updated 2022 CVEs
parent
137cf38b8b
commit
449651f076
|
@ -6,6 +6,8 @@ info:
|
|||
severity: medium
|
||||
description: |
|
||||
WordPress Visual Form Builder plugin before 3.0.8 contains a cross-site scripting vulnerability. The plugin does not perform access control on entry form export, allowing an unauthenticated user to export the form entries as CSV files using the vfb-export endpoint.
|
||||
remediation: |
|
||||
Update to the latest version of the WordPress Visual Form Builder plugin (3.0.8) or apply the vendor-supplied patch to mitigate this vulnerability.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/9fa2b3b6-2fe3-40f0-8f71-371dd58fe336
|
||||
- https://www.fortiguard.com/zeroday/FG-VD-21-082
|
||||
|
@ -16,13 +18,13 @@ info:
|
|||
cve-id: CVE-2022-0140
|
||||
cwe-id: CWE-306
|
||||
epss-score: 0.01084
|
||||
cpe: cpe:2.3:a:vfbpro:visual_form_builder:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.82506
|
||||
cpe: cpe:2.3:a:vfbpro:visual_form_builder:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
framework: wordpress
|
||||
vendor: vfbpro
|
||||
product: visual_form_builder
|
||||
framework: wordpress
|
||||
tags: wpscan,cve,cve2022,xss,wordpress
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: medium
|
||||
description: |
|
||||
WordPress Cookie Information/Free GDPR Consent Solution plugin prior to 2.0.8 contains a cross-site scripting vulnerability via the admin dashboard. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
|
||||
remediation: |
|
||||
Update to the latest version of the WordPress Cookie Information/Free GDPR Consent Solution plugin (2.0.8 or higher) to mitigate this vulnerability.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/2c735365-69c0-4652-b48e-c4a192dfe0d1
|
||||
- https://wordpress.org/plugins/wp-gdpr-compliance/
|
||||
|
@ -17,14 +19,14 @@ info:
|
|||
cve-id: CVE-2022-0147
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.00133
|
||||
cpe: cpe:2.3:a:cookieinformation:wp-gdpr-compliance:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.47722
|
||||
cpe: cpe:2.3:a:cookieinformation:wp-gdpr-compliance:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 2
|
||||
verified: true
|
||||
framework: wordpress
|
||||
max-request: 2
|
||||
vendor: cookieinformation
|
||||
product: wp-gdpr-compliance
|
||||
framework: wordpress
|
||||
tags: cve2022,wordpress,xss,wp,authenticated,cve,wp-plugin,wp-gdpr-compliance,wpscan
|
||||
|
||||
http:
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: DhiyaneshDK
|
||||
severity: medium
|
||||
description: WordPress All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon Tabs plugin before 2.0.4 contains a reflected cross-site scripting vulnerability on the my-sticky-elements-leads admin page.
|
||||
remediation: |
|
||||
Update the WordPress All-in-one Floating Contact Form plugin to version 2.0.4 or later to mitigate the vulnerability.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/37665ee1-c57f-4445-9596-df4f7d72c8cd
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0148
|
||||
|
@ -16,13 +18,13 @@ info:
|
|||
cve-id: CVE-2022-0148
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.00165
|
||||
cpe: cpe:2.3:a:premio:mystickyelements:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.52528
|
||||
cpe: cpe:2.3:a:premio:mystickyelements:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 2
|
||||
framework: wordpress
|
||||
vendor: premio
|
||||
product: mystickyelements
|
||||
framework: wordpress
|
||||
tags: xss,wp-plugin,authenticated,wpscan,cve,cve2022,wordpress
|
||||
|
||||
http:
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: dhiyaneshDk
|
||||
severity: medium
|
||||
description: The plugin was affected by a reflected cross-site scripting vulnerability in the woo_ce admin page.
|
||||
remediation: |
|
||||
Update to the latest version of the WooCommerce Stored Exporter WordPress Plugin (2.7.1) or apply the vendor-provided patch to mitigate this vulnerability.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/e47c288a-2ea3-4926-93cc-113867cbc77c
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-0149
|
||||
|
@ -15,13 +17,13 @@ info:
|
|||
cve-id: CVE-2022-0149
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.00115
|
||||
cpe: cpe:2.3:a:visser:store_exporter_for_woocommerce:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.44376
|
||||
cpe: cpe:2.3:a:visser:store_exporter_for_woocommerce:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 2
|
||||
framework: wordpress
|
||||
vendor: visser
|
||||
product: store_exporter_for_woocommerce
|
||||
framework: wordpress
|
||||
tags: wpscan,cve,cve2022,wordpress,wp-plugin,xss,woocommerce,authenticated
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: medium
|
||||
description: |
|
||||
WordPress Accessibility Helper plugin before 0.6.0.7 contains a cross-site scripting vulnerability. It does not sanitize and escape the wahi parameter before outputting back its base64 decode value in the page.
|
||||
remediation: |
|
||||
Update to WordPress Accessibility Helper version 0.6.0.7 or later to mitigate this vulnerability.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/7142a538-7c3d-4dd0-bd2c-cbd2efaf53c5
|
||||
- https://plugins.trac.wordpress.org/changeset/2661008
|
||||
|
@ -15,13 +17,13 @@ info:
|
|||
cve-id: CVE-2022-0150
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.00133
|
||||
cpe: cpe:2.3:a:wp_accessibility_helper_project:wp_accessibility_helper:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.47722
|
||||
cpe: cpe:2.3:a:wp_accessibility_helper_project:wp_accessibility_helper:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
framework: wordpress
|
||||
vendor: wp_accessibility_helper_project
|
||||
product: wp_accessibility_helper
|
||||
framework: wordpress
|
||||
tags: wordpress,wp-plugin,wp,wpscan,cve,cve2022,xss
|
||||
|
||||
http:
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: akincibor
|
||||
severity: medium
|
||||
description: WordPress Page Builder KingComposer 2.9.6 and prior does not validate the id parameter before redirecting the user to it via the kc_get_thumbn AJAX action (which is available to both unauthenticated and authenticated users).
|
||||
remediation: |
|
||||
Update to the latest version of KingComposer (>=2.9.7) to fix the open redirect vulnerability.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/906d0c31-370e-46b4-af1f-e52fbddd00cb
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-0165
|
||||
|
@ -14,13 +16,13 @@ info:
|
|||
cve-id: CVE-2022-0165
|
||||
cwe-id: CWE-601
|
||||
epss-score: 0.00133
|
||||
cpe: cpe:2.3:a:king-theme:kingcomposer:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.47728
|
||||
cpe: cpe:2.3:a:king-theme:kingcomposer:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
framework: wordpress
|
||||
vendor: king-theme
|
||||
product: kingcomposer
|
||||
framework: wordpress
|
||||
tags: cve,cve2022,wp-plugin,redirect,wordpress,wp,wpscan
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,27 +6,27 @@ info:
|
|||
severity: critical
|
||||
description: |
|
||||
The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not validate and escape the bwg_tag_id_bwg_thumbnails_0 parameter before using it in a SQL statement via the bwg_frontend_data AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL injection
|
||||
remediation: This is resolved in release 1.6.0.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/0b4d870f-eab8-4544-91f8-9c5f0538709c
|
||||
- https://wordpress.org/plugins/photo-gallery/advanced/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-0169
|
||||
- https://plugins.trac.wordpress.org/changeset/2672822/photo-gallery#file9
|
||||
remediation: This is resolved in release 1.6.0.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2022-0169
|
||||
cwe-id: CWE-89
|
||||
epss-score: 0.01109
|
||||
cpe: cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.82695
|
||||
cpe: cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
verified: true
|
||||
publicwww-query: "/wp-content/plugins/photo-gallery"
|
||||
framework: wordpress
|
||||
max-request: 1
|
||||
vendor: 10web
|
||||
product: photo_gallery
|
||||
framework: wordpress
|
||||
publicwww-query: "/wp-content/plugins/photo-gallery"
|
||||
tags: wpscan,cve,cve2022,wp,wp-plugin,wordpress,sqli,photo-gallery
|
||||
variables:
|
||||
num: "999999999"
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: DhiyaneshDK
|
||||
severity: medium
|
||||
description: WordPress RSS Aggregator < 4.20 is susceptible to cross-site scripting. The plugin does not sanitize and escape the id parameter in the wprss_fetch_items_row_action AJAX action before outputting it back in the response, leading to reflected cross-site scripting.
|
||||
remediation: |
|
||||
Update WordPress RSS Aggregator plugin to version 4.20 or later to mitigate the vulnerability.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/52a71bf1-b8bc-479e-b741-eb8fb9685014
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0189
|
||||
|
@ -15,13 +17,13 @@ info:
|
|||
cve-id: CVE-2022-0189
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.00133
|
||||
cpe: cpe:2.3:a:wprssaggregator:wp_rss_aggregator:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.47722
|
||||
cpe: cpe:2.3:a:wprssaggregator:wp_rss_aggregator:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 2
|
||||
framework: wordpress
|
||||
vendor: wprssaggregator
|
||||
product: wp_rss_aggregator
|
||||
framework: wordpress
|
||||
tags: wpscan,cve,cve2022,wordpress,xss,wp-plugin,authenticated
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: medium
|
||||
description: |
|
||||
WordPress Permalink Manager Lite and Pro plugins before 2.2.15 contain a reflected cross-site scripting vulnerability. They do not sanitize and escape query parameters before outputting them back in the debug page.
|
||||
remediation: |
|
||||
Update to WordPress Permalink Manager version 2.2.15 or later to mitigate the vulnerability.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/f274b0d8-74bf-43de-9051-29ce36d78ad4
|
||||
- https://plugins.trac.wordpress.org/changeset/2656512
|
||||
|
@ -15,13 +17,13 @@ info:
|
|||
cve-id: CVE-2022-0201
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.00115
|
||||
cpe: cpe:2.3:a:permalink_manager_lite_project:permalink_manager_lite:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.44376
|
||||
cpe: cpe:2.3:a:permalink_manager_lite_project:permalink_manager_lite:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
framework: wordpress
|
||||
vendor: permalink_manager_lite_project
|
||||
product: permalink_manager_lite
|
||||
framework: wordpress
|
||||
tags: wp-plugin,wpscan,cve,cve2022,xss,wordpress
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,25 +6,25 @@ info:
|
|||
severity: medium
|
||||
description: |
|
||||
WordPress NewStatPress plugin before 1.3.6 is susceptible to cross-site scripting. The plugin does not properly escape the whatX parameters before outputting them back in attributes. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
|
||||
remediation: Fixed in version 1.3.6.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/ce12437a-d440-4c4a-9247-95a8f39d00b9
|
||||
- https://wordpress.org/plugins/newstatpress
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-0206
|
||||
remediation: Fixed in version 1.3.6.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2022-0206
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.00122
|
||||
cpe: cpe:2.3:a:newstatpress_project:newstatpress:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.45705
|
||||
cpe: cpe:2.3:a:newstatpress_project:newstatpress:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 2
|
||||
verified: true
|
||||
framework: wordpress
|
||||
max-request: 2
|
||||
vendor: newstatpress_project
|
||||
product: newstatpress
|
||||
framework: wordpress
|
||||
tags: xss,wp,authenticated,cve2022,wordpress,wp-plugin,newstatpress,wpscan,cve
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: medium
|
||||
description: |
|
||||
WordPress Plugin MapPress before version 2.73.4 does not sanitize and escape the 'mapid' parameter before outputting it back in the "Bad mapid" error message, leading to reflected cross-site scripting.
|
||||
remediation: |
|
||||
Update to the latest version of MapPress (2.73.4 or higher) or apply the vendor-provided patch to fix the XSS vulnerability.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/59a2abd0-4aee-47aa-ad3a-865f624fa0fc
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-0208
|
||||
|
@ -15,13 +17,13 @@ info:
|
|||
cve-id: CVE-2022-0208
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.00122
|
||||
cpe: cpe:2.3:a:mappresspro:mappress:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.45705
|
||||
cpe: cpe:2.3:a:mappresspro:mappress:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
framework: wordpress
|
||||
vendor: mappresspro
|
||||
product: mappress
|
||||
framework: wordpress
|
||||
tags: cve2022,mappress,xss,wordpress,wp-plugin,wpscan,cve
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: medium
|
||||
description: |
|
||||
WorsPress Spider Calendar plugin through 1.5.65 is susceptible to cross-site scripting. The plugin does not sanitize and escape the callback parameter before outputting it back in the page via the window AJAX action, available to both unauthenticated and authenticated users. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
|
||||
remediation: |
|
||||
Update to the latest version of WordPress Spider Calendar plugin (>=1.5.66) or apply the vendor-supplied patch to fix the XSS vulnerability.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/15be2d2b-baa3-4845-82cf-3c351c695b47
|
||||
- https://wordpress.org/plugins/spider-event-calendar/
|
||||
|
@ -16,14 +18,14 @@ info:
|
|||
cve-id: CVE-2022-0212
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.00099
|
||||
cpe: cpe:2.3:a:10web:spidercalendar:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.40308
|
||||
cpe: cpe:2.3:a:10web:spidercalendar:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
verified: true
|
||||
framework: wordpress
|
||||
max-request: 1
|
||||
vendor: 10web
|
||||
product: spidercalendar
|
||||
framework: wordpress
|
||||
tags: cve,cve2022,xss,wpscan,wordpress,wp-plugin,wp,spider-event-calendar,unauthenticated
|
||||
|
||||
http:
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: hexcat
|
||||
severity: medium
|
||||
description: WordPress Email Template Designer WP HTML Mail allows stored cross-site scripting through an unprotected REST-API endpoint.
|
||||
remediation: |
|
||||
Update to version 3.1 or later of the HTML Email Template Designer plugin to fix the vulnerability.
|
||||
reference:
|
||||
- https://www.wordfence.com/blog/2022/01/unauthenticated-xss-vulnerability-patched-in-html-email-template-designer-plugin/
|
||||
- https://wordpress.org/plugins/wp-html-mail/
|
||||
|
@ -16,13 +18,13 @@ info:
|
|||
cve-id: CVE-2022-0218
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.03872
|
||||
cpe: cpe:2.3:a:codemiq:wordpress_email_template_designer:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.90766
|
||||
cpe: cpe:2.3:a:codemiq:wordpress_email_template_designer:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
framework: wordpress
|
||||
vendor: codemiq
|
||||
product: wordpress_email_template_designer
|
||||
framework: wordpress
|
||||
tags: wordpress,wp-plugin,xss,cve,cve2022
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,23 +6,23 @@ info:
|
|||
severity: medium
|
||||
description: |
|
||||
WordPress GDPR & CCPA plugin before 1.9.27 contains a cross-site scripting vulnerability. The check_privacy_settings AJAX action, available to both unauthenticated and authenticated users, responds with JSON data without an "application/json" content-type, and JavaScript code may be executed on a victim's browser.
