79
epss-score: 0.00192
cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:*
epss-percentile: 0.55945
cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:*
metadata:
max-request: 3
verified: true
max-request: 3
vendor: microweber
product: microweber
tags: cve,cve2022,authenticated,huntr,xss,microweber,cms

8
http/cves/2022/CVE-2022-0948.yaml
View File

@ -6,6 +6,8 @@ info:
severity: critical
description: |
WordPress Order Listener for WooCommerce plugin before 3.2.2 contains a SQL injection vulnerability. The plugin does not sanitize and escape the id parameter before using it in a SQL statement via a REST route. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
remediation: |
Update the WordPress Order Listener for WooCommerce plugin to version 3.2.2 or later.
reference:
- https://wpscan.com/vulnerability/daad48df-6a25-493f-9d1d-17b897462576
- https://wordpress.org/plugins/woc-order-alert/
@ -17,14 +19,14 @@ info:
cve-id: CVE-2022-0948
cwe-id: CWE-89
epss-score: 0.03849
cpe: cpe:2.3:a:pluginbazaar:order_listener_for_woocommerce:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.90743
cpe: cpe:2.3:a:pluginbazaar:order_listener_for_woocommerce:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 2
verified: true
framework: wordpress
max-request: 2
vendor: pluginbazaar
product: order_listener_for_woocommerce
framework: wordpress
tags: cve,wp,unauth,sqli,woc-order-alert,wpscan,cve2022,wordpress,wp-plugin
http:

8
http/cves/2022/CVE-2022-0949.yaml
View File

@ -6,25 +6,25 @@ info:
severity: critical
description: |
WordPress Stop Bad Bots plugin before 6.930 contains a SQL injection vulnerability. The plugin does not properly sanitise and escape the fingerprint parameter before using it in a SQL statement via the stopbadbots_grava_fingerprint AJAX action, available to unauthenticated users. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
remediation: Fixed in version 6.930.
reference:
- https://wpscan.com/vulnerability/a0fbb79a-e160-49df-9cf2-18ab64ea66cb
- https://wordpress.org/plugins/stopbadbots/
- https://nvd.nist.gov/vuln/detail/CVE-2022-0949
remediation: Fixed in version 6.930.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2022-0949
cwe-id: CWE-89
epss-score: 0.02077
cpe: cpe:2.3:a:stopbadbots:block_and_stop_bad_bots:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.87641
cpe: cpe:2.3:a:stopbadbots:block_and_stop_bad_bots:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 3
verified: true
framework: wordpress
max-request: 3
vendor: stopbadbots
product: block_and_stop_bad_bots
framework: wordpress
tags: cve,stopbadbots,wp-plugin,wp,unauth,wpscan,cve2022,sqli,wordpress
variables:
IP: '{{rand_ip("1.1.1.0/24")}}'

8
http/cves/2022/CVE-2022-0952.yaml
View File

@ -6,6 +6,8 @@ info:
severity: high
description: |
WordPress Sitemap by click5 plugin before 1.0.36 is susceptible to missing authorization. The plugin does not have authorization or CSRF checks when updating options via a REST endpoint and does not ensure that the option to be updated belongs to the plugin. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
remediation: |
Update to the latest version of the WordPress Sitemap plugin by click5 (1.0.36 or higher) to fix the missing authorization issue.
reference:
- https://wpscan.com/vulnerability/0f694961-afab-44f9-846c-e80a0f6c768b
- https://nvd.nist.gov/vuln/detail/CVE-2022-0952
@ -15,14 +17,14 @@ info:
cve-id: CVE-2022-0952
cwe-id: CWE-352
epss-score: 0.03442
cpe: cpe:2.3:a:sitemap_project:sitemap:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.90248
cpe: cpe:2.3:a:sitemap_project:sitemap:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 3
verified: true
framework: wordpress
max-request: 3
vendor: sitemap_project
product: sitemap
framework: wordpress
tags: wp,wp-plugin,sitemap,wpscan,cve,cve2022,wordpress
http:

6
http/cves/2022/CVE-2022-0954.yaml
View File

@ -6,6 +6,8 @@ info:
severity: medium
description: |
Microweber before 1.2.1 contains multiple stored cross-site scripting vulnerabilities in Shop's Other Settings, Autorespond E-mail Settings, and Payment Methods.
remediation: |
Upgrade Microweber to version 1.2.11 or later to mitigate this vulnerability.
reference:
- https://github.com/advisories/GHSA-8c76-mxv5-w4g8
- https://huntr.dev/bounties/b99517c0-37fc-4efa-ab1a-3591da7f4d26/
@ -17,11 +19,11 @@ info:
cve-id: CVE-2022-0954
cwe-id: CWE-79
epss-score: 0.00192
cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:*
epss-percentile: 0.55945
cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:*
metadata:
max-request: 3
verified: true
max-request: 3
vendor: microweber
product: microweber
tags: cve,cve2022,xss,microweber,huntr

