daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Auto Generated CVE annotations [Tue Feb 22 13:26:30 UTC 2022] 🤖

patch-1
GitHub Action 2022-02-22 13:26:30 +00:00
parent b466ac209f
commit 6411ca373f
2 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
cves/2021/CVE-2021-25028.yaml
View File

@ -3,10 +3,15 @@ id: CVE-2021-25028
info:
name: Event Tickets < 5.2.2 - Open Redirect
author: dhiyaneshDk
severity: low
severity: medium
description: The plugin does not validate the tribe_tickets_redirect_to parameter before redirecting the user to the given value, leading to an arbitrary redirect issue
reference: https://wpscan.com/vulnerability/80b0682e-2c3b-441b-9628-6462368e5fc7
tags: cve,cve2021,wordpress,redirect,wp-plugin,eventtickets
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2021-25028
cwe-id: CWE-601
requests:
- method: GET

5
cves/2021/CVE-2021-25074.yaml
View File

@ -7,6 +7,11 @@ info:
description: The plugin contains a file (passthru.php) which does not validate the src parameter before redirecting the user to it, leading to an Open Redirect issue.
reference: https://wpscan.com/vulnerability/f3c0a155-9563-4533-97d4-03b9bac83164
tags: cve,cve2021,wordpress,redirect,wp-plugin,webpconverter
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2021-25074
cwe-id: CWE-601
requests:
- method: GET