|
||||
remediation: Version 1.9.26 has added a CSRF check. This vulnerability is only exploitable against unauthenticated users.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/a91a01b9-7e36-4280-bc50-f6cff3e66059
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-0220
|
||||
remediation: Version 1.9.26 has added a CSRF check. This vulnerability is only exploitable against unauthenticated users.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2022-0220
|
||||
cwe-id: CWE-116
|
||||
epss-score: 0.00124
|
||||
cpe: cpe:2.3:a:welaunch:wordpress_gdpr\&ccpa:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.46073
|
||||
cpe: cpe:2.3:a:welaunch:wordpress_gdpr\&ccpa:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 2
|
||||
framework: wordpress
|
||||
vendor: welaunch
|
||||
product: wordpress_gdpr\&ccpa
|
||||
framework: wordpress
|
||||
tags: wpscan,cve,cve2022,wordpress,wp-plugin,wp,xss,unauth
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: medium
|
||||
description: |
|
||||
WordPress WOOCS plugin before 1.3.7.5 is susceptible to cross-site scripting. The plugin does not sanitize and escape the woocs_in_order_currency parameter of the woocs_get_products_price_html AJAX action, available to both unauthenticated and authenticated users, before outputting it back in the response. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
|
||||
remediation: |
|
||||
Update the WordPress WOOCS plugin to version 1.3.7.5 or later to mitigate the XSS vulnerability.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/fd568a1f-bd51-41bb-960d-f8573b84527b
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0234
|
||||
|
@ -17,15 +19,15 @@ info:
|
|||
cve-id: CVE-2022-0234
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.00133
|
||||
cpe: cpe:2.3:a:pluginus:woocs:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.47722
|
||||
cpe: cpe:2.3:a:pluginus:woocs:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
google-query: inurl:"wp-content/plugins/woocommerce-currency-switcher"
|
||||
verified: true
|
||||
framework: wordpress
|
||||
max-request: 1
|
||||
vendor: pluginus
|
||||
product: woocs
|
||||
framework: wordpress
|
||||
google-query: inurl:"wp-content/plugins/woocommerce-currency-switcher"
|
||||
tags: wpscan,cve,cve2022,wordpress,wp-plugin,wp,xss,woocs
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: medium
|
||||
description: |
|
||||
WordPress LearnPress plugin before 4.1.6 contains a cross-site scripting vulnerability. It does not sanitize and escape the lp-dismiss-notice before outputting it back via the lp_background_single_email AJAX action.
|
||||
remediation: |
|
||||
Upgrade LearnPress to version 4.1.6 or later to mitigate this vulnerability.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/ad07d9cd-8a75-4f7c-bbbe-3b6b89b699f2
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0271
|
||||
|
@ -16,13 +18,13 @@ info:
|
|||
cve-id: CVE-2022-0271
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.00119
|
||||
cpe: cpe:2.3:a:thimpress:learnpress:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.45304
|
||||
cpe: cpe:2.3:a:thimpress:learnpress:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
framework: wordpress
|
||||
vendor: thimpress
|
||||
product: learnpress
|
||||
framework: wordpress
|
||||
tags: wp,wp-plugin,wordpress,cve,cve2022,learnpress,wpscan,xss
|
||||
|
||||
http:
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: pikpikcu
|
||||
severity: high
|
||||
description: Microweber contains a vulnerability that allows exposure of sensitive information to an unauthorized actor in Packagist microweber/microweber prior to 1.2.11.
|
||||
remediation: |
|
||||
Apply the latest security patch or update provided by the Microweber CMS vendor to fix the information disclosure vulnerability (CVE-2022-0281).
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-0281
|
||||
- https://github.com/microweber/microweber/commit/e680e134a4215c979bfd2eaf58336be34c8fc6e6
|
||||
|
@ -15,13 +17,13 @@ info:
|
|||
cve-id: CVE-2022-0281
|
||||
cwe-id: CWE-200
|
||||
epss-score: 0.00492
|
||||
cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.7314
|
||||
cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
shodan-query: http.favicon.hash:780351152
|
||||
vendor: microweber
|
||||
product: microweber
|
||||
shodan-query: http.favicon.hash:780351152
|
||||
tags: cve,cve2022,microweber,disclosure,huntr
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,23 +6,23 @@ info:
|
|||
severity: medium
|
||||
description: |
|
||||
WordPress Ad Inserter plugin before 2.7.10 contains a cross-site scripting vulnerability. It does not sanitize and escape the html_element_selection parameter before outputting it back in the page.
|
||||
remediation: Fixed in version 2.7.12
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/27b64412-33a4-462c-bc45-f81697e4fe42
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-0288
|
||||
remediation: Fixed in version 2.7.12
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2022-0288
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.00141
|
||||
cpe: cpe:2.3:a:ad_inserter_pro_project:ad_inserter_pro:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.49173
|
||||
cpe: cpe:2.3:a:ad_inserter_pro_project:ad_inserter_pro:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
framework: wordpress
|
||||
vendor: ad_inserter_pro_project
|
||||
product: ad_inserter_pro
|
||||
framework: wordpress
|
||||
tags: wordpress,xss,wpscan,cve,cve2022
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: medium
|
||||
description: |
|
||||
WordPress XML Sitemap Generator for Google plugin before 2.0.4 contains a cross-site scripting vulnerability that can lead to remote code execution. It does not validate a parameter which can be set to an arbitrary value, thus causing cross-site scripting via error message or remote code execution if allow_url_include is turned on.
|
||||
remediation: |
|
||||
Update the WordPress XML Sitemap Generator for Google plugin to version 2.0.4 or later to mitigate the XSS and RCE vulnerabilities.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/4b339390-d71a-44e0-8682-51a12bd2bfe6
|
||||
- https://wordpress.org/plugins/www-xml-sitemap-generator-org/
|
||||
|
@ -16,14 +18,14 @@ info:
|
|||
cve-id: CVE-2022-0346
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.00099
|
||||
cpe: cpe:2.3:a:xmlsitemapgenerator:xml_sitemap_generator:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.40272
|
||||
cpe: cpe:2.3:a:xmlsitemapgenerator:xml_sitemap_generator:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 2
|
||||
verified: true
|
||||
framework: wordpress
|
||||
max-request: 2
|
||||
vendor: xmlsitemapgenerator
|
||||
product: xml_sitemap_generator
|
||||
framework: wordpress
|
||||
tags: wpscan,cve,cve2022,wp,wordpress,wp-plugin,xss,www-xml-sitemap-generator-org
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: critical
|
||||
description: |
|
||||
WordPress NotificationX plugin prior to 2.3.9 contains a SQL injection vulnerability. The plugin does not sanitize and escape the nx_id parameter before using it in a SQL statement, leading to an unauthenticated blind SQL injection. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
|
||||
remediation: |
|
||||
Update to the latest version of the WordPress NotificationX plugin (2.3.9 or higher) to mitigate the SQL Injection vulnerability.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/1d0dd7be-29f3-4043-a9c6-67d02746463a
|
||||
- https://wordpress.org/plugins/notificationx/advanced/
|
||||
|
@ -16,14 +18,14 @@ info:
|
|||
cve-id: CVE-2022-0349
|
||||
cwe-id: CWE-89
|
||||
epss-score: 0.01307
|
||||
cpe: cpe:2.3:a:wpdeveloper:notificationx:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.84219
|
||||
cpe: cpe:2.3:a:wpdeveloper:notificationx:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
verified: true
|
||||
framework: wordpress
|
||||
max-request: 1
|
||||
vendor: wpdeveloper
|
||||
product: notificationx
|
||||
framework: wordpress
|
||||
tags: cve2022,wordpress,wp-plugin,wp,sqli,notificationx,wpscan,cve
|
||||
|
||||
http:
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: pikpikcu
|
||||
severity: medium
|
||||
description: Microweber contains a reflected cross-site scripting in Packagist microweber/microweber prior to 1.2.11.
|
||||
remediation: |
|
||||
Apply the latest security patch or upgrade to a version that has addressed the vulnerability.
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-0378
|
||||
- https://github.com/microweber/microweber/commit/fc7e1a026735b93f0e0047700d08c44954fce9ce
|
||||
|
@ -15,13 +17,13 @@ info:
|
|||
cve-id: CVE-2022-0378
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.001
|
||||
cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.40521
|
||||
cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
shodan-query: http.favicon.hash:780351152
|
||||
vendor: microweber
|
||||
product: microweber
|
||||
shodan-query: http.favicon.hash:780351152
|
||||
tags: cve,cve2022,microweber,xss,huntr
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: medium
|
||||
description: |
|
||||
WordPress Embed Swagger plugin 1.0.0 and prior contains a reflected cross-site scripting vulnerability due to insufficient escaping/sanitization and validation via the url parameter found in the ~/swagger-iframe.php file, which allows attackers to inject arbitrary web scripts onto the page.
|
||||
remediation: |
|
||||
Update to the latest version of the WordPress Embed Swagger plugin (1.0.0) or apply a patch provided by the vendor.
|
||||
reference:
|
||||
- https://gist.github.com/Xib3rR4dAr/4b3ea7960914e23c3a875b973a5b37a3
|
||||
- https://www.wordfence.com/vulnerability-advisories/#CVE-2022-0381
|
||||
|
@ -17,13 +19,13 @@ info:
|
|||
cve-id: CVE-2022-0381
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.00218
|
||||
cpe: cpe:2.3:a:embed_swagger_project:embed_swagger:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.59071
|
||||
cpe: cpe:2.3:a:embed_swagger_project:embed_swagger:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
framework: wordpress
|
||||
vendor: embed_swagger_project
|
||||
product: embed_swagger
|
||||
framework: wordpress
|
||||
tags: cve,cve2022,swagger,xss,wordpress
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: critical
|
||||
description: |
|
||||
WordPress TI WooCommerce Wishlist plugin before 1.40.1 contains a SQL injection vulnerability. The plugin does not sanitize and escape the item_id parameter before using it in a SQL statement via the wishlist/remove_product REST endpoint.
|
||||
remediation: |
|
||||
Update to the latest version of the TI WooCommerce Wishlist plugin (1.40.1 or higher).
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/e984ba11-abeb-4ed4-9dad-0bfd539a9682
|
||||
- https://wordpress.org/plugins/ti-woocommerce-wishlist/advanced/
|
||||
|
@ -17,14 +19,14 @@ info:
|
|||
cve-id: CVE-2022-0412
|
||||
cwe-id: CWE-89
|
||||
epss-score: 0.02963
|
||||
cpe: cpe:2.3:a:templateinvaders:ti_woocommerce_wishlist:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.89567
|
||||
cpe: cpe:2.3:a:templateinvaders:ti_woocommerce_wishlist:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
verified: true
|
||||
framework: wordpress
|
||||
max-request: 1
|
||||
vendor: templateinvaders
|
||||
product: ti_woocommerce_wishlist
|
||||
framework: wordpress
|
||||
tags: sqli,ti-woocommerce-wishlist,wpscan,cve,cve2022,woocommerce,wordpress,wp-plugin,wp
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,22 +6,22 @@ info:
|
|||
severity: high
|
||||
description: |
|
||||
Gogs before 0.12.6 is susceptible to remote command execution via the uploading repository file in GitHub repository gogs/gogs. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
|
||||
remediation: Fixed in version 0.12.6.
|
||||
reference:
|
||||
- https://github.com/gogs/gogs/commit/0fef3c9082269e9a4e817274942a5d7c50617284
|
||||
- https://huntr.dev/bounties/b4928cfe-4110-462f-a180-6d5673797902
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-0415
|
||||
remediation: Fixed in version 0.12.6.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 8.8
|
||||
cve-id: CVE-2022-0415
|
||||
cwe-id: CWE-20,CWE-434
|
||||
epss-score: 0.27369
|
||||
cpe: cpe:2.3:a:gogs:gogs:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.96168
|
||||
cpe: cpe:2.3:a:gogs:gogs:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 6
|
||||
verified: true
|
||||
max-request: 6
|
||||
vendor: gogs
|
||||
product: gogs
|
||||
tags: rce,gogs,authenticated,huntr,cve,cve2022,intrusive
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: medium
|
||||
description: |
|
||||
WordPress White Label CMS plugin before 2.2.9 contains a reflected cross-site scripting vulnerability. It does not sanitize and validate the wlcms[_login_custom_js] parameter before outputting it back in the response while previewing.
|
||||
remediation: |
|
||||
Update to WordPress White Label CMS plugin version 2.2.9 or later to mitigate this vulnerability.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/429be4eb-8a6b-4531-9465-9ef0d35c12cc
|
||||
- https://plugins.trac.wordpress.org/changeset/2672615
|
||||
|
@ -16,13 +18,13 @@ info:
|
|||
cve-id: CVE-2022-0422
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.00133
|
||||
cpe: cpe:2.3:a:videousermanuals:white_label_cms:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.47722
|
||||
cpe: cpe:2.3:a:videousermanuals:white_label_cms:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
framework: wordpress
|
||||
vendor: videousermanuals
|
||||
product: white_label_cms
|
||||
framework: wordpress
|
||||
tags: cve,cve2022,wordpress,xss,wp-plugin,wpscan
|
||||
|
||||
http:
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: pikpikcu
|
||||
severity: medium
|
||||
description: The GitHub repository mastodon/mastodon prior to 3.5.0 contains a Prototype Pollution vulnerability.
|
||||
remediation: |
|
||||
Apply the latest security patches and updates provided by the Mastodon project to mitigate the vulnerability.
