From 4792f4f4400c51c3048c9368e01033e26177f752 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Sun, 5 Mar 2023 14:19:20 +0000 Subject: [PATCH] Auto Generated CVE annotations [Sun Mar 5 14:19:20 UTC 2023] :robot: --- cves/2015/CVE-2015-2755.yaml | 4 +++- cves/2015/CVE-2015-4062.yaml | 3 ++- cves/2015/CVE-2015-4063.yaml | 5 +++-- cves/2015/CVE-2015-9312.yaml | 10 ++++++++-- cves/2017/CVE-2017-14622.yaml | 7 ++++++- cves/2018/CVE-2018-16159.yaml | 5 +++-- cves/2021/CVE-2021-24145.yaml | 4 ++-- cves/2021/CVE-2021-24155.yaml | 4 ++-- cves/2021/CVE-2021-24169.yaml | 9 +++++++-- cves/2021/CVE-2021-24287.yaml | 9 +++++++-- cves/2021/CVE-2021-24347.yaml | 8 ++++---- cves/2021/CVE-2021-24554.yaml | 3 ++- cves/2021/CVE-2021-24875.yaml | 2 +- cves/2021/CVE-2021-24931.yaml | 4 ++-- cves/2021/CVE-2021-25067.yaml | 2 +- cves/2021/CVE-2021-27520.yaml | 11 +++++++++-- cves/2022/CVE-2022-0693.yaml | 2 +- cves/2022/CVE-2022-0760.yaml | 2 +- cves/2022/CVE-2022-0949.yaml | 2 +- cves/2022/CVE-2022-1013.yaml | 2 +- cves/2022/CVE-2022-3934.yaml | 2 +- cves/2022/CVE-2022-4060.yaml | 2 +- cves/2022/CVE-2022-4063.yaml | 2 +- cves/2022/CVE-2022-46888.yaml | 8 +++++++- cves/2023/CVE-2023-23492.yaml | 7 +++++-- vulnerabilities/wordpress/3d-print-lite-xss.yaml | 2 +- vulnerabilities/wordpress/wp-touch-redirect.yaml | 2 +- 27 files changed, 83 insertions(+), 40 deletions(-) diff --git a/cves/2015/CVE-2015-2755.yaml b/cves/2015/CVE-2015-2755.yaml index 86e83ffbed..6bf534cb1e 100644 --- a/cves/2015/CVE-2015-2755.yaml +++ b/cves/2015/CVE-2015-2755.yaml @@ -9,9 +9,11 @@ info: reference: - https://packetstormsecurity.com/files/131155/ - https://nvd.nist.gov/vuln/detail/https://nvd.nist.gov/vuln/detail/CVE-2015-2755 + - http://packetstormsecurity.com/files/131155/WordPress-Google-Map-Travel-3.4-XSS-CSRF.html + - http://packetstormsecurity.com/files/130960/WordPress-AB-Google-Map-Travel-CSRF-XSS.html metadata: verified: "true" - tags: cve,cve2015,xss,wordpress,wp-plugin,wp,ab-map + tags: cve2015,xss,wordpress,wp-plugin,wp,ab-map,packetstorm,cve requests: - raw: diff --git a/cves/2015/CVE-2015-4062.yaml b/cves/2015/CVE-2015-4062.yaml index 6c59c3809c..99f4b05cd3 100644 --- a/cves/2015/CVE-2015-4062.yaml +++ b/cves/2015/CVE-2015-4062.yaml @@ -10,6 +10,7 @@ info: - https://packetstormsecurity.com/files/132038/ - https://nvd.nist.gov/vuln/detail/CVE-2015-4062 - https://wordpress.org/plugins/newstatpress + - http://packetstormsecurity.com/files/132038/WordPress-NewStatPress-0.9.8-Cross-Site-Scripting-SQL-Injection.html remediation: | Update to plugin version 0.9.9 or latest classification: @@ -19,7 +20,7 @@ info: cwe-id: CWE-89 metadata: verified: "true" - tags: cve,cve2015,sqli,wordpress,wp-plugin,wp,authenticated,newstatpress + tags: authenticated,cve,sqli,wp-plugin,newstatpress,packetstorm,cve2015,wordpress,wp requests: - raw: diff --git a/cves/2015/CVE-2015-4063.yaml b/cves/2015/CVE-2015-4063.yaml index 75d5e53fe3..9f55dbcec1 100644 --- a/cves/2015/CVE-2015-4063.yaml +++ b/cves/2015/CVE-2015-4063.yaml @@ -6,14 +6,15 @@ info: severity: medium description: | Cross-site scripting (XSS) vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the where1 parameter in the nsp_search page to wp-admin/admin.php. - remediation: Update to plugin version 0.9.9 or latest. reference: - https://packetstormsecurity.com/files/132038/ - https://nvd.nist.gov/vuln/detail/CVE-2015-4063 - https://wordpress.org/plugins/newstatpress/ + - http://packetstormsecurity.com/files/132038/WordPress-NewStatPress-0.9.8-Cross-Site-Scripting-SQL-Injection.html + remediation: Update to plugin version 0.9.9 or latest. metadata: verified: "true" - tags: cve,cve2015,xss,wordpress,wp-plugin,wp,newstatpress + tags: cve,cve2015,xss,wordpress,wp-plugin,wp,newstatpress,packetstorm requests: - raw: diff --git a/cves/2015/CVE-2015-9312.yaml b/cves/2015/CVE-2015-9312.yaml index 672bce98df..80aaf13074 100644 --- a/cves/2015/CVE-2015-9312.yaml +++ b/cves/2015/CVE-2015-9312.yaml @@ -6,14 +6,20 @@ info: severity: medium description: | The NewStatPress plugin utilizes on lines 28 and 31 of the file ‘includes/nsp_search.php’ several variables from the $_GET scope, without sanitation. While WordPress automatically escapes quotes on this scope, the outputs on these lines are outside of quotes, and as such can be utilized to trigger a Reflected XSS attack. - remediation: Fixed in version 1.0.6 reference: - https://wpscan.com/vulnerability/46bf6c69-b612-4aee-965d-91f53f642054 - https://nvd.nist.gov/vuln/detail/CVE-2015-9312 - https://g0blin.co.uk/g0blin-00057/ + - https://wordpress.org/plugins/newstatpress/#developers + remediation: Fixed in version 1.0.6 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2015-9312 + cwe-id: CWE-79 metadata: verified: "true" - tags: cve,cve2015,xss,wordpress,wp-plugin,wp,newstatpress,authenticated + tags: cve2015,xss,authenticated,wp,newstatpress,wpscan,cve,wordpress,wp-plugin requests: - raw: diff --git a/cves/2017/CVE-2017-14622.yaml b/cves/2017/CVE-2017-14622.yaml index 74dfe4884c..43edfc752f 100644 --- a/cves/2017/CVE-2017-14622.yaml +++ b/cves/2017/CVE-2017-14622.yaml @@ -11,9 +11,14 @@ info: - http://www.securityfocus.com/bid/101050 - https://wordpress.org/plugins/2kb-amazon-affiliates-store/#developers - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14622 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2017-14622 + cwe-id: CWE-79 metadata: verified: "true" - tags: xss,wordpress,wp-plugin,wp,2kb-amazon-affiliates-store,authenticated + tags: xss,wordpress,wp-plugin,wp,2kb-amazon-affiliates-store,authenticated,packetstorm requests: - raw: diff --git a/cves/2018/CVE-2018-16159.yaml b/cves/2018/CVE-2018-16159.yaml index e9bf735a6d..6e68fac189 100644 --- a/cves/2018/CVE-2018-16159.yaml +++ b/cves/2018/CVE-2018-16159.yaml @@ -6,11 +6,12 @@ info: severity: critical description: | The Gift Vouchers plugin through 2.0.1 for WordPress allows SQL Injection via