6
http/cves/2022/CVE-2022-0963.yaml
View File

@ -6,6 +6,8 @@ info:
severity: medium
description: |
Microweber prior to 1.2.12 contains a stored cross-site scripting vulnerability. It allows unrestricted upload of XML files,.
remediation: |
Upgrade Microweber CMS to version 1.2.12 or later to mitigate the vulnerability.
reference:
- https://huntr.dev/bounties/a89a4198-0880-4aa2-8439-a463f39f244c/
- https://github.com/advisories/GHSA-q3x2-jvp3-wj78
@ -18,11 +20,11 @@ info:
cve-id: CVE-2022-0963
cwe-id: CWE-79
epss-score: 0.00192
cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:*
epss-percentile: 0.55945
cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:*
metadata:
max-request: 3
verified: true
max-request: 3
vendor: microweber
product: microweber
tags: xss,microweber,cms,authenticated,huntr,cve,cve2022,intrusive

4
http/cves/2022/CVE-2022-0968.yaml
View File

@ -6,21 +6,21 @@ info:
severity: medium
description: |
Microweber before 1.2.12 is susceptible to integer overflow. The application allows large characters to insert in the input field 'first & last name,' which can allow an attacker to cause a denial of service via a crafted HTTP request.
remediation: First name and last name input should be limited to 50 characters or maximum 100 characters.
reference:
- https://huntr.dev/bounties/97e36678-11cf-42c6-889c-892d415d9f9e/
- https://github.com/advisories/GHSA-5fxv-xx5p-g2fv
- https://huntr.dev/bounties/97e36678-11cf-42c6-889c-892d415d9f9e
- https://nvd.nist.gov/vuln/detail/CVE-2022-0968
- https://github.com/microweber/microweber/commit/80e39084729a57dfe749626c3b9d35247a14c49e
remediation: First name and last name input should be limited to 50 characters or maximum 100 characters.
classification:
cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
cvss-score: 5.5
cve-id: CVE-2022-0968
cwe-id: CWE-190
epss-score: 0.00091
cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:*
epss-percentile: 0.38112
cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:*
metadata:
max-request: 3
vendor: microweber

8
http/cves/2022/CVE-2022-1007.yaml
View File

@ -6,6 +6,8 @@ info:
severity: medium
description: |
WordPress Advanced Booking Calendar plugin before 1.7.1 contains a cross-site scripting vulnerability. It does not sanitize and escape the room parameter before outputting it back in an admin page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
remediation: |
Update to WordPress Advanced Booking Calendar plugin version 1.7.1 or later to mitigate this vulnerability.
reference:
- https://wpscan.com/vulnerability/6f5b764b-d13b-4371-9cc5-91204d9d6358
- https://wordpress.org/plugins/advanced-booking-calendar/
@ -17,14 +19,14 @@ info:
cve-id: CVE-2022-1007
cwe-id: CWE-79
epss-score: 0.00112
cpe: cpe:2.3:a:elbtide:advanced_booking_calendar:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.43971
cpe: cpe:2.3:a:elbtide:advanced_booking_calendar:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 2
verified: true
framework: wordpress
max-request: 2
vendor: elbtide
product: advanced_booking_calendar
framework: wordpress
tags: wp-plugin,advanced-booking-calendar,cve,cve2022,wp,authenticated,wpscan,wordpress,xss
http:

8
http/cves/2022/CVE-2022-1013.yaml
View File

@ -6,25 +6,25 @@ info:
severity: critical
description: |
WordPress Personal Dictionary plugin before 1.3.4 contains a blind SQL injection vulnerability. The plugin fails to properly sanitize user-supplied POST data before being interpolated in an SQL statement and executed. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
remediation: Fixed in version 1.3.4.
reference:
- https://wpscan.com/vulnerability/eed70659-9e3e-42a2-b427-56c52e0fbc0d
- https://wordpress.org/plugins/personal-dictionary/
- https://nvd.nist.gov/vuln/detail/CVE-2022-1013
remediation: Fixed in version 1.3.4.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2022-1013
cwe-id: CWE-89
epss-score: 0.01144
cpe: cpe:2.3:a:ays-pro:personal_dictionary:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.82961
cpe: cpe:2.3:a:ays-pro:personal_dictionary:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
verified: true
framework: wordpress
max-request: 1
vendor: ays-pro
product: personal_dictionary
framework: wordpress
tags: wp,unauth,wpscan,cve,cve2022,sqli,wordpress,wp-plugin,personal-dictionary
http:

6
http/cves/2022/CVE-2022-1020.yaml
View File

@ -5,6 +5,8 @@ info:
author: Akincibor
severity: critical
description: WordPress WooCommerce plugin before 3.1.2 does not have authorisation and CSRF checks in the wpt_admin_update_notice_option AJAX action (available to both unauthenticated and authenticated users), as well as does not validate the callback parameter, allowing unauthenticated attackers to call arbitrary functions with either none or one user controlled argument.
remediation: |
Update WordPress WooCommerce plugin to version 3.1.2 or later to mitigate the vulnerability.
reference:
- https://wpscan.com/vulnerability/04fe89b3-8ad1-482f-a96d-759d1d3a0dd5
- https://nvd.nist.gov/vuln/detail/CVE-2022-1020
@ -14,13 +16,13 @@ info:
cve-id: CVE-2022-1020
cwe-id: CWE-352
epss-score: 0.00614
cpe: cpe:2.3:a:codeastrology:woo_product_table:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.76048
cpe: cpe:2.3:a:codeastrology:woo_product_table:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
framework: wordpress
vendor: codeastrology
product: woo_product_table
framework: wordpress
tags: wpscan,wp,wp-plugin,wordpress,cve,cve2022,unauth
http:

8
http/cves/2022/CVE-2022-1040.yaml
View File

@ -6,6 +6,8 @@ info:
severity: critical
description: |
Sophos Firewall version v18.5 MR3 and older contains an authentication bypass vulnerability in the User Portal and Webadmin which could allow a remote attacker to execute code.
remediation: |
Upgrade to a patched version of Sophos Firewall (>=18.5 MR4) to mitigate this vulnerability.
reference:
- https://github.com/killvxk/CVE-2022-1040
- https://github.com/CronUp/Vulnerabilidades/blob/main/CVE-2022-1040_checker
@ -17,14 +19,14 @@ info:
cve-id: CVE-2022-1040
cwe-id: CWE-287
epss-score: 0.97499
cpe: cpe:2.3:o:sophos:sfos:*:*:*:*:*:*:*:*
epss-percentile: 0.99961
cpe: cpe:2.3:o:sophos:sfos:*:*:*:*:*:*:*:*
metadata:
max-request: 1
shodan-query: http.title:"Sophos"
verified: true
max-request: 1
vendor: sophos
product: sfos
shodan-query: http.title:"Sophos"
tags: cve,cve2022,sophos,firewall,auth-bypass,rce,kev
http:

6
http/cves/2022/CVE-2022-1054.yaml
View File

@ -5,6 +5,8 @@ info:
author: Akincibor
severity: medium
description: WordPress RSVP and Event Management plugin before 2.7.8 is susceptible to missing authorization. The plugin does not have any authorization checks when exporting its entries, and the export function is hooked to the init action. An attacker can potentially retrieve sensitive information such as first name, last name, and email address of users registered for events,
remediation: |
Update the WordPress RSVP and Event Management plugin to version 2.7.8 or later.
reference:
- https://wpscan.com/vulnerability/95a5fad1-e823-4571-8640-19bf5436578d
classification:
@ -13,13 +15,13 @@ info:
cve-id: CVE-2022-1054
cwe-id: CWE-862
epss-score: 0.0033
cpe: cpe:2.3:a:wpchill:rsvp_and_event_management:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.67328
cpe: cpe:2.3:a:wpchill:rsvp_and_event_management:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
framework: wordpress
vendor: wpchill
product: rsvp_and_event_management
framework: wordpress
tags: wordpress,cve,cve2022,wpscan,wp,wp-plugin
http:

8
http/cves/2022/CVE-2022-1057.yaml
View File

@ -6,6 +6,8 @@ info:
severity: critical
description: |
WordPress Pricing Deals for WooCommerce plugin through 2.0.2.02 contains a SQL injection vulnerability. The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
remediation: |
Update to the latest version of the Pricing Deals for WooCommerce plugin (2.0.2.03 or higher) to fix the SQL Injection vulnerability.
reference:
- https://wpscan.com/vulnerability/7c33ffc3-84d1-4a0f-a837-794cdc3ad243
- https://wordpress.org/plugins/pricing-deals-for-woocommerce/
@ -16,14 +18,14 @@ info:
cve-id: CVE-2022-1057
cwe-id: CWE-89
epss-score: 0.01851
cpe: cpe:2.3:a:varktech:pricing_deals_for_woocommerce:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.8685
cpe: cpe:2.3:a:varktech:pricing_deals_for_woocommerce:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
verified: true
framework: wordpress
max-request: 1
vendor: varktech
product: pricing_deals_for_woocommerce
framework: wordpress
tags: cve,cve2022,sqli,wpscan,wordpress,wp-plugin,wp,pricing-deals-for-woocommerce,unauth
http:

8
http/cves/2022/CVE-2022-1058.yaml
View File

@ -6,6 +6,8 @@ info:
severity: medium
description: |
Gitea before 1.16.5 is susceptible to open redirect via GitHub repository go-gitea/gitea. An attacker can redirect a user to a malicious site and potentially obtain sensitive information, modify data, and/or execute unauthorized operations.
remediation: |
Upgrade Gitea to version 1.16.5 or later to fix the open redirect vulnerability.
reference:
- https://github.com/go-gitea/gitea/commit/e3d8e92bdc67562783de9a76b5b7842b68daeb48
- https://huntr.dev/bounties/4fb42144-ac70-4f76-a5e1-ef6b5e55dc0d
@ -16,14 +18,14 @@ info:
cve-id: CVE-2022-1058
cwe-id: CWE-601
epss-score: 0.00112
cpe: cpe:2.3:a:gitea:gitea:*:*:*:*:*:*:*:*
epss-percentile: 0.43971
cpe: cpe:2.3:a:gitea:gitea:*:*:*:*:*:*:*:*
metadata:
max-request: 2
shodan-query: title:"Gitea"
verified: true
max-request: 2
vendor: gitea
product: gitea
shodan-query: title:"Gitea"
tags: huntr,cve,cve2022,open-redirect,gitea
http:

6
http/cves/2022/CVE-2022-1119.yaml
View File

@ -6,6 +6,8 @@ info:
severity: high
description: |
WordPress Simple File List before 3.2.8 is vulnerable to local file inclusion via the eeFile parameter in the ~/includes/ee-downloader.php due to missing controls which make it possible for unauthenticated attackers retrieve arbitrary files.
remediation: |
Update WordPress Simple File List to version 3.2.8 or later to mitigate the vulnerability.
reference:
- https://wpscan.com/vulnerability/5551038f-64fb-44d8-bea0-d2f00f04877e
- https://wpscan.com/vulnerability/075a3cc5-1970-4b64-a16f-3ec97e22b606
@ -18,13 +20,13 @@ info:
cve-id: CVE-2022-1119
cwe-id: CWE-22
epss-score: 0.29102
cpe: cpe:2.3:a:simplefilelist:simple-file-list:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.96285
cpe: cpe:2.3:a:simplefilelist:simple-file-list:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
framework: wordpress
vendor: simplefilelist
product: simple-file-list
framework: wordpress
tags: wp,wp-plugin,wpscan,cve,cve2022,lfi,wordpress
http:

6
http/cves/2022/CVE-2022-1162.yaml
View File

@ -5,26 +5,26 @@ info:
author: GitLab Red Team
severity: critical
description: GitLab CE/EE contains a hard-coded credentials vulnerability. A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML), allowing attackers to potentially take over accounts. This template attempts to passively identify vulnerable versions of GitLab without the need for an exploit by matching unique hashes for the application-<hash>.css file in the header for unauthenticated requests. Positive matches do not guarantee exploitability. Affected versions are 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2.
remediation: Tooling to find relevant hashes based on the semantic version ranges specified in the CVE is linked in the reference section below.
reference:
- https://gitlab.com/gitlab-com/gl-security/threatmanagement/redteam/redteam-public/cve-hash-harvester
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1162.json
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1162
- http://packetstormsecurity.com/files/166828/Gitlab-14.9-Authentication-Bypass.html
- https://nvd.nist.gov/vuln/detail/cve-2022-1162
remediation: Tooling to find relevant hashes based on the semantic version ranges specified in the CVE is linked in the reference section below.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2022-1162
cwe-id: CWE-798
epss-score: 0.20604
cpe: cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
epss-percentile: 0.95726
cpe: cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
metadata:
max-request: 1
shodan-query: http.title:"GitLab"
vendor: gitlab
product: gitlab
shodan-query: http.title:"GitLab"
tags: cve,cve2022,gitlab,packetstorm
http:

10
http/cves/2022/CVE-2022-1168.yaml
View File

@ -6,6 +6,8 @@ info:
severity: medium
description: |
WordPress WP JobSearch plugin prior to 1.5.1 contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
remediation: |
Update to the latest version of the WP JobSearch plugin (1.5.1 or higher) to mitigate the XSS vulnerability.
reference:
- https://wpscan.com/vulnerability/bcf38e87-011e-4540-8bfb-c93443a4a490
- https://codecanyon.net/item/jobsearch-wp-job-board-wordpress-plugin/21066856
@ -16,15 +18,15 @@ info:
cve-id: CVE-2022-1168
cwe-id: CWE-79
epss-score: 0.00112
cpe: cpe:2.3:a:eyecix:jobsearch_wp_job_board:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.43971
cpe: cpe:2.3:a:eyecix:jobsearch_wp_job_board:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
google-query: inurl:"wp-content/plugins/wp-jobsearch"
verified: true
framework: wordpress
max-request: 1
vendor: eyecix
product: jobsearch_wp_job_board
framework: wordpress
google-query: inurl:"wp-content/plugins/wp-jobsearch"
tags: wp-jobsearch",wpscan,cve,cve2022,wp-plugin,wp,wordpress,xss
http:

8
http/cves/2022/CVE-2022-1221.yaml
View File

@ -6,6 +6,8 @@ info:
severity: medium
description: |
Wordpress Gwyn's Imagemap Selector plugin 0.3.3 and prior contains a reflected cross-site scripting vulnerability. It does not sanitize the id and class parameters before returning them back in attributes.
remediation: |
Update to the latest version of the WordPress Gwyn's Imagemap Selector plugin (0.3.3) or apply the vendor-supplied patch to fix the vulnerability.
reference:
- https://wpscan.com/vulnerability/641be9f6-2f74-4386-b16e-4b9488f0d2a9
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1221
@ -16,14 +18,14 @@ info:
cve-id: CVE-2022-1221
cwe-id: CWE-79
epss-score: 0.00119
cpe: cpe:2.3:a:gwyn\'s_imagemap_selector_project:gwyn\'s_imagemap_selector:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.45304
cpe: cpe:2.3:a:gwyn\'s_imagemap_selector_project:gwyn\'s_imagemap_selector:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 2
verified: true
framework: wordpress
max-request: 2
vendor: gwyn\'s_imagemap_selector_project
product: gwyn\'s_imagemap_selector
framework: wordpress
tags: cve2022,wpscan,xss,wordpress,wp-plugin,wp,cve
http:

8
http/cves/2022/CVE-2022-1329.yaml
View File

@ -6,26 +6,26 @@ info:
severity: high
description: |
The Elementor Website Builder plugin for WordPress versions 3.6.0 to 3.6.2 are vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the ~/core/app/modules/onboarding/module.php file. This makes it possible for attackers to modify site data and upload malicious files which can be used to obtain remote code execution.
remediation: Fixed in version 3.6.3
reference:
- https://www.wordfence.com/blog/2022/04/elementor-critical-remote-code-execution-vulnerability/
- https://wordpress.org/plugins/elementor/
- https://plugins.trac.wordpress.org/changeset/2708766/elementor/trunk/core/app/modules/onboarding/module.php
- https://nvd.nist.gov/vuln/detail/CVE-2022-1329
remediation: Fixed in version 3.6.3
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.8
cve-id: CVE-2022-1329
cwe-id: CWE-434,CWE-862
epss-score: 0.96419
cpe: cpe:2.3:a:elementor:website_builder:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.99372
cpe: cpe:2.3:a:elementor:website_builder:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 4
verified: true
framework: wordpress
max-request: 4
vendor: elementor
product: website_builder
framework: wordpress
tags: cve,cve2022,rce,wordpress,wp-plugin,wp,elementor,authenticated,intrusive,fileupload
http:

6
http/cves/2022/CVE-2022-1386.yaml
View File

@ -6,6 +6,8 @@ info:
severity: critical
description: |
WordPress Fusion Builder plugin before 3.6.2 is susceptible to server-side request forgery. The plugin does not validate a parameter in its forms, which can be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. An attacker can potentially interact with hosts on the server's local network, bypass firewalls, and access control measures.
remediation: |
Update to the latest version of WordPress Fusion Builder plugin (3.6.2) or apply the vendor-provided patch.
reference:
- https://wpscan.com/vulnerability/bf7034ab-24c4-461f-a709-3f73988b536b
- https://www.rootshellsecurity.net/rootshell-discovered-a-critical-vulnerability-in-top-wordpress-theme/
@ -17,13 +19,13 @@ info:
cve-id: CVE-2022-1386
cwe-id: CWE-918
epss-score: 0.08014
cpe: cpe:2.3:a:theme-fusion:avada:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.93446
cpe: cpe:2.3:a:theme-fusion:avada:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 2
framework: wordpress
vendor: theme-fusion
product: avada
framework: wordpress
tags: wpscan,cve,cve2022,wordpress,ssrf,themefusion,wp,fusion,avada,intrusive
http:

8
http/cves/2022/CVE-2022-1388.yaml
View File

@ -6,6 +6,8 @@ info:
severity: critical
description: |
F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, may allow undisclosed requests to bypass iControl REST authentication.
remediation: |
Apply the necessary security patches or updates provided by F5 Networks to mitigate this vulnerability.
reference:
- https://twitter.com/GossiTheDog/status/1523566937414193153
- https://www.horizon3.ai/f5-icontrol-rest-endpoint-authentication-bypass-technical-deep-dive/
@ -17,14 +19,14 @@ info:
cve-id: CVE-2022-1388
cwe-id: CWE-306
epss-score: 0.9748
cpe: cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
epss-percentile: 0.9995
cpe: cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
metadata:
max-request: 2
shodan-query: http.title:"BIG-IP&reg;-+Redirect" +"Server"
verified: true
max-request: 2
vendor: f5
product: big-ip_access_policy_manager
shodan-query: http.title:"BIG-IP&reg;-+Redirect" +"Server"
tags: f5,bigip,cve,cve2022,rce,mirai,kev
variables:
auth: "admin:"

6
http/cves/2022/CVE-2022-1390.yaml
View File

@ -6,6 +6,8 @@ info:
severity: critical
description: |
The plugin does not validate the path parameter given to readfile(), which could allow unauthenticated attackers to read arbitrary files on server running old version of PHP susceptible to the null byte technique. This could also lead to RCE by using a Phar Deserialization technique.
remediation: |
Update to the latest version of the WordPress Admin Word Count Column plugin (2.2 or higher) to fix the local file inclusion vulnerability.
reference:
- https://packetstormsecurity.com/files/166476/WordPress-Admin-Word-Count-Column-2.2-Local-File-Inclusion.html
- https://wordpress.org/plugins/admin-word-count-column/
@ -17,13 +19,13 @@ info:
cve-id: CVE-2022-1390
cwe-id: CWE-22
epss-score: 0.96676
cpe: cpe:2.3:a:admin_word_count_column_project:admin_word_count_column:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.99485
cpe: cpe:2.3:a:admin_word_count_column_project:admin_word_count_column:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
framework: wordpress
vendor: admin_word_count_column_project
product: admin_word_count_column
framework: wordpress
tags: packetstorm,wpscan,cve,cve2022,wordpress,wp-plugin,lfi,wp
http:

6
http/cves/2022/CVE-2022-1391.yaml
View File

@ -6,6 +6,8 @@ info:
severity: critical
description: |
The Cab fare calculator WordPress plugin before 1.0.4 does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues.
remediation: |
Update to the latest version of the WordPress Cab fare calculator plugin (1.0.4) to fix the local file inclusion vulnerability.
reference:
- https://www.exploit-db.com/exploits/50843
- https://wordpress.org/plugins/cab-fare-calculator
@ -17,13 +19,13 @@ info:
cve-id: CVE-2022-1391
cwe-id: CWE-22
epss-score: 0.02167
cpe: cpe:2.3:a:kanev:cab_fare_calculator:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.87921
cpe: cpe:2.3:a:kanev:cab_fare_calculator:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
framework: wordpress
vendor: kanev
product: cab_fare_calculator
framework: wordpress
tags: cve2022,wordpress,wp-plugin,lfi,wp,edb,wpscan,cve
http:

8
http/cves/2022/CVE-2022-1392.yaml
View File

@ -5,6 +5,8 @@ info:
author: Veshraj
severity: high
description: WordPress Videos sync PDF 1.7.4 and prior does not validate the p parameter before using it in an include statement, which could lead to local file inclusion.
remediation: |
Upgrade to the latest version of WordPress Videos sync PDF plugin (>=1.7.5) or apply the vendor-provided patch to mitigate the vulnerability.
reference:
- https://wpscan.com/vulnerability/fe3da8c1-ae21-4b70-b3f5-a7d014aa3815
- https://packetstormsecurity.com/files/166534/
@ -15,14 +17,14 @@ info:
cve-id: CVE-2022-1392
cwe-id: CWE-22
epss-score: 0.01182
cpe: cpe:2.3:a:commoninja:videos_sync_pdf:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.83293
cpe: cpe:2.3:a:commoninja:videos_sync_pdf:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
verified: true
framework: wordpress
max-request: 1
vendor: commoninja
product: videos_sync_pdf
framework: wordpress
tags: lfi,wp-plugin,unauth,wpscan,cve,cve2022,packetstorm,wp,wordpress
http:

8
http/cves/2022/CVE-2022-1398.yaml
View File

@ -6,6 +6,8 @@ info:
severity: medium
description: |
WordPress External Media without Import plugin through 1.1.2 is susceptible to authenticated blind server-side request forgery. The plugin has no authorization and does not ensure that media added via URLs are external media, which can allow any authenticated users, including subscribers, to obtain sensitive information, modify data, and/or execute unauthorized administrative operations.
remediation: |
Upgrade to External Media without Import plugin version 1.1.2 or later.
reference:
- https://wpscan.com/vulnerability/5440d177-e995-403e-b2c9-42ceda14579e
- https://wordpress.org/plugins/external-media-without-import/
@ -16,14 +18,14 @@ info:
cve-id: CVE-2022-1398
cwe-id: CWE-918
epss-score: 0.0048
cpe: cpe:2.3:a:external_media_without_import_project:external_media_without_import:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.72781
cpe: cpe:2.3:a:external_media_without_import_project:external_media_without_import:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 3
verified: true
framework: wordpress
max-request: 3
vendor: external_media_without_import_project
product: external_media_without_import
framework: wordpress
tags: cve,cve2022,ssrf,wordpress,wp-plugin,wp,wpscan,external-media-without-import,authenticated,intrusive
http:

6
http/cves/2022/CVE-2022-1439.yaml
View File

@ -5,6 +5,8 @@ info:
author: pikpikcu
severity: medium
description: Microweber prior to 1.2.15 contains a reflected cross-site scripting vulnerability. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
remediation: |
Upgrade to Microweber CMS version 1.2.15 or later, which includes proper input sanitization to mitigate the XSS vulnerability.
reference:
- https://huntr.dev/bounties/86f6a762-0f3d-443d-a676-20f8496907e0/
- https://huntr.dev/bounties/86f6a762-0f3d-443d-a676-20f8496907e0
@ -16,13 +18,13 @@ info:
cve-id: CVE-2022-1439
cwe-id: CWE-79
epss-score: 0.00113
cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:*
epss-percentile: 0.44027
cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:*
metadata:
max-request: 1
shodan-query: http.favicon.hash:780351152
vendor: microweber
product: microweber
shodan-query: http.favicon.hash:780351152
tags: cve,cve2022,microweber,xss,huntr
http:

10
http/cves/2022/CVE-2022-1442.yaml
View File

@ -6,6 +6,8 @@ info:
severity: high
description: |
WordPress Metform plugin through 2.1.3 is susceptible to information disclosure due to improper access control in the ~/core/forms/action.php file. An attacker can view all API keys and secrets of integrated third-party APIs such as that of PayPal, Stripe, Mailchimp, Hubspot, HelpScout, reCAPTCHA and many more.
remediation: |
Upgrade to the latest version of the Metform plugin (>=2.1.4) to fix the information disclosure vulnerability.
reference:
- https://gist.github.com/Xib3rR4dAr/6e6c6e5fa1f8818058c7f03de1eda6bf
- https://wpscan.com/vulnerability/9f3fcdd4-9ddc-45d5-a4af-e58634813c2b
@ -18,15 +20,15 @@ info:
cve-id: CVE-2022-1442
cwe-id: CWE-862
epss-score: 0.07166
cpe: cpe:2.3:a:wpmet:metform_elementor_contact_form_builder:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.93146
cpe: cpe:2.3:a:wpmet:metform_elementor_contact_form_builder:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 2
google-query: inurl:/wp-content/plugins/metform
verified: true
framework: wordpress
max-request: 2
vendor: wpmet
product: metform_elementor_contact_form_builder
framework: wordpress
google-query: inurl:/wp-content/plugins/metform
tags: wpscan,cve2022,wordpress,wp-plugin,disclosure,unauth,metform,cve,wp
http:

8
http/cves/2022/CVE-2022-1574.yaml
View File

@ -6,6 +6,8 @@ info:
severity: critical
description: |
WordPress HTML2WP plugin through 1.0.0 contains an arbitrary file upload vulnerability. The plugin does not perform authorization and CSRF checks when importing files and does not validate them. As a result, an attacker can upload arbitrary files on the remote server.
remediation: |
Update to the latest version of the plugin or remove it if not needed.
reference:
- https://wpscan.com/vulnerability/c36d0ea8-bf5c-4af9-bd3d-911eb02adc14
- https://wordpress.org/plugins/html2wp/
@ -16,14 +18,14 @@ info:
cve-id: CVE-2022-1574
cwe-id: CWE-352
epss-score: 0.02682
cpe: cpe:2.3:a:html2wp_project:html2wp:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.89096
cpe: cpe:2.3:a:html2wp_project:html2wp:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 2
verified: true
framework: wordpress
max-request: 2
vendor: html2wp_project
product: html2wp
framework: wordpress
tags: wp-plugin,wp,fileupload,unauth,wpscan,cve2022,wordpress,intrusive,cve,html2wp
http:

8
http/cves/2022/CVE-2022-1595.yaml
View File

@ -6,6 +6,8 @@ info:
severity: medium
description: |
WordPress HC Custom WP-Admin URL plugin through 1.4 leaks the secret login URL when sending a specially crafted request, thereby allowing an attacker to discover the administrative login URL.
remediation: |
Update to the latest version of WordPress HC Custom WP-Admin URL plugin (>=1.5) to mitigate the vulnerability.
reference:
- https://wpscan.com/vulnerability/0218c90c-8f79-4f37-9a6f-60cf2f47d47b
- https://wordpress.org/plugins/hc-custom-wp-admin-url/
@ -16,14 +18,14 @@ info:
cve-id: CVE-2022-1595
cwe-id: CWE-200
epss-score: 0.0018
cpe: cpe:2.3:a:hc_custom_wp-admin_url_project:hc_custom_wp-admin_url:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.54465
cpe: cpe:2.3:a:hc_custom_wp-admin_url_project:hc_custom_wp-admin_url:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 2
verified: true
framework: wordpress
max-request: 2
vendor: hc_custom_wp-admin_url_project
product: hc_custom_wp-admin_url
framework: wordpress
tags: unauth,wpscan,cve,cve2022,wordpress,wp-plugin,wp,hc-custom-wp-admin-url
http:

10
http/cves/2022/CVE-2022-1597.yaml
View File

@ -6,6 +6,8 @@ info:
severity: medium
description: |
WordPress WPQA plugin prior to 5.4 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape a parameter on its reset password form.
remediation: |
Upgrade WordPress WPQA to version 5.4 or later, which includes proper input sanitization to mitigate this vulnerability.
reference:
- https://wpscan.com/vulnerability/faff9484-9fc7-4300-bdad-9cd8a30a9a4e
- https://nvd.nist.gov/vuln/detail/CVE-2022-1597
@ -15,15 +17,15 @@ info:
cve-id: CVE-2022-1597
cwe-id: CWE-79
epss-score: 0.00252
cpe: cpe:2.3:a:2code:wpqa_builder:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.62319
cpe: cpe:2.3:a:2code:wpqa_builder:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 2
google-query: inurl:/wp-content/plugins/wpqa
verified: true
framework: wordpress
max-request: 2
vendor: 2code
product: wpqa_builder
framework: wordpress
google-query: inurl:/wp-content/plugins/wpqa
tags: wpscan,xss,wordpress,wp-plugin,wp,cve,cve2022,wpqa
variables:
user: "{{to_lower(rand_base(5))}}"

10
http/cves/2022/CVE-2022-1598.yaml
View File

@ -6,6 +6,8 @@ info:
severity: medium
description: |
WordPress WPQA plugin before 5.5 is susceptible to improper access control. The plugin lacks authentication in a REST API endpoint. An attacker can potentially discover private questions sent between users on the site.
remediation: |
Update the WPQA plugin to version 5.5 or later to fix the improper access control issue.
reference:
- https://wpscan.com/vulnerability/0416ae2f-5670-4080-a88d-3484bb19d8c8
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1598
@ -16,15 +18,15 @@ info:
cve-id: CVE-2022-1598
cwe-id: CWE-306
epss-score: 0.02766
cpe: cpe:2.3:a:2code:wpqa_builder:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.89258
cpe: cpe:2.3:a:2code:wpqa_builder:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
google-query: inurl:/wp-content/plugins/wpqa
verified: true
framework: wordpress
max-request: 1
vendor: 2code
product: wpqa_builder
framework: wordpress
google-query: inurl:/wp-content/plugins/wpqa
tags: cve,cve2022,wordpress,wp-plugin,wpqa,idor,wpscan
http:

4
http/cves/2022/CVE-2022-1609.yaml
View File

@ -5,6 +5,8 @@ info:
author: For3stCo1d
severity: critical
description: The School Management plugin before version 9.9.7 contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated attacker to execute arbitrary PHP code on the site.
remediation: |
Upgrade The School Management to version 9.9.7 or later to mitigate this vulnerability.
reference:
- https://wpscan.com/vulnerability/e2d546c9-85b6-47a4-b951-781b9ae5d0f2
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1609
@ -14,8 +16,8 @@ info:
cve-id: CVE-2022-1609
cwe-id: CWE-77
metadata:
max-request: 1
verified: false
max-request: 1
tags: rce,wp,backdoor,wpscan,cve,cve2022,wordpress
variables:
cmd: "echo CVE-2022-1609 | rev"

8
http/cves/2022/CVE-2022-1713.yaml
View File

@ -6,6 +6,8 @@ info:
severity: high
description: |
Drawio prior to 18.0.4 is vulnerable to server-side request forgery. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information.
remediation: |
Upgrade Drawio to version 18.0.4 or later to mitigate the SSRF vulnerability.
reference:
- https://huntr.dev/bounties/cad3902f-3afb-4ed2-abd0-9f96a248de11
- https://github.com/jgraph/drawio/commit/283d41ec80ad410d68634245cf56114bc19331ee
@ -16,14 +18,14 @@ info:
cve-id: CVE-2022-1713
cwe-id: CWE-918
epss-score: 0.00967
cpe: cpe:2.3:a:diagrams:drawio:*:*:*:*:*:*:*:*
epss-percentile: 0.81398
cpe: cpe:2.3:a:diagrams:drawio:*:*:*:*:*:*:*:*
metadata:
max-request: 1
verified: true
shodan-query: http.title:"Flowchart Maker"
max-request: 1
vendor: diagrams
product: drawio
shodan-query: http.title:"Flowchart Maker"
tags: drawio,ssrf,oss,huntr,cve,cve2022
http:

8
http/cves/2022/CVE-2022-1724.yaml
View File

@ -5,6 +5,8 @@ info:
author: Akincibor
severity: medium
description: WordPress Simple Membership plugin before 4.1.1 contains a reflected cross-site scripting vulnerability. It does not properly sanitize and escape parameters before outputting them back in AJAX actions.
remediation: |
Update to the latest version of WordPress Simple Membership plugin (4.1.1 or higher) to mitigate the vulnerability.
reference:
- https://wpscan.com/vulnerability/96a0a667-9c4b-4ea6-b78a-0681e9a9bbae
- https://nvd.nist.gov/vuln/detail/CVE-2022-1724
@ -14,14 +16,14 @@ info:
cve-id: CVE-2022-1724
cwe-id: CWE-79
epss-score: 0.00119
cpe: cpe:2.3:a:simple-membership-plugin:simple_membership:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.45304
cpe: cpe:2.3:a:simple-membership-plugin:simple_membership:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
verified: true
framework: wordpress
max-request: 1
vendor: simple-membership-plugin
product: simple_membership
framework: wordpress
tags: xss,wp,wordpress,wpscan,cve,cve2022,wp-plugin
http:

8
http/cves/2022/CVE-2022-1756.yaml
View File

@ -6,26 +6,26 @@ info:
severity: medium
description: |
The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $_SERVER['REQUEST_URI'] before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected XSS in older browsers such as Internet Explorer 9 or below.
remediation: Fixed in version 7.4.5
reference:
- https://wpscan.com/vulnerability/6ad407fe-db2b-41fb-834b-dd8c4f62b072
- https://nvd.nist.gov/vuln/detail/CVE-2022-1756
- https://wordpress.org/plugins/newsletter/
remediation: Fixed in version 7.4.5
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-1756
cwe-id: CWE-79
epss-score: 0.00099
cpe: cpe:2.3:a:thenewsletterplugin:newsletter:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.40272
cpe: cpe:2.3:a:thenewsletterplugin:newsletter:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
publicwww-query: "/wp-content/plugins/newsletter/"
max-request: 2
framework: wordpress
vendor: thenewsletterplugin
product: newsletter
framework: wordpress
publicwww-query: "/wp-content/plugins/newsletter/"
tags: wpscan,cve,cve2022,newsletter,xss,authenticated
http:

8
http/cves/2022/CVE-2022-1768.yaml
View File

@ -6,6 +6,8 @@ info:
severity: high
description: |
WordPress RSVPMaker plugin through 9.3.2 contains a SQL injection vulnerability due to insufficient escaping and parameterization on user-supplied data passed to multiple SQL queries in ~/rsvpmaker-email.php. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
remediation: |
Update to the latest version of the RSVPMaker plugin (9.3.3 or higher) to mitigate the SQL Injection vulnerability.
reference:
- https://gist.github.com/Xib3rR4dAr/441d6bb4a5b8ad4b25074a49210a02cc
- https://wordpress.org/plugins/rsvpmaker/
@ -18,14 +20,14 @@ info:
cve-id: CVE-2022-1768
cwe-id: CWE-89
epss-score: 0.63139
cpe: cpe:2.3:a:rsvpmaker_project:rsvpmaker:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.97399
cpe: cpe:2.3:a:rsvpmaker_project:rsvpmaker:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
verified: true
framework: wordpress
max-request: 1
vendor: rsvpmaker_project
product: rsvpmaker
framework: wordpress
tags: cve,cve2022,wordpress,wp-plugin,wp,sqli,rsvpmaker
http:

Some files were not shown because too many files have changed in this diff Show More