|
||||
reference:
|
||||
- https://github.com/mastodon/mastodon/commit/4d6d4b43c6186a13e67b92eaf70fe1b70ea24a09
|
||||
- https://drive.google.com/file/d/1vpZ0CcmFhTEUasLTPUBf8o-4l7G6ojtG/view
|
||||
|
@ -16,8 +18,8 @@ info:
|
|||
cve-id: CVE-2022-0432
|
||||
cwe-id: CWE-1321
|
||||
epss-score: 0.001
|
||||
cpe: cpe:2.3:a:joinmastodon:mastodon:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.40521
|
||||
cpe: cpe:2.3:a:joinmastodon:mastodon:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
vendor: joinmastodon
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: critical
|
||||
description: |
|
||||
WordPress Page Views Count plugin prior to 2.4.15 contains an unauthenticated SQL injection vulnerability. It does not sanitise and escape the post_ids parameter before using it in a SQL statement via a REST endpoint. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
|
||||
remediation: |
|
||||
Update to the latest version of the WordPress Page Views Count plugin (2.4.15) to mitigate the SQL Injection vulnerability.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/be895016-7365-4ce4-a54f-f36d0ef2d6f1
|
||||
- https://wordpress.org/plugins/page-views-count/
|
||||
|
@ -16,14 +18,14 @@ info:
|
|||
cve-id: CVE-2022-0434
|
||||
cwe-id: CWE-89
|
||||
epss-score: 0.02274
|
||||
cpe: cpe:2.3:a:a3rev:page_view_count:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.88217
|
||||
cpe: cpe:2.3:a:a3rev:page_view_count:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
verified: true
|
||||
framework: wordpress
|
||||
max-request: 1
|
||||
vendor: a3rev
|
||||
product: page_view_count
|
||||
framework: wordpress
|
||||
tags: cve,cve2022,wordpress,wp-plugin,wp,sqli,wpscan,unauth
|
||||
variables:
|
||||
num: "999999999"
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: pikpikcu
|
||||
severity: medium
|
||||
description: NPM karma prior to 6.3.14. contains a DOM-based cross-site Scripting vulnerability.
|
||||
remediation: |
|
||||
Upgrade to the latest version of karma-runner that includes proper input sanitization to mitigate this vulnerability.
|
||||
reference:
|
||||
- https://huntr.dev/bounties/64b67ea1-5487-4382-a5f6-e8a95f798885
|
||||
- https://github.com/karma-runner/karma/commit/839578c45a8ac42fbc1d72105f97eab77dd3eb8a
|
||||
|
@ -16,13 +18,13 @@ info:
|
|||
cve-id: CVE-2022-0437
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.001
|
||||
cpe: cpe:2.3:a:karma_project:karma:*:*:*:*:*:node.js:*:*
|
||||
epss-percentile: 0.40521
|
||||
cpe: cpe:2.3:a:karma_project:karma:*:*:*:*:*:node.js:*:*
|
||||
metadata:
|
||||
max-request: 2
|
||||
framework: node.js
|
||||
vendor: karma_project
|
||||
product: karma
|
||||
framework: node.js
|
||||
tags: oss,huntr,cve,cve2022,karma,xss
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: critical
|
||||
description: |
|
||||
WordPress MasterStudy LMS plugin before 2.7.6 is susceptible to improper access control. The plugin does not validate some parameters given when registering a new account, which can allow an attacker to register as an admin, thus potentially being able to obtain sensitive information, modify data, and/or execute unauthorized operations.
|
||||
remediation: |
|
||||
Upgrade to the latest version of the MasterStudy LMS plugin (2.7.6 or higher) to fix the improper access control issue.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/173c2efe-ee9c-4539-852f-c242b4f728ed
|
||||
- https://wordpress.org/plugins/masterstudy-lms-learning-management-system/
|
||||
|
@ -17,14 +19,14 @@ info:
|
|||
cve-id: CVE-2022-0441
|
||||
cwe-id: CWE-269
|
||||
epss-score: 0.37209
|
||||
cpe: cpe:2.3:a:stylemixthemes:masterstudy_lms:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.96672
|
||||
cpe: cpe:2.3:a:stylemixthemes:masterstudy_lms:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 2
|
||||
verified: true
|
||||
framework: wordpress
|
||||
max-request: 2
|
||||
vendor: stylemixthemes
|
||||
product: masterstudy_lms
|
||||
framework: wordpress
|
||||
tags: cve,cve2022,wordpress,wp-plugin,wpscan,wp,unauth
|
||||
variables:
|
||||
username: "{{to_lower(rand_text_alphanumeric(6))}}"
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: critical
|
||||
description: |
|
||||
Easy!Appointments prior to 1.4.3 allows exposure of Private Personal Information to an unauthorized actor via the GitHub repository alextselegidis/easyappointments.
|
||||
remediation: |
|
||||
Upgrade Easy!Appointments to version 1.4.4 or above to fix the Broken Access Control vulnerability.
|
||||
reference:
|
||||
- https://huntr.dev/bounties/2fe771ef-b615-45ef-9b4d-625978042e26/
|
||||
- https://github.com/alextselegidis/easyappointments
|
||||
|
@ -18,13 +20,13 @@ info:
|
|||
cve-id: CVE-2022-0482
|
||||
cwe-id: CWE-359,CWE-863
|
||||
epss-score: 0.02425
|
||||
cpe: cpe:2.3:a:easyappointments:easyappointments:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.88566
|
||||
cpe: cpe:2.3:a:easyappointments:easyappointments:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 2
|
||||
framework: wordpress
|
||||
vendor: easyappointments
|
||||
product: easyappointments
|
||||
framework: wordpress
|
||||
tags: cve,cve2022,easyappointments,huntr
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: medium
|
||||
description: |
|
||||
WordPress E2Pdf plugin before 1.16.45 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape some of its settings, even when the unfiltered_html capability is disallowed. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, making it possible to steal cookie-based authentication credentials and launch other attacks.
|
||||
remediation: |
|
||||
Update the WordPress E2Pdf plugin to version 1.16.45 or later to mitigate the vulnerability.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/a4162e96-a3c5-4f38-a60b-aa3ed9508985
|
||||
- https://wordpress.org/plugins/e2pdf/
|
||||
|
@ -18,14 +20,14 @@ info:
|
|||
cve-id: CVE-2022-0535
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.00112
|
||||
cpe: cpe:2.3:a:e2pdf:e2pdf:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.43647
|
||||
cpe: cpe:2.3:a:e2pdf:e2pdf:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 4
|
||||
verified: true
|
||||
framework: wordpress
|
||||
max-request: 4
|
||||
vendor: e2pdf
|
||||
product: e2pdf
|
||||
framework: wordpress
|
||||
tags: cve2022,wp-plugin,xss,authenticated,e2pdf,wpscan,cve,wordpress,wp
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,26 +6,26 @@ info:
|
|||
severity: critical
|
||||
description: |
|
||||
Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0 and later before 8.22.0. This also affects Atlassian Jira Service Management Server and Data Center versions before 4.13.18, versions 4.14.0 and later before 4.20.6, and versions 4.21.0 and later before 4.22.0.
|
||||
remediation: Ensure you are using the latest version and that all security patches have been applied.
|
||||
reference:
|
||||
- https://blog.viettelcybersecurity.com/cve-2022-0540-authentication-bypass-in-seraph/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-0540
|
||||
- https://confluence.atlassian.com/display/JIRA/Jira+Security+Advisory+2022-04-20
|
||||
- https://jira.atlassian.com/browse/JRASERVER-73650
|
||||
- https://jira.atlassian.com/browse/JSDSERVER-11224
|
||||
remediation: Ensure you are using the latest version and that all security patches have been applied.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2022-0540
|
||||
cwe-id: CWE-287
|
||||
epss-score: 0.16241
|
||||
cpe: cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.95289
|
||||
cpe: cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
shodan-query: http.component:"Atlassian Jira"
|
||||
vendor: atlassian
|
||||
product: jira_data_center
|
||||
shodan-query: http.component:"Atlassian Jira"
|
||||
tags: cve,cve2022,atlassian,jira,exposure,auth-bypass
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: critical
|
||||
description: |
|
||||
Formcraft3 before version 3.8.2 does not validate the URL parameter in the formcraft3_get AJAX action, leading to server-side request forgery issues exploitable by unauthenticated users.
|
||||
remediation: |
|
||||
Upgrade to Formcraft3 version 3.8.28 or later to fix the SSRF vulnerability.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/b5303e63-d640-4178-9237-d0f524b13d47
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-0591
|
||||
|
@ -15,15 +17,15 @@ info:
|
|||
cve-id: CVE-2022-0591
|
||||
cwe-id: CWE-918
|
||||
epss-score: 0.00694
|
||||
cpe: cpe:2.3:a:subtlewebinc:formcraft3:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.77706
|
||||
cpe: cpe:2.3:a:subtlewebinc:formcraft3:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
verified: true
|
||||
fofa-query: body="formcraft3" && body="wp-"
|
||||
framework: wordpress
|
||||
max-request: 1
|
||||
vendor: subtlewebinc
|
||||
product: formcraft3
|
||||
framework: wordpress
|
||||
fofa-query: body="formcraft3" && body="wp-"
|
||||
tags: wp,wp-plugin,wordpress,cve,formcraft3,wpscan,ssrf,cve2022,unauth
|
||||
|
||||
http:
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: atomiczsec
|
||||
severity: medium
|
||||
description: WordPress Shareaholic plugin prior to 9.7.6 is susceptible to information disclosure. The plugin does not have proper authorization check in one of the AJAX actions, available to both unauthenticated (before 9.7.5) and authenticated (in 9.7.5) users, allowing them to possibly obtain sensitive information such as active plugins and different versions (PHP, cURL, WP, etc.).
|
||||
remediation: |
|
||||
Update the Shareaholic plugin to version 9.7.6 or later to fix the information disclosure vulnerability.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/4de9451e-2c8d-4d99-a255-b027466d29b1
|
||||
- https://wordpress.org/plugins/shareaholic/
|
||||
|
@ -16,14 +18,14 @@ info:
|
|||
cve-id: CVE-2022-0594
|
||||
cwe-id: CWE-863
|
||||
epss-score: 0.00257
|
||||
cpe: cpe:2.3:a:shareaholic:shareaholic:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.62773
|
||||
cpe: cpe:2.3:a:shareaholic:shareaholic:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
verified: true
|
||||
framework: wordpress
|
||||
max-request: 1
|
||||
vendor: shareaholic
|
||||
product: shareaholic
|
||||
framework: wordpress
|
||||
tags: cve,cve2022,wordpress,wp,wp-plugin,exposure,wpscan
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: medium
|
||||
description: |
|
||||
WordPress Contact Form 7 before 1.3.6.3 contains an unauthenticated stored cross-site scripting vulnerability in the Drag and Drop Multiple File Upload plugin. SVG files can be uploaded by default via the dnd_codedropz_upload AJAX action.
|
||||
remediation: |
|
||||
Update the WordPress Contact Form 7 plugin to version 1.3.6.3 or later to mitigate the vulnerability.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/1b849957-eaca-47ea-8f84-23a3a98cc8de
|
||||
- https://plugins.trac.wordpress.org/changeset/2686614
|
||||
|
@ -15,13 +17,13 @@ info:
|
|||
cve-id: CVE-2022-0595
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.00135
|
||||
cpe: cpe:2.3:a:codedropz:drag_and_drop_multiple_file_upload_-_contact_form_7:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.48139
|
||||
cpe: cpe:2.3:a:codedropz:drag_and_drop_multiple_file_upload_-_contact_form_7:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 2
|
||||
framework: wordpress
|
||||
vendor: codedropz
|
||||
product: drag_and_drop_multiple_file_upload_-_contact_form_7
|
||||
framework: wordpress
|
||||
tags: cve,cve2022,xss,wordpress,wp-plugin,wpscan,fileupload,intrusive,unauth
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: medium
|
||||
description: |
|
||||
WordPress Mapping Multiple URLs Redirect Same Page plugin 5.8 and prior contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the mmursp_id parameter before outputting it back in an admin page.
|
||||
remediation: |
|
||||
Update to the latest version of the WordPress Mapping Multiple URLs Redirect Same Page plugin (version 5.8 or higher) to mitigate this vulnerability.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/4f1d45bc-d3bd-472c-959d-05abeff32765
|
||||
- https://wordpress.org/plugins/mapping-multiple-urls-redirect-same-page/
|
||||
|
@ -16,13 +18,13 @@ info:
|
|||
cve-id: CVE-2022-0599
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.00119
|
||||
cpe: cpe:2.3:a:mapping_multiple_urls_redirect_same_page_project:mapping_multiple_urls_redirect_same_page:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.45304
|
||||
cpe: cpe:2.3:a:mapping_multiple_urls_redirect_same_page_project:mapping_multiple_urls_redirect_same_page:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 2
|
||||
framework: wordpress
|
||||
vendor: mapping_multiple_urls_redirect_same_page_project
|
||||
product: mapping_multiple_urls_redirect_same_page
|
||||
framework: wordpress
|
||||
tags: cve,cve2022,wordpress,wp-plugin,xss,wp,authenticated,wpscan
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,24 +6,24 @@ info:
|
|||
severity: medium
|
||||
description: |
|
||||
The Profile Builder User Profile & User Registration Forms WordPress plugin is vulnerable to cross-site scripting due to insufficient escaping and sanitization of the site_url parameter found in the ~/assets/misc/fallback-page.php file which allows attackers to inject arbitrary web scripts onto a pages that executes whenever a user clicks on a specially crafted link by an attacker. This affects versions up to and including 3.6.1..
|
||||
remediation: Upgrade to version 3.6.5 or later.
|
||||
reference:
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-0653
|
||||
- https://www.wordfence.com/blog/2022/02/reflected-cross-site-scripting-vulnerability-patched-in-wordpress-profile-builder-plugin/
|
||||
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2655168%40profile-builder&new=2655168%40profile-builder&sfp_email=&sfph_mail=
|
||||
remediation: Upgrade to version 3.6.5 or later.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2022-0653
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.00274
|
||||
cpe: cpe:2.3:a:cozmoslabs:profile_builder:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.64008
|
||||
cpe: cpe:2.3:a:cozmoslabs:profile_builder:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
framework: wordpress
|
||||
vendor: cozmoslabs
|
||||
product: profile_builder
|
||||
framework: wordpress
|
||||
tags: cve,cve2022,wordpress,xss,wp-plugin
|
||||
|
||||
http:
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: akincibor
|
||||
severity: high
|
||||
description: uDraw before 3.3.3 does not validate the url parameter in its udraw_convert_url_to_base64 AJAX action (available to both unauthenticated and authenticated users) before using it in the file_get_contents function and returning its content base64 encoded in the response. As a result, unauthenticated users could read arbitrary files on the web server (such as /etc/passwd, wp-config.php etc).
|
||||
remediation: |
|
||||
Upgrade uDraw to version 3.3.3 or later to mitigate the vulnerability.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/925c4c28-ae94-4684-a365-5f1e34e6c151
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-0656
|
||||
|
@ -14,14 +16,14 @@ info:
|
|||
cve-id: CVE-2022-0656
|
||||
cwe-id: CWE-552
|
||||
epss-score: 0.00641
|
||||
cpe: cpe:2.3:a:webtoprint:web_to_print_shop\:udraw:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.76583
|
||||
cpe: cpe:2.3:a:webtoprint:web_to_print_shop\:udraw:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
google-query: inurl:"/wp-content/plugins/udraw"
|
||||
verified: true
|
||||
max-request: 1
|
||||
vendor: webtoprint
|
||||
product: web_to_print_shop\
|
||||
google-query: inurl:"/wp-content/plugins/udraw"
|
||||
tags: wp,wordpress,wp-plugin,unauth,cve,cve2022,lfi,udraw,wpscan
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: high
|
||||
description: |
|
||||
Microweber before 1.2.11 is susceptible to information disclosure. An error message is generated in microweber/microweber which contains sensitive information while viewing comments from load_module:comments#search=. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
|
||||
remediation: |
|
||||
Upgrade Microweber to version 1.2.11 or later to mitigate the vulnerability.