the template_id parameter in a wp-admin/admin-ajax.php wpgv_doajax_front_template request. - remediation: Fixed in version 4.1.8 reference: - https://wpscan.com/vulnerability/9117 - https://wordpress.org/plugins/gift-voucher/ - https://nvd.nist.gov/vuln/detail/CVE-2018-16159 + - https://www.exploit-db.com/exploits/45255/ + remediation: Fixed in version 4.1.8 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 @@ -18,7 +19,7 @@ info: cwe-id: CWE-89 metadata: verified: "true" - tags: cve,cve2018,sqli,wordpress,wp-plugin,wp,gift-voucher,unauth + tags: sqli,wordpress,wpscan,cve,wp-plugin,wp,gift-voucher,unauth,cve2018 requests: - raw: diff --git a/cves/2021/CVE-2021-24145.yaml b/cves/2021/CVE-2021-24145.yaml index 37013d6849..3cb3a6e356 100644 --- a/cves/2021/CVE-2021-24145.yaml +++ b/cves/2021/CVE-2021-24145.yaml @@ -6,12 +6,12 @@ info: severity: high description: | Arbitrary file upload in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly check the imported file, allowing PHP ones to be uploaded by administrator by using the 'text/csv' content-type in the request. - remediation: Fixed in version 5.16.5 reference: - https://wpscan.com/vulnerability/f42cc26b-9aab-4824-8168-b5b8571d1610 - https://downloads.wordpress.org/plugin/modern-events-calendar-lite.5.15.5.zip - https://github.com/dnr6419/CVE-2021-24145 - https://nvd.nist.gov/vuln/detail/CVE-2021-24145 + remediation: Fixed in version 5.16.5 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H cvss-score: 7.2 @@ -19,7 +19,7 @@ info: cwe-id: CWE-434 metadata: verified: "true" - tags: cve,cve2021,rce,wordpress,wp-plugin,wp,modern-events-calendar-lite,auth + tags: auth,wpscan,cve,wordpress,wp-plugin,wp,modern-events-calendar-lite,cve2021,rce requests: - raw: diff --git a/cves/2021/CVE-2021-24155.yaml b/cves/2021/CVE-2021-24155.yaml index 75470165b5..73073e9d63 100644 --- a/cves/2021/CVE-2021-24155.yaml +++ b/cves/2021/CVE-2021-24155.yaml @@ -6,11 +6,11 @@ info: severity: high description: | The WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users (admin+) to upload arbitrary files, including PHP ones, leading to RCE. - remediation: Fixed in version 1.6.0 reference: - https://wpscan.com/vulnerability/d442acac-4394-45e4-b6bb-adf4a40960fb - https://wordpress.org/plugins/backup/ - https://nvd.nist.gov/vuln/detail/CVE-2021-24155 + remediation: Fixed in version 1.6.0 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H cvss-score: 7.2 @@ -18,7 +18,7 @@ info: cwe-id: CWE-434 metadata: verified: "true" - tags: cve,cve2021,rce,wordpress,wp-plugin,wp,backup,authenticated + tags: wp-plugin,authenticated,wpscan,cve2021,rce,wordpress,cve,wp,backup requests: - raw: diff --git a/cves/2021/CVE-2021-24169.yaml b/cves/2021/CVE-2021-24169.yaml index 8cdebaf191..d33d26fafb 100644 --- a/cves/2021/CVE-2021-24169.yaml +++ b/cves/2021/CVE-2021-24169.yaml @@ -6,15 +6,20 @@ info: severity: medium description: | This Advanced Order Export For WooCommerce WordPress plugin before 3.1.8 helps you to easily export WooCommerce order data. The tab parameter in the Admin Panel is vulnerable to reflected XSS. - remediation: Fixed in version 3.1.8 reference: - https://wpscan.com/vulnerability/09681a6c-57b8-4448-982a-fe8d28c87fc3 - https://www.exploit-db.com/exploits/50324 - https://wordpress.org/plugins/woo-order-export-lite/ - https://nvd.nist.gov/vuln/detail/CVE-2021-24169 + remediation: Fixed in version 3.1.8 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2021-24169 + cwe-id: CWE-79 metadata: verified: "true" - tags: cve,cve2021,xss,wordpress,wp-plugin,wp,woo-order-export-lite,authenticated + tags: wordpress,authenticated,wpscan,cve,cve2021,xss,wp-plugin,wp,woo-order-export-lite,edb requests: - raw: diff --git a/cves/2021/CVE-2021-24287.yaml b/cves/2021/CVE-2021-24287.yaml index e374a9edcb..d3abe20d98 100644 --- a/cves/2021/CVE-2021-24287.yaml +++ b/cves/2021/CVE-2021-24287.yaml @@ -6,15 +6,20 @@ info: severity: medium description: | The settings page of the plugin did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue - remediation: Fixed in version 1.3.2 reference: - https://www.exploit-db.com/exploits/50349 - https://nvd.nist.gov/vuln/detail/CVE-2021-24287 - https://wpscan.com/vulnerability/56e1bb56-bfc5-40dd-b2d0-edef43d89bdf - https://wordpress.org/plugins/select-all-categories-and-taxonomies-change-checkbox-to-radio-buttons/ + remediation: Fixed in version 1.3.2 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2021-24287 + cwe-id: CWE-79 metadata: verified: "true" - tags: cve,cve2021,xss,wordpress,wp-plugin,wp,select-all-categories,taxonomies-change-checkbox-to-radio-buttons,authenticated + tags: wp,select-all-categories,taxonomies-change-checkbox-to-radio-buttons,authenticated,wpscan,cve2021,xss,wp-plugin,cve,wordpress,edb requests: - raw: diff --git a/cves/2021/CVE-2021-24347.yaml b/cves/2021/CVE-2021-24347.yaml index 2d8bdc2b99..26dee8f9d6 100644 --- a/cves/2021/CVE-2021-24347.yaml +++ b/cves/2021/CVE-2021-24347.yaml @@ -6,19 +6,19 @@ info: severity: high description: | The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that php files could still be uploaded by changing the file extension's case, for example, from "php" to "pHP". - remediation: Fixed in version 4.22 reference: - https://wpscan.com/vulnerability/8f6e82d5-c0e9-468e-acb8-7cd549f6a45a - https://wordpress.org/plugins/sp-client-document-manager/ - https://nvd.nist.gov/vuln/detail/CVE-2021-24347 + remediation: Fixed in version 4.22 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H - cvss-score: 8.3 + cvss-score: 8.8 cve-id: CVE-2021-24347 - cwe-id: CWE-434 + cwe-id: CWE-178 metadata: verified: "true" - tags: cve,cve2021,rce,wordpress,wp-plugin,wp,sp-client-document-manager,authenticated + tags: wp-plugin,wp,sp-client-document-manager,authenticated,wordpress,cve2021,rce,wpscan,cve requests: - raw: diff --git a/cves/2021/CVE-2021-24554.yaml b/cves/2021/CVE-2021-24554.yaml index 41b3e7d809..7acddadd6a 