|
||||
reference:
|
||||
- https://huntr.dev/bounties/01fd2e0d-b8cf-487f-a16c-7b088ef3a291/
|
||||
- https://github.com/advisories/GHSA-hhrj-wp42-32v3
|
||||
|
@ -18,11 +20,11 @@ info:
|
|||
cve-id: CVE-2022-0660
|
||||
cwe-id: CWE-209
|
||||
epss-score: 0.00654
|
||||
cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.76848
|
||||
cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 2
|
||||
verified: true
|
||||
max-request: 2
|
||||
vendor: microweber
|
||||
product: microweber
|
||||
tags: cve2022,microweber,disclosure,authenticated,huntr,cve
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: medium
|
||||
description: |
|
||||
Packagist prior to 1.2.11 contains a cross-site scripting vulnerability via microweber/microweber. User can escape the meta tag because the user doesn't escape the double-quote in the $redirectUrl parameter when logging out.
|
||||
remediation: |
|
||||
Upgrade Microweber CMS to version 1.2.11 or later, which includes a fix for this vulnerability.
|
||||
reference:
|
||||
- https://huntr.dev/bounties/d707137a-aace-44c5-b15c-1807035716c0/
|
||||
- https://twitter.com/CVEnew/status/1495001503249178624?s=20&t=sfABvm7oG39Fd6rG44vQWg
|
||||
|
@ -18,14 +20,14 @@ info:
|
|||
cve-id: CVE-2022-0678
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.00135
|
||||
cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.4804
|
||||
cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
shodan-query: http.favicon.hash:780351152
|
||||
verified: true
|
||||
max-request: 1
|
||||
vendor: microweber
|
||||
product: microweber
|
||||
shodan-query: http.favicon.hash:780351152
|
||||
tags: huntr,cve,cve2022,xss,microweber
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: critical
|
||||
description: |
|
||||
WordPress Narnoo Distributor plugin 2.5.1 and prior is susceptible to local file inclusion. The plugin does not validate and sanitize the lib_path parameter before being passed into a call to require() via the narnoo_distributor_lib_request AJAX action, and the content of the file is displayed in the response as JSON data. This can also lead to a remote code execution vulnerability depending on system and configuration.
|
||||
remediation: |
|
||||
Update to the latest version of the WordPress Narnoo Distributor plugin (>=2.5.2) to mitigate the LFI vulnerability.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/0ea79eb1-6561-4c21-a20b-a1870863b0a8
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-0679
|
||||
|
@ -15,14 +17,14 @@ info:
|
|||
cve-id: CVE-2022-0679
|
||||
cwe-id: CWE-22
|
||||
epss-score: 0.02484
|
||||
cpe: cpe:2.3:a:narnoo_distributor_project:narnoo_distributor:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.88704
|
||||
cpe: cpe:2.3:a:narnoo_distributor_project:narnoo_distributor:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
verified: true
|
||||
framework: wordpress
|
||||
max-request: 1
|
||||
vendor: narnoo_distributor_project
|
||||
product: narnoo_distributor
|
||||
framework: wordpress
|
||||
tags: narnoo-distributor,cve,cve2022,wordpress,wp-plugin,wpscan,wp,rce,unauth,lfi
|
||||
|
||||
http:
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: 0x_Akoko
|
||||
severity: medium
|
||||
description: An open redirect vulnerability exists in Rudloff/alltube that could let an attacker construct a URL within the application that causes redirection to an arbitrary external domain via Packagist in versions prior to 3.0.1.
|
||||
remediation: |
|
||||
Upgrade to version 3.0.1 or later to fix the open redirect vulnerability.
|
||||
reference:
|
||||
- https://huntr.dev/bounties/4fb39400-e08b-47af-8c1f-5093c9a51203/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-0692
|
||||
|
@ -16,8 +18,8 @@ info:
|
|||
cve-id: CVE-2022-0692
|
||||
cwe-id: CWE-601
|
||||
epss-score: 0.00133
|
||||
cpe: cpe:2.3:a:alltube_project:alltube:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.47722
|
||||
cpe: cpe:2.3:a:alltube_project:alltube:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
vendor: alltube_project
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: critical
|
||||
description: |
|
||||
WordPress Master Elements plugin through 8.0 contains a SQL injection vulnerability. The plugin does not validate and escape the meta_ids parameter of its remove_post_meta_condition AJAX action, available to both unauthenticated and authenticated users, before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
|
||||
remediation: |
|
||||
Update to the latest version of WordPress Master Elements plugin (>=8.1) to mitigate the SQL Injection vulnerability.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/a72bf075-fd4b-4aa5-b4a4-5f62a0620643
|
||||
- https://wordpress.org/plugins/master-elements
|
||||
|
@ -16,14 +18,14 @@ info:
|
|||
cve-id: CVE-2022-0693
|
||||
cwe-id: CWE-89
|
||||
epss-score: 0.01196
|
||||
cpe: cpe:2.3:a:devbunch:master_elements:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.83424
|
||||
cpe: cpe:2.3:a:devbunch:master_elements:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
verified: true
|
||||
framework: wordpress
|
||||
max-request: 1
|
||||
vendor: devbunch
|
||||
product: master_elements
|
||||
framework: wordpress
|
||||
tags: unauth,wpscan,wp-plugin,wp,sqli,wordpress,master-elements,cve,cve2022
|
||||
|
||||
http:
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: GitLab Red Team
|
||||
severity: critical
|
||||
description: GitLab CE/EE is susceptible to information disclosure. An attacker can access runner registration tokens using quick actions commands, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations. Affected versions are from 12.10 before 14.6.5, from 14.7 before 14.7.4, and from 14.8 before 14.8.2.
|
||||
remediation: |
|
||||
Apply the necessary patches or updates provided by GitLab to fix the vulnerability.
|
||||
reference:
|
||||
- https://gitlab.com/gitlab-com/gl-security/threatmanagement/redteam/redteam-public/cve-hash-harvester
|
||||
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0735.json
|
||||
|
@ -17,13 +19,13 @@ info:
|
|||
cve-id: CVE-2022-0735
|
||||
cwe-id: CWE-863
|
||||
epss-score: 0.02744
|
||||
cpe: cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
|
||||
epss-percentile: 0.89212
|
||||
cpe: cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
shodan-query: http.title:"GitLab"
|
||||
vendor: gitlab
|
||||
product: gitlab
|
||||
shodan-query: http.title:"GitLab"
|
||||
tags: cve,cve2022,gitlab
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,26 +6,26 @@ info:
|
|||
severity: critical
|
||||
description: |
|
||||
The Infographic Maker WordPress plugin before 4.3.8 does not validate and escape the post_id parameter before using it in a SQL statement via the qcld_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL Injection.
|
||||
remediation: Fixed in version 4.3.8
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/a8575322-c2cf-486a-9c37-71a22167aac3
|
||||
- https://wordpress.org/plugins/infographic-and-list-builder-ilist/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-0747
|
||||
- https://plugins.trac.wordpress.org/changeset/2684336
|
||||
remediation: Fixed in version 4.3.8
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2022-0747
|
||||
cwe-id: CWE-89
|
||||
epss-score: 0.011
|
||||
cpe: cpe:2.3:a:quantumcloud:infographic_maker:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.82632
|
||||
cpe: cpe:2.3:a:quantumcloud:infographic_maker:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 2
|
||||
verified: true
|
||||
framework: wordpress
|
||||
max-request: 2
|
||||
vendor: quantumcloud
|
||||
product: infographic_maker
|
||||
framework: wordpress
|
||||
tags: cve,cve2022,sqli,wordpress,wp-plugin,wp,infographic-and-list-builder-ilist,wpscan
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: critical
|
||||
description: |
|
||||
WordPress Simple Link Directory plugin before 7.7.2 contains a SQL injection vulnerability. The plugin does not validate and escape the post_id parameter before using it in a SQL statement via the qcopd_upvote_action AJAX action, available to unauthenticated and authenticated users. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
|
||||
remediation: |
|
||||
Update to the latest version of WordPress Simple Link Directory plugin (7.7.2 or higher) to mitigate the SQL injection vulnerability.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/1c83ed73-ef02-45c0-a9ab-68a3468d2210
|
||||
- https://wordpress.org/plugins/simple-link-directory/
|
||||
|
@ -17,14 +19,14 @@ info:
|
|||
cve-id: CVE-2022-0760
|
||||
cwe-id: CWE-89
|
||||
epss-score: 0.011
|
||||
cpe: cpe:2.3:a:quantumcloud:simple_link_directory:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.82632
|
||||
cpe: cpe:2.3:a:quantumcloud:simple_link_directory:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
verified: true
|
||||
framework: wordpress
|
||||
max-request: 1
|
||||
vendor: quantumcloud
|
||||
product: simple_link_directory
|
||||
framework: wordpress
|
||||
tags: cve,cve2022,sqli,wordpress,wp-plugin,wp,simple-link-directory,unauth,wpscan
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: critical
|
||||
description: |
|
||||
The Users Ultra WordPress plugin through 3.1.0 fails to properly sanitize and escape the data_target parameter before it is being interpolated in an SQL statement and then executed via the rating_vote AJAX action (available to both unauthenticated and authenticated users), leading to an SQL Injection.
|
||||
remediation: |
|
||||
Update to Users Ultra version 3.1.0 or later to mitigate this vulnerability.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/05eab45d-ebe9-440f-b9c3-73ec40ef1141
|
||||
- https://wordpress.org/plugins/users-ultra/
|
||||
|
@ -16,14 +18,14 @@ info:
|
|||
cve-id: CVE-2022-0769
|
||||
cwe-id: CWE-89
|
||||
epss-score: 0.01196
|
||||
cpe: cpe:2.3:a:usersultra:users_ultra:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.83424
|
||||
cpe: cpe:2.3:a:usersultra:users_ultra:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
verified: true
|
||||
framework: wordpress
|
||||
max-request: 1
|
||||
vendor: usersultra
|
||||
product: users_ultra
|
||||
framework: wordpress
|
||||
tags: wp,users-ultra,wpscan,cve,cve2022,sqli,wordpress,wp-plugin
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: critical
|
||||
description: |
|
||||
The Documentor WordPress plugin through 1.5.3 fails to sanitize and escape user input before it is being interpolated in an SQL statement and then executed, leading to an SQL Injection exploitable by unauthenticated users.
|
||||
remediation: |
|
||||
Update to Documentor version 1.5.3 or later to mitigate this vulnerability.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/55b89de0-30ed-4f98-935e-51f069faf6fc
|
||||
- https://wordpress.org/plugins/documentor-lite/
|
||||
|
@ -16,14 +18,14 @@ info:
|
|||
cve-id: CVE-2022-0773
|
||||
cwe-id: CWE-89
|
||||
epss-score: 0.02077
|
||||
cpe: cpe:2.3:a:documentor_project:documentor:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.87641
|
||||
cpe: cpe:2.3:a:documentor_project:documentor:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 2
|
||||
verified: true
|
||||
framework: wordpress
|
||||
max-request: 2
|
||||
vendor: documentor_project
|
||||
product: documentor
|
||||
framework: wordpress
|
||||
tags: unauth,cve2022,sqli,wp-plugin,wp,documentor-lite,wpscan,cve,wordpress
|
||||
|
||||
http:
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: LogicalHunter
|
||||
severity: medium
|
||||
description: RevealJS postMessage before 4.3.0 contains a cross-site scripting vulnerability via the document object model.
|
||||
remediation: |
|
||||
Upgrade to RevealJS postMessage version 4.3.0 or later to mitigate this vulnerability.
|
||||
reference:
|
||||
- https://hackerone.com/reports/691977
|
||||
- https://github.com/hakimel/reveal.js/pull/3137
|
||||
|
@ -17,12 +19,12 @@ info:
|
|||
cve-id: CVE-2022-0776
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.00133
|
||||
cpe: cpe:2.3:a:revealjs:reveal.js:*:*:*:*:*:node.js:*:*
|
||||
epss-percentile: 0.47722
|
||||
cpe: cpe:2.3:a:revealjs:reveal.js:*:*:*:*:*:node.js:*:*
|
||||
metadata:
|
||||
framework: node.js
|
||||
vendor: revealjs
|
||||
product: reveal.js
|
||||
framework: node.js
|
||||
tags: hackerone,huntr,cve,cve2022,headless,postmessage,revealjs
|
||||
headless:
|
||||
- steps:
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: critical
|
||||
description: |
|
||||
WordPress Nirweb support plugin before 2.8.2 contains a SQL injection vulnerability. The plugin does not sanitize and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information from a database, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
|
||||
remediation: |
|
||||
Update to the latest version of the WordPress Nirweb Support plugin (2.8.2 or higher) to mitigate the SQL Injection vulnerability.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/1a8f9c7b-a422-4f45-a516-c3c14eb05161
|
||||
- https://wordpress.org/plugins/nirweb-support/
|
||||
|
@ -16,14 +18,14 @@ info:
|
|||
cve-id: CVE-2022-0781
|
||||
cwe-id: CWE-89
|
||||
epss-score: 0.00974
|
||||
cpe: cpe:2.3:a:nirweb:nirweb_support:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.81449
|
||||
cpe: cpe:2.3:a:nirweb:nirweb_support:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
verified: true
|
||||
framework: wordpress
|
||||
max-request: 1
|
||||
vendor: nirweb
|
||||
product: nirweb_support
|
||||
framework: wordpress
|
||||
tags: cve,cve2022,wordpress,wp-plugin,wp,sqli,wpscan,nirweb-support,unauth
|
||||
variables:
|
||||
num: "999999999"
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: critical
|
||||
description: |
|
||||
WordPress Title Experiments Free plugin before 9.0.1 contains a SQL injection vulnerability. The plugin does not sanitize and escape the id parameter before using it in a SQL statement via the wpex_titles AJAX action, available to unauthenticated users. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
|
||||
remediation: |
|
||||
Update to the latest version of WordPress Title Experiments Free plugin (9.0.1 or higher) to mitigate the vulnerability.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/6672b59f-14bc-4a22-9e0b-fcab4e01d97f
|
||||
- https://wordpress.org/plugins/wp-experiments-free/
|
||||
|
@ -16,14 +18,14 @@ info:
|
|||
cve-id: CVE-2022-0784
|
||||
cwe-id: CWE-89
|
||||
epss-score: 0.02077
|
||||
cpe: cpe:2.3:a:title_experiments_free_project:title_experiments_free:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.87641
|
||||
cpe: cpe:2.3:a:title_experiments_free_project:title_experiments_free:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
verified: true
|
||||
framework: wordpress
|
||||
max-request: 1
|
||||
vendor: title_experiments_free_project
|
||||
product: title_experiments_free
|
||||
framework: wordpress
|
||||
tags: cve,wpscan,wp-plugin,wp,sqli,wp-experiments-free,unauth,cve2022,wordpress
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: critical
|
||||
description: |
|
||||
WordPress Daily Prayer Time plugin prior to 2022.03.01 contains a SQL injection vulnerability.. It does not sanitise and escape the month parameter before using it in a SQL statement via the get_monthly_timetable AJAX action, available to unauthenticated users, leading to SQL injection.
|
||||
remediation: |
|
||||
Update to the latest version of the WordPress Daily Prayer Time plugin (2022.03.01) to fix the SQL Injection vulnerability.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/e1e09f56-89a4-4d6f-907b-3fb2cb825255
|
||||
- https://wordpress.org/plugins/daily-prayer-time-for-mosques/
|
||||
|
@ -16,14 +18,14 @@ info:
|
|||
cve-id: CVE-2022-0785
|
||||
cwe-id: CWE-89
|
||||
epss-score: 0.02077
|
||||
cpe: cpe:2.3:a:daily_prayer_time_project:daily_prayer_time:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.87641
|
||||
cpe: cpe:2.3:a:daily_prayer_time_project:daily_prayer_time:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
verified: true
|
||||
framework: wordpress
|
||||
max-request: 1
|
||||
vendor: daily_prayer_time_project
|
||||
product: daily_prayer_time
|
||||
framework: wordpress
|
||||
tags: sqli,wordpress,wp-plugin,unauth,daily-prayer-time-for-mosques,wpscan,cve,cve2022,wp
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: critical
|
||||
description: |
|
||||
WordPress KiviCare plugin before 2.3.9 contains a SQL injection vulnerability. The plugin does not sanitize and escape some parameters before using them in SQL statements via the ajax_post AJAX action with the get_doctor_details route. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
|
||||
remediation: |
|
||||
Update to the latest version of the KiviCare plugin (2.3.9) or apply the provided patch to fix the SQL Injection vulnerability.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/53f493e9-273b-4349-8a59-f2207e8f8f30
|
||||
- https://wordpress.org/plugins/kivicare-clinic-management-system/
|
||||
|
@ -16,14 +18,14 @@ info:
|
|||
cve-id: CVE-2022-0786
|
||||
cwe-id: CWE-89
|
||||
epss-score: 0.01851
|
||||
cpe: cpe:2.3:a:iqonic:kivicare:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.8685
|
||||
cpe: cpe:2.3:a:iqonic:kivicare:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
verified: true
|
||||
framework: wordpress
|
||||
max-request: 1
|
||||
vendor: iqonic
|
||||
product: kivicare
|
||||
framework: wordpress
|
||||
tags: sqli,kivicare-clinic-management-system,unauth,wordpress,wp-plugin,wp,cve,cve2022,wpscan
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: critical
|
||||
description: |
|
||||
WordPress WP Fundraising Donation and Crowdfunding Platform plugin before 1.5.0 contains an unauthenticated SQL injection vulnerability. It does not sanitize and escape a parameter before using it in a SQL statement via a REST route. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
|
||||
remediation: |
|
||||
Update WP Fundraising Donation and Crowdfunding Platform to version 1.5.0 or later to mitigate the vulnerability.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/fbc71710-123f-4c61-9796-a6a4fd354828
|
||||
- https://wordpress.org/plugins/wp-fundraising-donation/
|
||||
|
@ -16,14 +18,14 @@ info:
|
|||
cve-id: CVE-2022-0788
|
||||
cwe-id: CWE-89
|
||||
epss-score: 0.02077
|
||||
cpe: cpe:2.3:a:wpmet:wp_fundraising_donation_and_crowdfunding_platform:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.87641
|
||||
cpe: cpe:2.3:a:wpmet:wp_fundraising_donation_and_crowdfunding_platform:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
verified: true
|
||||
framework: wordpress
|
||||
max-request: 1
|
||||
vendor: wpmet
|
||||
product: wp_fundraising_donation_and_crowdfunding_platform
|
||||
framework: wordpress
|
||||
tags: cve,sqli,wordpress,wp-plugin,cve2022,wp,wp-fundraising-donation,unauth,wpscan
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: critical
|
||||
description: |
|
||||
WordPress BadgeOS plugin through 3.7.0 contains a SQL injection vulnerability. It does not sanitize and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
|
||||
remediation: |
|
||||
Update to the latest version of the BadgeOS plugin (>=3.7.1) to mitigate this vulnerability.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/69263610-f454-4f27-80af-be523d25659e
|
||||
- https://wordpress.org/plugins/badgeos/
|
||||
|
@ -16,14 +18,14 @@ info:
|
|||
cve-id: CVE-2022-0817
|
||||
cwe-id: CWE-89
|
||||
epss-score: 0.02077
|
||||
cpe: cpe:2.3:a:badgeos:badgeos:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.87641
|
||||
cpe: cpe:2.3:a:badgeos:badgeos:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
verified: true
|
||||
framework: wordpress
|
||||
max-request: 1
|
||||
vendor: badgeos
|
||||
product: badgeos
|
||||
framework: wordpress
|
||||
tags: cve2022,wp,unauth,sqli,cve,wp-plugin,badgeos,wpscan,wordpress
|
||||
variables:
|
||||
num: "999999999"
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: cckuailong
|
||||
severity: high
|
||||
description: Webmin before 1.990 is susceptible to improper access control in GitHub repository webmin/webmin. This in turn can lead to remote code execution, by which an attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
|
||||
remediation: |
|
||||
Upgrade Webmin to version 1.990 or later to mitigate this vulnerability.
|
||||
reference:
|
||||
- https://github.com/faisalfs10x/Webmin-CVE-2022-0824-revshell/blob/main/Webmin-revshell.py
|
||||
- https://github.com/webmin/webmin/commit/39ea464f0c40b325decd6a5bfb7833fa4a142e38
|
||||
|
@ -16,8 +18,8 @@ info:
|
|||
cve-id: CVE-2022-0824
|
||||
cwe-id: CWE-284,CWE-863
|
||||
epss-score: 0.97243
|
||||
cpe: cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.99757
|
||||
cpe: cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 2
|
||||
vendor: webmin
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: critical
|
||||
description: |
|
||||
WordPress WP Video Gallery plugin through 1.7.1 contains a SQL injection vulnerability. The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
|
||||
remediation: |
|
||||
Update to the latest version of WP Video Gallery plugin (>=1.7.2) or apply the vendor-provided patch to mitigate the SQL Injection vulnerability.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/7a3eed3b-c643-4e24-b833-eba60ab631c5
|
||||
- https://wordpress.org/plugins/wp-video-gallery-free/
|
||||
|
@ -16,14 +18,14 @@ info:
|
|||
cve-id: CVE-2022-0826
|
||||
cwe-id: CWE-89
|
||||
epss-score: 0.02077
|
||||
cpe: cpe:2.3:a:wp-video-gallery-free_project:wp-video-gallery-free:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.87641
|
||||
cpe: cpe:2.3:a:wp-video-gallery-free_project:wp-video-gallery-free:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
verified: true
|
||||
framework: wordpress
|
||||
max-request: 1
|
||||
vendor: wp-video-gallery-free_project
|
||||
product: wp-video-gallery-free
|
||||
framework: wordpress
|
||||
tags: cve2022,wp-plugin,wpscan,cve,wordpress,wp,sqli,wp-video-gallery-free,unauth
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: critical
|
||||
description: |
|
||||
WordPress Best Books plugin through 2.6.3 is susceptible to SQL injection. The plugin does not sanitize and escape some parameters before using them in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
|
||||
remediation: |
|
||||
Update to WordPress Best Books plugin version 2.6.3 or later to fix the SQL injection vulnerability.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/0d208ebc-7805-457b-aa5f-ffd5adb2f3be
|
||||
- https://wordpress.org/plugins/bestbooks/
|
||||
|
@ -16,14 +18,14 @@ info:
|
|||
cve-id: CVE-2022-0827
|
||||
cwe-id: CWE-89
|
||||
epss-score: 0.01851
|
||||
cpe: cpe:2.3:a:presspage:bestbooks:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.8685
|
||||
cpe: cpe:2.3:a:presspage:bestbooks:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
verified: true
|
||||
framework: wordpress
|
||||
max-request: 1
|
||||
vendor: presspage
|
||||
product: bestbooks
|
||||
framework: wordpress
|
||||
tags: cve,cve2022,sqli,wpscan,wordpress,wp-plugin,wp,bestbooks,unauthenticated
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,25 +6,25 @@ info:
|
|||
severity: critical
|
||||
description: |
|
||||
The SpeakOut! Email Petitions WordPress plugin before 2.14.15.1 does not sanitise and escape the id parameter before using it in a SQL statement via the dk_speakout_sendmail AJAX action, leading to an SQL Injection exploitable by unauthenticated users.
|
||||
remediation: Fixed in version 2.14.15.1
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/b030296d-688e-44a4-a48a-140375f2c5f4
|
||||
- https://wordpress.org/plugins/speakout/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-0846
|
||||
remediation: Fixed in version 2.14.15.1
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2022-0846
|
||||
cwe-id: CWE-89
|
||||
epss-score: 0.02077
|
||||
cpe: cpe:2.3:a:speakout\!_email_petitions_project:speakout\!_email_petitions:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.87641
|
||||
cpe: cpe:2.3:a:speakout\!_email_petitions_project:speakout\!_email_petitions:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
verified: true
|
||||
framework: wordpress
|
||||
max-request: 1
|
||||
vendor: speakout\!_email_petitions_project
|
||||
product: speakout\!_email_petitions
|
||||
framework: wordpress
|
||||
tags: wordpress,wp-plugin,wp,unauth,wpscan,cve,cve2022,sqli,speakout,speakout-email-petitions
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: medium
|
||||
description: |
|
||||
The plugin does not sanitise and escape the updraft_interval parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting (XSS) vulnerability.
|
||||
remediation: |
|
||||
Update UpdraftPlus plugin to version 1.22.9 or later to mitigate the vulnerability.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/7337543f-4c2c-4365-aebf-3423e9d2f872
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0864
|
||||
|
@ -16,14 +18,14 @@ info:
|
|||
cve-id: CVE-2022-0864
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.00359
|
||||
cpe: cpe:2.3:a:updraftplus:updraftplus:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.68676
|
||||
cpe: cpe:2.3:a:updraftplus:updraftplus:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 2
|
||||
verified: true
|
||||
framework: wordpress
|
||||
max-request: 2
|
||||
vendor: 'updraftplus'
|
||||
product: 'updraftplus'
|
||||
framework: wordpress
|
||||
tags: cve2022,xss,authenticated,updraftplus,wpscan,cve,wp-plugin,wp,wordpress
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: critical
|
||||
description: |
|
||||
WordPress ARPrice plugin prior to 3.6.1 contains a SQL injection vulnerability. It fails to properly sanitize and escape user supplied POST data before being inserted in an SQL statement and executed via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
|
||||
remediation: |
|
||||
Update to the latest version of ARPrice plugin (3.6.1) or apply the vendor-provided patch.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/62803aae-9896-410b-9398-3497a838e494
|
||||
- https://wordpress.org/plugins/arprice-responsive-pricing-table/
|
||||
|
@ -16,14 +18,14 @@ info:
|
|||
cve-id: CVE-2022-0867
|
||||
cwe-id: CWE-89
|
||||
epss-score: 0.04152
|
||||
cpe: cpe:2.3:a:reputeinfosystems:pricing_table:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.9107
|
||||
cpe: cpe:2.3:a:reputeinfosystems:pricing_table:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 2
|
||||
verified: true
|
||||
framework: wordpress
|
||||
max-request: 2
|
||||
vendor: reputeinfosystems
|
||||
product: pricing_table
|
||||
framework: wordpress
|
||||
tags: unauth,wp,cve2022,wordpress,wp-plugin,arprice-responsive-pricing-table,sqli,wpscan,cve
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: medium
|
||||
description: |
|
||||
Multiple Open Redirect in GitHub repository nitely/spirit prior to 0.12.3.
|
||||
remediation: |
|
||||
Upgrade to a patched version of nitely/spirit to mitigate the open redirect vulnerability (CVE-2022-0869).