100644 --- a/cves/2021/CVE-2021-24554.yaml +++ b/cves/2021/CVE-2021-24554.yaml @@ -10,6 +10,7 @@ info: - https://wpscan.com/vulnerability/f2842ac8-76fa-4490-aa0c-5f2b07ecf2ad - https://wordpress.org/plugins/wp-paytm-pay/ - https://nvd.nist.gov/vuln/detail/CVE-2021-24554 + - https://codevigilant.com/disclosure/2021/wp-plugin-wp-paytm-pay/ classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H cvss-score: 7.2 @@ -17,7 +18,7 @@ info: cwe-id: CWE-89 metadata: verified: "true" - tags: cve,cve2021,sqli,wordpress,wp-plugin,wp,wp-paytm-pay + tags: cve2021,sqli,wordpress,wp-plugin,wp,wp-paytm-pay,wpscan,cve requests: - raw: diff --git a/cves/2021/CVE-2021-24875.yaml b/cves/2021/CVE-2021-24875.yaml index a05bace62e..28e53177ba 100644 --- a/cves/2021/CVE-2021-24875.yaml +++ b/cves/2021/CVE-2021-24875.yaml @@ -17,7 +17,7 @@ info: cwe-id: CWE-79 metadata: verified: "true" - tags: cve,cve2022,xss,wp,wordpress,wp-plugin,ecommerce-product-catalog,authenticated + tags: wp,authenticated,wpscan,ecommerce-product-catalog,cve,cve2022,xss,wordpress,wp-plugin requests: - raw: diff --git a/cves/2021/CVE-2021-24931.yaml b/cves/2021/CVE-2021-24931.yaml index 7c1088f562..4bbf89759f 100644 --- a/cves/2021/CVE-2021-24931.yaml +++ b/cves/2021/CVE-2021-24931.yaml @@ -6,11 +6,11 @@ info: severity: critical description: | The Secure Copy Content Protection and Content Locking WordPress plugin before 2.8.2 does not escape the sccp_id parameter of the ays_sccp_results_export_file AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an SQL injection. - remediation: Fixed in version 2.8.2 reference: - https://wpscan.com/vulnerability/1cd52d61-af75-43ed-9b99-b46c471c4231 - https://wordpress.org/plugins/secure-copy-content-protection/ - https://nvd.nist.gov/vuln/detail/CVE-2021-24931 + remediation: Fixed in version 2.8.2 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 @@ -18,7 +18,7 @@ info: cwe-id: CWE-89 metadata: verified: "true" - tags: cve,cve2021,sqli,wordpress,wp-plugin,wp,secure-copy-content-protection,unauth + tags: wp-plugin,unauth,wpscan,cve2021,sqli,wordpress,cve,wp,secure-copy-content-protection requests: - raw: diff --git a/cves/2021/CVE-2021-25067.yaml b/cves/2021/CVE-2021-25067.yaml index 8379219a1c..4b5476a29c 100644 --- a/cves/2021/CVE-2021-25067.yaml +++ b/cves/2021/CVE-2021-25067.yaml @@ -18,7 +18,7 @@ info: cwe-id: CWE-79 metadata: verified: "true" - tags: cve,cve2021,xss,wordpress,wp-plugin,wp,page-builder-add,authenticated + tags: xss,wordpress,authenticated,wpscan,cve,cve2021,wp-plugin,wp,page-builder-add requests: - raw: diff --git a/cves/2021/CVE-2021-27520.yaml b/cves/2021/CVE-2021-27520.yaml index 016e509822..409ccb0c10 100644 --- a/cves/2021/CVE-2021-27520.yaml +++ b/cves/2021/CVE-2021-27520.yaml @@ -9,10 +9,17 @@ info: reference: - https://www.exploit-db.com/exploits/49943 - https://nvd.nist.gov/vuln/detail/CVE-2021-27520 + - https://github.com/fudforum/FUDforum/issues/2 + - http://packetstormsecurity.com/files/162942/FUDForum-3.1.0-Cross-Site-Scripting.html + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2021-27520 + cwe-id: CWE-79 metadata: - verified: "true" shodan-query: html:"FUDforum" - tags: cve,cve2021,xss,fuddorum + verified: "true" + tags: cve,cve2021,xss,fuddorum,edb requests: - method: GET diff --git a/cves/2022/CVE-2022-0693.yaml b/cves/2022/CVE-2022-0693.yaml index f61c3eb9f7..be25a6da49 100644 --- a/cves/2022/CVE-2022-0693.yaml +++ b/cves/2022/CVE-2022-0693.yaml @@ -17,7 +17,7 @@ info: cwe-id: CWE-89 metadata: verified: "true" - tags: cve,cve2022,sqli,wordpress,wp-plugin,wp,master-elements,unauth + tags: unauth,wpscan,wp-plugin,wp,sqli,wordpress,master-elements,cve,cve2022 requests: - raw: diff --git a/cves/2022/CVE-2022-0760.yaml b/cves/2022/CVE-2022-0760.yaml index 9369addbf8..57dbae11c3 100644 --- a/cves/2022/CVE-2022-0760.yaml +++ b/cves/2022/CVE-2022-0760.yaml @@ -17,7 +17,7 @@ info: cwe-id: CWE-89 metadata: verified: "true" - tags: cve,cve2022,sqli,wordpress,wp-plugin,wp,simple-link-directory,unauth + tags: cve,cve2022,sqli,wordpress,wp-plugin,wp,simple-link-directory,unauth,wpscan requests: - raw: diff --git a/cves/2022/CVE-2022-0949.yaml b/cves/2022/CVE-2022-0949.yaml index fd2a4a4d54..24fcb69790 100644 --- a/cves/2022/CVE-2022-0949.yaml +++ b/cves/2022/CVE-2022-0949.yaml @@ -18,7 +18,7 @@ info: cwe-id: CWE-89 metadata: verified: "true" - tags: cve,cve2022,sqli,wordpress,wp-plugin,wp,stopbadbots,unauth + tags: cve,stopbadbots,wp-plugin,wp,unauth,wpscan,cve2022,sqli,wordpress variables: IP: '{{rand_ip("1.1.1.0/24")}}' diff --git a/cves/2022/CVE-2022-1013.yaml b/cves/2022/CVE-2022-1013.yaml index 0889ee7328..52a4159065 100644 --- a/cves/2022/CVE-2022-1013.yaml +++ b/cves/2022/CVE-2022-1013.yaml @@ -18,7 +18,7 @@ info: cwe-id: CWE-89 metadata: verified: "true" - tags: cve,cve2022,sqli,wordpress,wp-plugin,wp,personal-dictionary,unauth + tags: wp,unauth,wpscan,cve,cve2022,sqli,wordpress,wp-plugin,personal-dictionary requests: - raw: diff --git a/cves/2022/CVE-2022-3934.yaml b/cves/2022/CVE-2022-3934.yaml index e2abea2dd3..9fc8e3518f 100644 --- a/cves/2022/CVE-2022-3934.yaml +++ b/cves/2022/CVE-2022-3934.yaml @@ -17,7 +17,7 @@ info: cwe-id: CWE-79 metadata: verified: "true" - tags: cve,cve2022,xss,flatpm,wordpress,wp-plugin,authenticated + tags: authenticated,wpscan,cve,cve2022,xss,flatpm,wordpress,wp-plugin requests: - raw: diff --git a/cves/2022/CVE-2022-4060.yaml b/cves/2022/CVE-2022-4060.yaml index d873525362..18a29f9618 100644 --- a/cves/2022/CVE-2022-4060.yaml +++ b/cves/2022/CVE-2022-4060.yaml @@ -17,7 +17,7 @@ info: cwe-id: CWE-94 metadata: verified: "true" - tags: cve,cve2022,rce,wordpress,wp-plugin,wp,wp-upg,unauth + tags: unauth,wpscan,cve2022,rce,wordpress,wp-plugin,wp,cve,wp-upg requests: - method: GET diff --git a/cves/2022/CVE-2022-4063.yaml b/cves/2022/CVE-2022-4063.yaml index 22a8aed2aa..620353b6f3 100644 --- a/cves/2022/CVE-2022-4063.yaml +++ b/cves/2022/CVE-2022-4063.yaml @@ -18,7 +18,7 @@ info: cwe-id: CWE-22 metadata: verified: "true" - tags: cve,cve2022,lfi,wordpress,wp-plugin,wp,inpost-gallery,unauth + tags: cve,wp-plugin,wp,inpost-gallery,cve2022,lfi,wordpress,unauth,wpscan requests: - method: GET diff --git a/cves/2022/CVE-2022-46888.yaml b/cves/2022/CVE-2022-46888.yaml index 8c62092fbe..9fd31b9c58 100644 --- a/cves/2022/CVE-2022-46888.yaml +++ b/cves/2022/CVE-2022-46888.yaml @@ -9,9 +9,15 @@ info: reference: - https://www.surecloud.com/resources/blog/nexusphp-surecloud-security-review-identifies-authenticated-unauthenticated-vulnerabilities - https://nvd.nist.gov/vuln/detail/CVE-2022-46888 + - https://github.com/xiaomlove/nexusphp/releases/tag/v1.7.33 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2022-46888 + cwe-id: CWE-79 metadata: - verified: true shodan-query: http.favicon.hash:-582931176 + verified: "true" tags: cve,cve2022,nexus,php,nexusphp,xss requests: diff --git a/cves/2023/CVE-2023-23492.yaml b/cves/2023/CVE-2023-23492.yaml index fd89aeafcc..e5fdea20f6 100644 --- a/cves/2023/CVE-2023-23492.yaml +++ b/cves/2023/CVE-2023-23492.yaml @@ -3,7 +3,7 @@ id: CVE-2023-23492 info: name: Login with Phone Number - Cross-Site Scripting author: r3Y3r53 - severity: medium + severity: high description: | Login with Phone Number, versions < 1.4.2, is affected by an reflected XSS vulnerability in the login-with-phonenumber.php' file in the 'lwp_forgot_password()' function. reference: @@ -11,10 +11,13 @@ info: - https://www.tenable.com/security/research/tra-2023-3 - https://nvd.nist.gov/vuln/detail/CVE-2023-23492 classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 cve-id: CVE-2023-23492 + cwe-id: CWE-89 metadata: verified: "true" - tags: cve,cve2023,login-with-phonenumber,wordpress,wp,wp-plugin,xss + tags: login-with-phonenumber,wordpress,wp,wp-plugin,xss,tenable,cve,cve2023 requests: - method: GET diff --git a/vulnerabilities/wordpress/3d-print-lite-xss.yaml b/vulnerabilities/wordpress/3d-print-lite-xss.yaml index 8bf6c1c917..2a0851fd76 100644 --- a/vulnerabilities/wordpress/3d-print-lite-xss.yaml +++ b/vulnerabilities/wordpress/3d-print-lite-xss.yaml @@ -12,7 +12,7 @@ info: - https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-3dprint-lite-cross-site-scripting-1-9-1-5/ metadata: verified: "true" - tags: xss,wordpress,wp-plugin,wp,3dprint,lite,authenticated + tags: 3dprint,lite,authenticated,wpscan,xss,wordpress,wp-plugin,wp requests: - raw: diff --git a/vulnerabilities/wordpress/wp-touch-redirect.yaml b/vulnerabilities/wordpress/wp-touch-redirect.yaml index 5078a00b94..4fa8bbb316 100644 --- a/vulnerabilities/wordpress/wp-touch-redirect.yaml +++ b/vulnerabilities/wordpress/wp-touch-redirect.yaml @@ -11,7 +11,7 @@ info: metadata: verified: "true" google-query: "inurl:/wp-content/plugins/wptouch" - tags: wptouch,unauth,redirect,wordpress,wp-plugin,wp + tags: wp-plugin,wp,packetstorm,wptouch,unauth,redirect,wordpress requests: - method: GET