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-0869
|
||||
- https://huntr.dev/bounties/ed335a88-f68c-4e4d-ac85-f29a51b03342
|
||||
|
@ -16,8 +18,8 @@ info:
|
|||
cve-id: CVE-2022-0869
|
||||
cwe-id: CWE-601
|
||||
epss-score: 0.00153
|
||||
cpe: cpe:2.3:a:spirit-project:spirit:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.50846
|
||||
cpe: cpe:2.3:a:spirit-project:spirit:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 4
|
||||
vendor: spirit-project
|
||||
|
|
|
@ -6,22 +6,22 @@ info:
|
|||
severity: medium
|
||||
description: |
|
||||
Gogs GitHub repository before 0.12.5 is susceptible to server-side request forgery. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
|
||||
remediation: Fixed in version 0.12.5.
|
||||
reference:
|
||||
- https://github.com/gogs/gogs/commit/91f2cde5e95f146bfe4765e837e7282df6c7cabb
|
||||
- https://huntr.dev/bounties/327797d7-ae41-498f-9bff-cc0bf98cf531
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-0870
|
||||
remediation: Fixed in version 0.12.5.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||
cvss-score: 5.3
|
||||
cve-id: CVE-2022-0870
|
||||
cwe-id: CWE-918
|
||||
epss-score: 0.00218
|
||||
cpe: cpe:2.3:a:gogs:gogs:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.59068
|
||||
cpe: cpe:2.3:a:gogs:gogs:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 4
|
||||
verified: true
|
||||
max-request: 4
|
||||
vendor: gogs
|
||||
product: gogs
|
||||
tags: cve,cve2022,ssrf,gogs,authenticated,huntr
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: critical
|
||||
description: |
|
||||
WordPress Member Hero plugin through 1.0.9 is susceptible to remote code execution. The plugin lacks authorization checks and does not validate the a request parameter in an AJAX action, allowing an attacker to call arbitrary PHP functions with no arguments. An attacker can thus execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
|
||||
remediation: |
|
||||
Update to the latest version of the Member Hero plugin (1.0.9 or higher) to mitigate this vulnerability.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/8b08b72e-5584-4f25-ab73-5ab0f47412df
|
||||
- https://wordpress.org/plugins/member-hero/
|
||||
|
@ -16,14 +18,14 @@ info:
|
|||
cve-id: CVE-2022-0885
|
||||
cwe-id: CWE-862
|
||||
epss-score: 0.13941
|
||||
cpe: cpe:2.3:a:memberhero:member_hero:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.94944
|
||||
cpe: cpe:2.3:a:memberhero:member_hero:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
verified: true
|
||||
framework: wordpress
|
||||
max-request: 1
|
||||
vendor: memberhero
|
||||
product: member_hero
|
||||
framework: wordpress
|
||||
tags: unauth,wpscan,wp-plugin,rce,wp,wordpress,member-hero,cve,cve2022
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: medium
|
||||
description: |
|
||||
Microweber prior to 1.2.12 contains a stored cross-site scripting vulnerability via the Type parameter in the body of POST request, which is triggered by Add/Edit Tax.
|
||||
remediation: |
|
||||
Upgrade Microweber to version 1.2.12 or later to mitigate this vulnerability.
|
||||
reference:
|
||||
- https://huntr.dev/bounties/085aafdd-ba50-44c7-9650-fa573da29bcd
|
||||
- https://github.com/microweber/microweber/commit/fc9137c031f7edec5f50d73b300919fb519c924a
|
||||
|
@ -16,11 +18,11 @@ info:
|
|||
cve-id: CVE-2022-0928
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.00192
|
||||
cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.55945
|
||||
cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 3
|
||||
verified: true
|
||||
max-request: 3
|
||||
vendor: microweber
|
||||
product: microweber
|
||||
tags: cve,cve2022,authenticated,huntr,xss,microweber,cms
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: critical
|
||||
description: |
|
||||
WordPress Order Listener for WooCommerce plugin before 3.2.2 contains a SQL injection vulnerability. The plugin does not sanitize and escape the id parameter before using it in a SQL statement via a REST route. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
|
||||
remediation: |
|
||||
Update the WordPress Order Listener for WooCommerce plugin to version 3.2.2 or later.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/daad48df-6a25-493f-9d1d-17b897462576
|
||||
- https://wordpress.org/plugins/woc-order-alert/
|
||||
|
@ -17,14 +19,14 @@ info:
|
|||
cve-id: CVE-2022-0948
|
||||
cwe-id: CWE-89
|
||||
epss-score: 0.03849
|
||||
cpe: cpe:2.3:a:pluginbazaar:order_listener_for_woocommerce:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.90743
|
||||
cpe: cpe:2.3:a:pluginbazaar:order_listener_for_woocommerce:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 2
|
||||
verified: true
|
||||
framework: wordpress
|
||||
max-request: 2
|
||||
vendor: pluginbazaar
|
||||
product: order_listener_for_woocommerce
|
||||
framework: wordpress
|
||||
tags: cve,wp,unauth,sqli,woc-order-alert,wpscan,cve2022,wordpress,wp-plugin
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,25 +6,25 @@ info:
|
|||
severity: critical
|
||||
description: |
|
||||
WordPress Stop Bad Bots plugin before 6.930 contains a SQL injection vulnerability. The plugin does not properly sanitise and escape the fingerprint parameter before using it in a SQL statement via the stopbadbots_grava_fingerprint AJAX action, available to unauthenticated users. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
|
||||
remediation: Fixed in version 6.930.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/a0fbb79a-e160-49df-9cf2-18ab64ea66cb
|
||||
- https://wordpress.org/plugins/stopbadbots/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-0949
|
||||
remediation: Fixed in version 6.930.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2022-0949
|
||||
cwe-id: CWE-89
|
||||
epss-score: 0.02077
|
||||
cpe: cpe:2.3:a:stopbadbots:block_and_stop_bad_bots:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.87641
|
||||
cpe: cpe:2.3:a:stopbadbots:block_and_stop_bad_bots:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 3
|
||||
verified: true
|
||||
framework: wordpress
|
||||
max-request: 3
|
||||
vendor: stopbadbots
|
||||
product: block_and_stop_bad_bots
|
||||
framework: wordpress
|
||||
tags: cve,stopbadbots,wp-plugin,wp,unauth,wpscan,cve2022,sqli,wordpress
|
||||
variables:
|
||||
IP: '{{rand_ip("1.1.1.0/24")}}'
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: high
|
||||
description: |
|
||||
WordPress Sitemap by click5 plugin before 1.0.36 is susceptible to missing authorization. The plugin does not have authorization or CSRF checks when updating options via a REST endpoint and does not ensure that the option to be updated belongs to the plugin. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
|
||||
remediation: |
|
||||
Update to the latest version of the WordPress Sitemap plugin by click5 (1.0.36 or higher) to fix the missing authorization issue.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/0f694961-afab-44f9-846c-e80a0f6c768b
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-0952
|
||||
|
@ -15,14 +17,14 @@ info:
|
|||
cve-id: CVE-2022-0952
|
||||
cwe-id: CWE-352
|
||||
epss-score: 0.03442
|
||||
cpe: cpe:2.3:a:sitemap_project:sitemap:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.90248
|
||||
cpe: cpe:2.3:a:sitemap_project:sitemap:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 3
|
||||
verified: true
|
||||
framework: wordpress
|
||||
max-request: 3
|
||||
vendor: sitemap_project
|
||||
product: sitemap
|
||||
framework: wordpress
|
||||
tags: wp,wp-plugin,sitemap,wpscan,cve,cve2022,wordpress
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: medium
|
||||
description: |
|
||||
Microweber before 1.2.1 contains multiple stored cross-site scripting vulnerabilities in Shop's Other Settings, Autorespond E-mail Settings, and Payment Methods.
|
||||
remediation: |
|
||||
Upgrade Microweber to version 1.2.11 or later to mitigate this vulnerability.
|
||||
reference:
|
||||
- https://github.com/advisories/GHSA-8c76-mxv5-w4g8
|
||||
- https://huntr.dev/bounties/b99517c0-37fc-4efa-ab1a-3591da7f4d26/
|
||||
|
@ -17,11 +19,11 @@ info:
|
|||
cve-id: CVE-2022-0954
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.00192
|
||||
cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.55945
|
||||
cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 3
|
||||
verified: true
|
||||
max-request: 3
|
||||
vendor: microweber
|
||||
product: microweber
|
||||
tags: cve,cve2022,xss,microweber,huntr
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: medium
|
||||
description: |
|
||||
Microweber prior to 1.2.12 contains a stored cross-site scripting vulnerability. It allows unrestricted upload of XML files,.
|
||||
remediation: |
|
||||
Upgrade Microweber CMS to version 1.2.12 or later to mitigate the vulnerability.
|
||||
reference:
|
||||
- https://huntr.dev/bounties/a89a4198-0880-4aa2-8439-a463f39f244c/
|
||||
- https://github.com/advisories/GHSA-q3x2-jvp3-wj78
|
||||
|
@ -18,11 +20,11 @@ info:
|
|||
cve-id: CVE-2022-0963
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.00192
|
||||
cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.55945
|
||||
cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 3
|
||||
verified: true
|
||||
max-request: 3
|
||||
vendor: microweber
|
||||
product: microweber
|
||||
tags: xss,microweber,cms,authenticated,huntr,cve,cve2022,intrusive
|
||||
|
|
|
@ -6,21 +6,21 @@ info:
|
|||
severity: medium
|
||||
description: |
|
||||
Microweber before 1.2.12 is susceptible to integer overflow. The application allows large characters to insert in the input field 'first & last name,' which can allow an attacker to cause a denial of service via a crafted HTTP request.
|
||||
remediation: First name and last name input should be limited to 50 characters or maximum 100 characters.
|
||||
reference:
|
||||
- https://huntr.dev/bounties/97e36678-11cf-42c6-889c-892d415d9f9e/
|
||||
- https://github.com/advisories/GHSA-5fxv-xx5p-g2fv
|
||||
- https://huntr.dev/bounties/97e36678-11cf-42c6-889c-892d415d9f9e
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-0968
|
||||
- https://github.com/microweber/microweber/commit/80e39084729a57dfe749626c3b9d35247a14c49e
|
||||
remediation: First name and last name input should be limited to 50 characters or maximum 100 characters.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
||||
cvss-score: 5.5
|
||||
cve-id: CVE-2022-0968
|
||||
cwe-id: CWE-190
|
||||
epss-score: 0.00091
|
||||
cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.38112
|
||||
cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 3
|
||||
vendor: microweber
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: medium
|
||||
description: |
|
||||
WordPress Advanced Booking Calendar plugin before 1.7.1 contains a cross-site scripting vulnerability. It does not sanitize and escape the room parameter before outputting it back in an admin page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
|
||||
remediation: |
|
||||
Update to WordPress Advanced Booking Calendar plugin version 1.7.1 or later to mitigate this vulnerability.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/6f5b764b-d13b-4371-9cc5-91204d9d6358
|
||||
- https://wordpress.org/plugins/advanced-booking-calendar/
|
||||
|
@ -17,14 +19,14 @@ info:
|
|||
cve-id: CVE-2022-1007
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.00112
|
||||
cpe: cpe:2.3:a:elbtide:advanced_booking_calendar:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.43971
|
||||
cpe: cpe:2.3:a:elbtide:advanced_booking_calendar:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 2
|
||||
verified: true
|
||||
framework: wordpress
|
||||
max-request: 2
|
||||
vendor: elbtide
|
||||
product: advanced_booking_calendar
|
||||
framework: wordpress
|
||||
tags: wp-plugin,advanced-booking-calendar,cve,cve2022,wp,authenticated,wpscan,wordpress,xss
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,25 +6,25 @@ info:
|
|||
severity: critical
|
||||
description: |
|
||||
WordPress Personal Dictionary plugin before 1.3.4 contains a blind SQL injection vulnerability. The plugin fails to properly sanitize user-supplied POST data before being interpolated in an SQL statement and executed. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
|
||||
remediation: Fixed in version 1.3.4.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/eed70659-9e3e-42a2-b427-56c52e0fbc0d
|
||||
- https://wordpress.org/plugins/personal-dictionary/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-1013
|
||||
remediation: Fixed in version 1.3.4.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2022-1013
|
||||
cwe-id: CWE-89
|
||||
epss-score: 0.01144
|
||||
cpe: cpe:2.3:a:ays-pro:personal_dictionary:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.82961
|
||||
cpe: cpe:2.3:a:ays-pro:personal_dictionary:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
verified: true
|
||||
framework: wordpress
|
||||
max-request: 1
|
||||
vendor: ays-pro
|
||||
product: personal_dictionary
|
||||
framework: wordpress
|
||||
tags: wp,unauth,wpscan,cve,cve2022,sqli,wordpress,wp-plugin,personal-dictionary
|
||||
|
||||
http:
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: Akincibor
|
||||
severity: critical
|
||||
description: WordPress WooCommerce plugin before 3.1.2 does not have authorisation and CSRF checks in the wpt_admin_update_notice_option AJAX action (available to both unauthenticated and authenticated users), as well as does not validate the callback parameter, allowing unauthenticated attackers to call arbitrary functions with either none or one user controlled argument.
|
||||
remediation: |
|
||||
Update WordPress WooCommerce plugin to version 3.1.2 or later to mitigate the vulnerability.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/04fe89b3-8ad1-482f-a96d-759d1d3a0dd5
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-1020
|
||||
|
@ -14,13 +16,13 @@ info:
|
|||
cve-id: CVE-2022-1020
|
||||
cwe-id: CWE-352
|
||||
epss-score: 0.00614
|
||||
cpe: cpe:2.3:a:codeastrology:woo_product_table:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.76048
|
||||
cpe: cpe:2.3:a:codeastrology:woo_product_table:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
framework: wordpress
|
||||
vendor: codeastrology
|
||||
product: woo_product_table
|
||||
framework: wordpress
|
||||
tags: wpscan,wp,wp-plugin,wordpress,cve,cve2022,unauth
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: critical
|
||||
description: |
|
||||
Sophos Firewall version v18.5 MR3 and older contains an authentication bypass vulnerability in the User Portal and Webadmin which could allow a remote attacker to execute code.
|
||||
remediation: |
|
||||
Upgrade to a patched version of Sophos Firewall (>=18.5 MR4) to mitigate this vulnerability.
|
||||
reference:
|
||||
- https://github.com/killvxk/CVE-2022-1040
|
||||
- https://github.com/CronUp/Vulnerabilidades/blob/main/CVE-2022-1040_checker
|
||||
|
@ -17,14 +19,14 @@ info:
|
|||
cve-id: CVE-2022-1040
|
||||
cwe-id: CWE-287
|
||||
epss-score: 0.97499
|
||||
cpe: cpe:2.3:o:sophos:sfos:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.99961
|
||||
cpe: cpe:2.3:o:sophos:sfos:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
shodan-query: http.title:"Sophos"
|
||||
verified: true
|
||||
max-request: 1
|
||||
vendor: sophos
|
||||
product: sfos
|
||||
shodan-query: http.title:"Sophos"
|
||||
tags: cve,cve2022,sophos,firewall,auth-bypass,rce,kev
|
||||
|
||||
http:
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: Akincibor
|
||||
severity: medium
|
||||
description: WordPress RSVP and Event Management plugin before 2.7.8 is susceptible to missing authorization. The plugin does not have any authorization checks when exporting its entries, and the export function is hooked to the init action. An attacker can potentially retrieve sensitive information such as first name, last name, and email address of users registered for events,
|
||||
remediation: |
|
||||
Update the WordPress RSVP and Event Management plugin to version 2.7.8 or later.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/95a5fad1-e823-4571-8640-19bf5436578d
|
||||
classification:
|
||||
|
@ -13,13 +15,13 @@ info:
|
|||
cve-id: CVE-2022-1054
|
||||
cwe-id: CWE-862
|
||||
epss-score: 0.0033
|
||||
cpe: cpe:2.3:a:wpchill:rsvp_and_event_management:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.67328
|
||||
cpe: cpe:2.3:a:wpchill:rsvp_and_event_management:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
framework: wordpress
|
||||
vendor: wpchill
|
||||
product: rsvp_and_event_management
|
||||
framework: wordpress
|
||||
tags: wordpress,cve,cve2022,wpscan,wp,wp-plugin
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: critical
|
||||
description: |
|
||||
WordPress Pricing Deals for WooCommerce plugin through 2.0.2.02 contains a SQL injection vulnerability. The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
|
||||
remediation: |
|
||||
Update to the latest version of the Pricing Deals for WooCommerce plugin (2.0.2.03 or higher) to fix the SQL Injection vulnerability.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/7c33ffc3-84d1-4a0f-a837-794cdc3ad243
|
||||
- https://wordpress.org/plugins/pricing-deals-for-woocommerce/
|
||||
|
@ -16,14 +18,14 @@ info:
|
|||
cve-id: CVE-2022-1057
|
||||
cwe-id: CWE-89
|
||||
epss-score: 0.01851
|
||||
cpe: cpe:2.3:a:varktech:pricing_deals_for_woocommerce:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.8685
|
||||
cpe: cpe:2.3:a:varktech:pricing_deals_for_woocommerce:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
verified: true
|
||||
framework: wordpress
|
||||
max-request: 1
|
||||
vendor: varktech
|
||||
product: pricing_deals_for_woocommerce
|
||||
framework: wordpress
|
||||
tags: cve,cve2022,sqli,wpscan,wordpress,wp-plugin,wp,pricing-deals-for-woocommerce,unauth
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: medium
|
||||
description: |
|
||||
Gitea before 1.16.5 is susceptible to open redirect via GitHub repository go-gitea/gitea. An attacker can redirect a user to a malicious site and potentially obtain sensitive information, modify data, and/or execute unauthorized operations.
|
||||
remediation: |
|
||||
Upgrade Gitea to version 1.16.5 or later to fix the open redirect vulnerability.
|
||||
reference:
|
||||
- https://github.com/go-gitea/gitea/commit/e3d8e92bdc67562783de9a76b5b7842b68daeb48
|
||||
- https://huntr.dev/bounties/4fb42144-ac70-4f76-a5e1-ef6b5e55dc0d
|
||||
|
@ -16,14 +18,14 @@ info:
|
|||
cve-id: CVE-2022-1058
|
||||
cwe-id: CWE-601
|
||||
epss-score: 0.00112
|
||||
cpe: cpe:2.3:a:gitea:gitea:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.43971
|
||||
cpe: cpe:2.3:a:gitea:gitea:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 2
|
||||
shodan-query: title:"Gitea"
|
||||
verified: true
|
||||
max-request: 2
|
||||
vendor: gitea
|
||||
product: gitea
|
||||
shodan-query: title:"Gitea"
|
||||
tags: huntr,cve,cve2022,open-redirect,gitea
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: high
|
||||
description: |
|
||||
WordPress Simple File List before 3.2.8 is vulnerable to local file inclusion via the eeFile parameter in the ~/includes/ee-downloader.php due to missing controls which make it possible for unauthenticated attackers retrieve arbitrary files.
|
||||
remediation: |
|
||||
Update WordPress Simple File List to version 3.2.8 or later to mitigate the vulnerability.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/5551038f-64fb-44d8-bea0-d2f00f04877e
|
||||
- https://wpscan.com/vulnerability/075a3cc5-1970-4b64-a16f-3ec97e22b606
|
||||
|
@ -18,13 +20,13 @@ info:
|
|||
cve-id: CVE-2022-1119
|
||||
cwe-id: CWE-22
|
||||
epss-score: 0.29102
|
||||
cpe: cpe:2.3:a:simplefilelist:simple-file-list:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.96285
|
||||
cpe: cpe:2.3:a:simplefilelist:simple-file-list:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
framework: wordpress
|
||||
vendor: simplefilelist
|
||||
product: simple-file-list
|
||||
framework: wordpress
|
||||
tags: wp,wp-plugin,wpscan,cve,cve2022,lfi,wordpress
|
||||
|
||||
http:
|
||||
|
|
|
@ -5,26 +5,26 @@ info:
|
|||
author: GitLab Red Team
|
||||
severity: critical
|
||||
description: GitLab CE/EE contains a hard-coded credentials vulnerability. A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML), allowing attackers to potentially take over accounts. This template attempts to passively identify vulnerable versions of GitLab without the need for an exploit by matching unique hashes for the application-<hash>.css file in the header for unauthenticated requests. Positive matches do not guarantee exploitability. Affected versions are 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2.
|
||||
remediation: Tooling to find relevant hashes based on the semantic version ranges specified in the CVE is linked in the reference section below.
|
||||
reference:
|
||||
- https://gitlab.com/gitlab-com/gl-security/threatmanagement/redteam/redteam-public/cve-hash-harvester
|
||||
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1162.json
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1162
|
||||
- http://packetstormsecurity.com/files/166828/Gitlab-14.9-Authentication-Bypass.html
|
||||
- https://nvd.nist.gov/vuln/detail/cve-2022-1162
|
||||
remediation: Tooling to find relevant hashes based on the semantic version ranges specified in the CVE is linked in the reference section below.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2022-1162
|
||||
cwe-id: CWE-798
|
||||
epss-score: 0.20604
|
||||
cpe: cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
|
||||
epss-percentile: 0.95726
|
||||
cpe: cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
shodan-query: http.title:"GitLab"
|
||||
vendor: gitlab
|
||||
product: gitlab
|
||||
shodan-query: http.title:"GitLab"
|
||||
tags: cve,cve2022,gitlab,packetstorm
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: medium
|
||||
description: |
|
||||
WordPress WP JobSearch plugin prior to 1.5.1 contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
|
||||
remediation: |
|
||||
Update to the latest version of the WP JobSearch plugin (1.5.1 or higher) to mitigate the XSS vulnerability.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/bcf38e87-011e-4540-8bfb-c93443a4a490
|
||||
- https://codecanyon.net/item/jobsearch-wp-job-board-wordpress-plugin/21066856
|
||||
|
@ -16,15 +18,15 @@ info:
|
|||
cve-id: CVE-2022-1168
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.00112
|
||||
cpe: cpe:2.3:a:eyecix:jobsearch_wp_job_board:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.43971
|
||||
cpe: cpe:2.3:a:eyecix:jobsearch_wp_job_board:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
google-query: inurl:"wp-content/plugins/wp-jobsearch"
|
||||
verified: true
|
||||
framework: wordpress
|
||||
max-request: 1
|
||||
vendor: eyecix
|
||||
product: jobsearch_wp_job_board
|
||||
framework: wordpress
|
||||
google-query: inurl:"wp-content/plugins/wp-jobsearch"
|
||||
tags: wp-jobsearch",wpscan,cve,cve2022,wp-plugin,wp,wordpress,xss
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: medium
|
||||
description: |
|
||||
Wordpress Gwyn's Imagemap Selector plugin 0.3.3 and prior contains a reflected cross-site scripting vulnerability. It does not sanitize the id and class parameters before returning them back in attributes.
|
||||
remediation: |
|
||||
Update to the latest version of the WordPress Gwyn's Imagemap Selector plugin (0.3.3) or apply the vendor-supplied patch to fix the vulnerability.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/641be9f6-2f74-4386-b16e-4b9488f0d2a9
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1221
|
||||
|
@ -16,14 +18,14 @@ info:
|
|||
cve-id: CVE-2022-1221
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.00119
|
||||
cpe: cpe:2.3:a:gwyn\'s_imagemap_selector_project:gwyn\'s_imagemap_selector:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.45304
|
||||
cpe: cpe:2.3:a:gwyn\'s_imagemap_selector_project:gwyn\'s_imagemap_selector:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 2
|
||||
verified: true
|
||||
framework: wordpress
|
||||
max-request: 2
|
||||
vendor: gwyn\'s_imagemap_selector_project
|
||||
product: gwyn\'s_imagemap_selector
|
||||
framework: wordpress
|
||||
tags: cve2022,wpscan,xss,wordpress,wp-plugin,wp,cve
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,26 +6,26 @@ info:
|
|||
severity: high
|
||||
description: |
|
||||
The Elementor Website Builder plugin for WordPress versions 3.6.0 to 3.6.2 are vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the ~/core/app/modules/onboarding/module.php file. This makes it possible for attackers to modify site data and upload malicious files which can be used to obtain remote code execution.
|
||||
remediation: Fixed in version 3.6.3
|
||||
reference:
|
||||
- https://www.wordfence.com/blog/2022/04/elementor-critical-remote-code-execution-vulnerability/
|
||||
- https://wordpress.org/plugins/elementor/
|
||||
- https://plugins.trac.wordpress.org/changeset/2708766/elementor/trunk/core/app/modules/onboarding/module.php
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-1329
|
||||
remediation: Fixed in version 3.6.3
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 8.8
|
||||
cve-id: CVE-2022-1329
|
||||
cwe-id: CWE-434,CWE-862
|
||||
epss-score: 0.96419
|
||||
cpe: cpe:2.3:a:elementor:website_builder:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.99372
|
||||
cpe: cpe:2.3:a:elementor:website_builder:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 4
|
||||
verified: true
|
||||
framework: wordpress
|
||||
max-request: 4
|
||||
vendor: elementor
|
||||
product: website_builder
|
||||
framework: wordpress
|
||||
tags: cve,cve2022,rce,wordpress,wp-plugin,wp,elementor,authenticated,intrusive,fileupload
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: critical
|
||||
description: |
|
||||
WordPress Fusion Builder plugin before 3.6.2 is susceptible to server-side request forgery. The plugin does not validate a parameter in its forms, which can be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. An attacker can potentially interact with hosts on the server's local network, bypass firewalls, and access control measures.
|
||||
remediation: |
|
||||
Update to the latest version of WordPress Fusion Builder plugin (3.6.2) or apply the vendor-provided patch.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/bf7034ab-24c4-461f-a709-3f73988b536b
|
||||
- https://www.rootshellsecurity.net/rootshell-discovered-a-critical-vulnerability-in-top-wordpress-theme/
|
||||
|
@ -17,13 +19,13 @@ info:
|
|||
cve-id: CVE-2022-1386
|
||||
cwe-id: CWE-918
|
||||
epss-score: 0.08014
|
||||
cpe: cpe:2.3:a:theme-fusion:avada:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.93446
|
||||
cpe: cpe:2.3:a:theme-fusion:avada:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 2
|
||||
framework: wordpress
|
||||
vendor: theme-fusion
|
||||
product: avada
|
||||
framework: wordpress
|
||||
tags: wpscan,cve,cve2022,wordpress,ssrf,themefusion,wp,fusion,avada,intrusive
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: critical
|
||||
description: |
|
||||
F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, may allow undisclosed requests to bypass iControl REST authentication.
|
||||
remediation: |
|
||||
Apply the necessary security patches or updates provided by F5 Networks to mitigate this vulnerability.
|
||||
reference:
|
||||
- https://twitter.com/GossiTheDog/status/1523566937414193153
|
||||
- https://www.horizon3.ai/f5-icontrol-rest-endpoint-authentication-bypass-technical-deep-dive/
|
||||
|
@ -17,14 +19,14 @@ info:
|
|||
cve-id: CVE-2022-1388
|
||||
cwe-id: CWE-306
|
||||
epss-score: 0.9748
|
||||
cpe: cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.9995
|
||||
cpe: cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 2
|
||||
shodan-query: http.title:"BIG-IP®-+Redirect" +"Server"
|
||||
verified: true
|
||||
max-request: 2
|
||||
vendor: f5
|
||||
product: big-ip_access_policy_manager
|
||||
shodan-query: http.title:"BIG-IP®-+Redirect" +"Server"
|
||||
tags: f5,bigip,cve,cve2022,rce,mirai,kev
|
||||
variables:
|
||||
auth: "admin:"
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: critical
|
||||
description: |
|
||||
The plugin does not validate the path parameter given to readfile(), which could allow unauthenticated attackers to read arbitrary files on server running old version of PHP susceptible to the null byte technique. This could also lead to RCE by using a Phar Deserialization technique.
|
||||
remediation: |
|
||||
Update to the latest version of the WordPress Admin Word Count Column plugin (2.2 or higher) to fix the local file inclusion vulnerability.
|
||||
reference:
|
||||
- https://packetstormsecurity.com/files/166476/WordPress-Admin-Word-Count-Column-2.2-Local-File-Inclusion.html
|
||||
- https://wordpress.org/plugins/admin-word-count-column/
|
||||
|
@ -17,13 +19,13 @@ info:
|
|||
cve-id: CVE-2022-1390
|
||||
cwe-id: CWE-22
|
||||
epss-score: 0.96676
|
||||
cpe: cpe:2.3:a:admin_word_count_column_project:admin_word_count_column:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.99485
|
||||
cpe: cpe:2.3:a:admin_word_count_column_project:admin_word_count_column:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
framework: wordpress
|
||||
vendor: admin_word_count_column_project
|
||||
product: admin_word_count_column
|
||||
framework: wordpress
|
||||
tags: packetstorm,wpscan,cve,cve2022,wordpress,wp-plugin,lfi,wp
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: critical
|
||||
description: |
|
||||
The Cab fare calculator WordPress plugin before 1.0.4 does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues.
|
||||
remediation: |
|
||||
Update to the latest version of the WordPress Cab fare calculator plugin (1.0.4) to fix the local file inclusion vulnerability.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/50843
|
||||
- https://wordpress.org/plugins/cab-fare-calculator
|
||||
|
@ -17,13 +19,13 @@ info:
|
|||
cve-id: CVE-2022-1391
|
||||
cwe-id: CWE-22
|
||||
epss-score: 0.02167
|
||||
cpe: cpe:2.3:a:kanev:cab_fare_calculator:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.87921
|
||||
cpe: cpe:2.3:a:kanev:cab_fare_calculator:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
framework: wordpress
|
||||
vendor: kanev
|
||||
product: cab_fare_calculator
|
||||
framework: wordpress
|
||||
tags: cve2022,wordpress,wp-plugin,lfi,wp,edb,wpscan,cve
|
||||
|
||||
http:
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: Veshraj
|
||||
severity: high
|
||||
description: WordPress Videos sync PDF 1.7.4 and prior does not validate the p parameter before using it in an include statement, which could lead to local file inclusion.
|
||||
remediation: |
|
||||
Upgrade to the latest version of WordPress Videos sync PDF plugin (>=1.7.5) or apply the vendor-provided patch to mitigate the vulnerability.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/fe3da8c1-ae21-4b70-b3f5-a7d014aa3815
|
||||
- https://packetstormsecurity.com/files/166534/
|
||||
|
@ -15,14 +17,14 @@ info:
|
|||
cve-id: CVE-2022-1392
|
||||
cwe-id: CWE-22
|
||||
epss-score: 0.01182
|
||||
cpe: cpe:2.3:a:commoninja:videos_sync_pdf:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.83293
|
||||
cpe: cpe:2.3:a:commoninja:videos_sync_pdf:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
verified: true
|
||||
framework: wordpress
|
||||
max-request: 1
|
||||
vendor: commoninja
|
||||
product: videos_sync_pdf
|
||||
framework: wordpress
|
||||
tags: lfi,wp-plugin,unauth,wpscan,cve,cve2022,packetstorm,wp,wordpress
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: medium
|
||||
description: |
|
||||
WordPress External Media without Import plugin through 1.1.2 is susceptible to authenticated blind server-side request forgery. The plugin has no authorization and does not ensure that media added via URLs are external media, which can allow any authenticated users, including subscribers, to obtain sensitive information, modify data, and/or execute unauthorized administrative operations.
|
||||
remediation: |
|
||||
Upgrade to External Media without Import plugin version 1.1.2 or later.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/5440d177-e995-403e-b2c9-42ceda14579e
|
||||
- https://wordpress.org/plugins/external-media-without-import/
|
||||
|
@ -16,14 +18,14 @@ info:
|
|||
cve-id: CVE-2022-1398
|
||||
cwe-id: CWE-918
|
||||
epss-score: 0.0048
|
||||
cpe: cpe:2.3:a:external_media_without_import_project:external_media_without_import:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.72781
|
||||
cpe: cpe:2.3:a:external_media_without_import_project:external_media_without_import:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 3
|
||||
verified: true
|
||||
framework: wordpress
|
||||
max-request: 3
|
||||
vendor: external_media_without_import_project
|
||||
product: external_media_without_import
|
||||
framework: wordpress
|
||||
tags: cve,cve2022,ssrf,wordpress,wp-plugin,wp,wpscan,external-media-without-import,authenticated,intrusive
|
||||
|
||||
http:
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: pikpikcu
|
||||
severity: medium
|
||||
description: Microweber prior to 1.2.15 contains a reflected cross-site scripting vulnerability. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
|
||||
remediation: |
|
||||
Upgrade to Microweber CMS version 1.2.15 or later, which includes proper input sanitization to mitigate the XSS vulnerability.
|
||||
reference:
|
||||
- https://huntr.dev/bounties/86f6a762-0f3d-443d-a676-20f8496907e0/
|
||||
- https://huntr.dev/bounties/86f6a762-0f3d-443d-a676-20f8496907e0
|
||||
|
@ -16,13 +18,13 @@ info:
|
|||
cve-id: CVE-2022-1439
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.00113
|
||||
cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.44027
|
||||
cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
shodan-query: http.favicon.hash:780351152
|
||||
vendor: microweber
|
||||
product: microweber
|
||||
shodan-query: http.favicon.hash:780351152
|
||||
tags: cve,cve2022,microweber,xss,huntr
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: high
|
||||
description: |
|
||||
WordPress Metform plugin through 2.1.3 is susceptible to information disclosure due to improper access control in the ~/core/forms/action.php file. An attacker can view all API keys and secrets of integrated third-party APIs such as that of PayPal, Stripe, Mailchimp, Hubspot, HelpScout, reCAPTCHA and many more.
|
||||
remediation: |
|
||||
Upgrade to the latest version of the Metform plugin (>=2.1.4) to fix the information disclosure vulnerability.
|
||||
reference:
|
||||
- https://gist.github.com/Xib3rR4dAr/6e6c6e5fa1f8818058c7f03de1eda6bf
|
||||
- https://wpscan.com/vulnerability/9f3fcdd4-9ddc-45d5-a4af-e58634813c2b
|
||||
|
@ -18,15 +20,15 @@ info:
|
|||
cve-id: CVE-2022-1442
|
||||
cwe-id: CWE-862
|
||||
epss-score: 0.07166
|
||||
cpe: cpe:2.3:a:wpmet:metform_elementor_contact_form_builder:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.93146
|
||||
cpe: cpe:2.3:a:wpmet:metform_elementor_contact_form_builder:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 2
|
||||
google-query: inurl:/wp-content/plugins/metform
|
||||
verified: true
|
||||
framework: wordpress
|
||||
max-request: 2
|
||||
vendor: wpmet
|
||||
product: metform_elementor_contact_form_builder
|
||||
framework: wordpress
|
||||
google-query: inurl:/wp-content/plugins/metform
|
||||
tags: wpscan,cve2022,wordpress,wp-plugin,disclosure,unauth,metform,cve,wp
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: critical
|
||||
description: |
|
||||
WordPress HTML2WP plugin through 1.0.0 contains an arbitrary file upload vulnerability. The plugin does not perform authorization and CSRF checks when importing files and does not validate them. As a result, an attacker can upload arbitrary files on the remote server.
|
||||
remediation: |
|
||||
Update to the latest version of the plugin or remove it if not needed.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/c36d0ea8-bf5c-4af9-bd3d-911eb02adc14
|
||||
- https://wordpress.org/plugins/html2wp/
|
||||
|
@ -16,14 +18,14 @@ info:
|
|||
cve-id: CVE-2022-1574
|
||||
cwe-id: CWE-352
|
||||
epss-score: 0.02682
|
||||
cpe: cpe:2.3:a:html2wp_project:html2wp:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.89096
|
||||
cpe: cpe:2.3:a:html2wp_project:html2wp:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 2
|
||||
verified: true
|
||||
framework: wordpress
|
||||
max-request: 2
|
||||
vendor: html2wp_project
|
||||
product: html2wp
|
||||
framework: wordpress
|
||||
tags: wp-plugin,wp,fileupload,unauth,wpscan,cve2022,wordpress,intrusive,cve,html2wp
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: medium
|
||||
description: |
|
||||
WordPress HC Custom WP-Admin URL plugin through 1.4 leaks the secret login URL when sending a specially crafted request, thereby allowing an attacker to discover the administrative login URL.
|
||||
remediation: |
|
||||
Update to the latest version of WordPress HC Custom WP-Admin URL plugin (>=1.5) to mitigate the vulnerability.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/0218c90c-8f79-4f37-9a6f-60cf2f47d47b
|
||||
- https://wordpress.org/plugins/hc-custom-wp-admin-url/
|
||||
|
@ -16,14 +18,14 @@ info:
|
|||
cve-id: CVE-2022-1595
|
||||
cwe-id: CWE-200
|
||||
epss-score: 0.0018
|
||||
cpe: cpe:2.3:a:hc_custom_wp-admin_url_project:hc_custom_wp-admin_url:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.54465
|
||||
cpe: cpe:2.3:a:hc_custom_wp-admin_url_project:hc_custom_wp-admin_url:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 2
|
||||
verified: true
|
||||
framework: wordpress
|
||||
max-request: 2
|
||||
vendor: hc_custom_wp-admin_url_project
|
||||
product: hc_custom_wp-admin_url
|
||||
framework: wordpress
|
||||
tags: unauth,wpscan,cve,cve2022,wordpress,wp-plugin,wp,hc-custom-wp-admin-url
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: medium
|
||||
description: |
|
||||
WordPress WPQA plugin prior to 5.4 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape a parameter on its reset password form.
|
||||
remediation: |
|
||||
Upgrade WordPress WPQA to version 5.4 or later, which includes proper input sanitization to mitigate this vulnerability.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/faff9484-9fc7-4300-bdad-9cd8a30a9a4e
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-1597
|
||||
|
@ -15,15 +17,15 @@ info:
|
|||
cve-id: CVE-2022-1597
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.00252
|
||||
cpe: cpe:2.3:a:2code:wpqa_builder:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.62319
|
||||
cpe: cpe:2.3:a:2code:wpqa_builder:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 2
|
||||
google-query: inurl:/wp-content/plugins/wpqa
|
||||
verified: true
|
||||
framework: wordpress
|
||||
max-request: 2
|
||||
vendor: 2code
|
||||
product: wpqa_builder
|
||||
framework: wordpress
|
||||
google-query: inurl:/wp-content/plugins/wpqa
|
||||
tags: wpscan,xss,wordpress,wp-plugin,wp,cve,cve2022,wpqa
|
||||
variables:
|
||||
user: "{{to_lower(rand_base(5))}}"
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: medium
|
||||
description: |
|
||||
WordPress WPQA plugin before 5.5 is susceptible to improper access control. The plugin lacks authentication in a REST API endpoint. An attacker can potentially discover private questions sent between users on the site.
|
||||
remediation: |
|
||||
Update the WPQA plugin to version 5.5 or later to fix the improper access control issue.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/0416ae2f-5670-4080-a88d-3484bb19d8c8
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1598
|
||||
|
@ -16,15 +18,15 @@ info:
|
|||
cve-id: CVE-2022-1598
|
||||
cwe-id: CWE-306
|
||||
epss-score: 0.02766
|
||||
cpe: cpe:2.3:a:2code:wpqa_builder:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.89258
|
||||
cpe: cpe:2.3:a:2code:wpqa_builder:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
google-query: inurl:/wp-content/plugins/wpqa
|
||||
verified: true
|
||||
framework: wordpress
|
||||
max-request: 1
|
||||
vendor: 2code
|
||||
product: wpqa_builder
|
||||
framework: wordpress
|
||||
google-query: inurl:/wp-content/plugins/wpqa
|
||||
tags: cve,cve2022,wordpress,wp-plugin,wpqa,idor,wpscan
|
||||
|
||||
http:
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: For3stCo1d
|
||||
severity: critical
|
||||
description: The School Management plugin before version 9.9.7 contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated attacker to execute arbitrary PHP code on the site.
|
||||
remediation: |
|
||||
Upgrade The School Management to version 9.9.7 or later to mitigate this vulnerability.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/e2d546c9-85b6-47a4-b951-781b9ae5d0f2
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1609
|
||||
|
@ -14,8 +16,8 @@ info:
|
|||
cve-id: CVE-2022-1609
|
||||
cwe-id: CWE-77
|
||||
metadata:
|
||||
max-request: 1
|
||||
verified: false
|
||||
max-request: 1
|
||||
tags: rce,wp,backdoor,wpscan,cve,cve2022,wordpress
|
||||
variables:
|
||||
cmd: "echo CVE-2022-1609 | rev"
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: high
|
||||
description: |
|
||||
Drawio prior to 18.0.4 is vulnerable to server-side request forgery. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information.
|
||||
remediation: |
|
||||
Upgrade Drawio to version 18.0.4 or later to mitigate the SSRF vulnerability.
|
||||
reference:
|
||||
- https://huntr.dev/bounties/cad3902f-3afb-4ed2-abd0-9f96a248de11
|
||||
- https://github.com/jgraph/drawio/commit/283d41ec80ad410d68634245cf56114bc19331ee
|
||||
|
@ -16,14 +18,14 @@ info:
|
|||
cve-id: CVE-2022-1713
|
||||
cwe-id: CWE-918
|
||||
epss-score: 0.00967
|
||||
cpe: cpe:2.3:a:diagrams:drawio:*:*:*:*:*:*:*:*
|
||||
epss-percentile: 0.81398
|
||||
cpe: cpe:2.3:a:diagrams:drawio:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
verified: true
|
||||
shodan-query: http.title:"Flowchart Maker"
|
||||
max-request: 1
|
||||
vendor: diagrams
|
||||
product: drawio
|
||||
shodan-query: http.title:"Flowchart Maker"
|
||||
tags: drawio,ssrf,oss,huntr,cve,cve2022
|
||||
|
||||
http:
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: Akincibor
|
||||
severity: medium
|
||||
description: WordPress Simple Membership plugin before 4.1.1 contains a reflected cross-site scripting vulnerability. It does not properly sanitize and escape parameters before outputting them back in AJAX actions.
|
||||
remediation: |
|
||||
Update to the latest version of WordPress Simple Membership plugin (4.1.1 or higher) to mitigate the vulnerability.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/96a0a667-9c4b-4ea6-b78a-0681e9a9bbae
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-1724
|
||||
|
@ -14,14 +16,14 @@ info:
|
|||
cve-id: CVE-2022-1724
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.00119
|
||||
cpe: cpe:2.3:a:simple-membership-plugin:simple_membership:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.45304
|
||||
cpe: cpe:2.3:a:simple-membership-plugin:simple_membership:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
verified: true
|
||||
framework: wordpress
|
||||
max-request: 1
|
||||
vendor: simple-membership-plugin
|
||||
product: simple_membership
|
||||
framework: wordpress
|
||||
tags: xss,wp,wordpress,wpscan,cve,cve2022,wp-plugin
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,26 +6,26 @@ info:
|
|||
severity: medium
|
||||
description: |
|
||||
The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $_SERVER['REQUEST_URI'] before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected XSS in older browsers such as Internet Explorer 9 or below.
|
||||
remediation: Fixed in version 7.4.5
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/6ad407fe-db2b-41fb-834b-dd8c4f62b072
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-1756
|
||||
- https://wordpress.org/plugins/newsletter/
|
||||
remediation: Fixed in version 7.4.5
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2022-1756
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.00099
|
||||
cpe: cpe:2.3:a:thenewsletterplugin:newsletter:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.40272
|
||||
cpe: cpe:2.3:a:thenewsletterplugin:newsletter:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
verified: true
|
||||
publicwww-query: "/wp-content/plugins/newsletter/"
|
||||
max-request: 2
|
||||
framework: wordpress
|
||||
vendor: thenewsletterplugin
|
||||
product: newsletter
|
||||
framework: wordpress
|
||||
publicwww-query: "/wp-content/plugins/newsletter/"
|
||||
tags: wpscan,cve,cve2022,newsletter,xss,authenticated
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: high
|
||||
description: |
|
||||
WordPress RSVPMaker plugin through 9.3.2 contains a SQL injection vulnerability due to insufficient escaping and parameterization on user-supplied data passed to multiple SQL queries in ~/rsvpmaker-email.php. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
|
||||
remediation: |
|
||||
Update to the latest version of the RSVPMaker plugin (9.3.3 or higher) to mitigate the SQL Injection vulnerability.
|
||||
reference:
|
||||
- https://gist.github.com/Xib3rR4dAr/441d6bb4a5b8ad4b25074a49210a02cc
|
||||
- https://wordpress.org/plugins/rsvpmaker/
|
||||
|
@ -18,14 +20,14 @@ info:
|
|||
cve-id: CVE-2022-1768
|
||||
cwe-id: CWE-89
|
||||
epss-score: 0.63139
|
||||
cpe: cpe:2.3:a:rsvpmaker_project:rsvpmaker:*:*:*:*:*:wordpress:*:*
|
||||
epss-percentile: 0.97399
|
||||
cpe: cpe:2.3:a:rsvpmaker_project:rsvpmaker:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
verified: true
|
||||
framework: wordpress
|
||||
max-request: 1
|
||||
vendor: rsvpmaker_project
|
||||
product: rsvpmaker
|
||||
framework: wordpress
|
||||
tags: cve,cve2022,wordpress,wp-plugin,wp,sqli,rsvpmaker
|
||||
|
||||
http:
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue