diff --git a/cves/2021/CVE-2021-25063.yaml b/cves/2021/CVE-2021-25063.yaml index 781d1e51a4..e6e9a265ec 100644 --- a/cves/2021/CVE-2021-25063.yaml +++ b/cves/2021/CVE-2021-25063.yaml @@ -11,7 +11,7 @@ info: cvss-score: 6.10 cve-id: CVE-2021-25063 cwe-id: CWE-79 - tags: wordpress,wp-plugin,xss,contactform,wp,cve,cve2021 + tags: cve,cve2021wordpress,wp-plugin,xss,contactform,authenticated requests: - raw: diff --git a/cves/2022/CVE-2022-0149.yaml b/cves/2022/CVE-2022-0149.yaml index bcc9b09665..472598ec38 100644 --- a/cves/2022/CVE-2022-0149.yaml +++ b/cves/2022/CVE-2022-0149.yaml @@ -11,7 +11,7 @@ info: cvss-score: 6.10 cve-id: CVE-2022-0149 cwe-id: CWE-79 - tags: wordpress,wp-plugin,xss,woocommerce,cve,cve2022 + tags: cve,cve2022,wordpress,wp-plugin,xss,woocommerce,authenticated requests: - raw: diff --git a/vulnerabilities/wordpress/easy-social-feed.yaml b/vulnerabilities/wordpress/easy-social-feed.yaml index d92351aa95..d47eee16ee 100644 --- a/vulnerabilities/wordpress/easy-social-feed.yaml +++ b/vulnerabilities/wordpress/easy-social-feed.yaml @@ -6,7 +6,7 @@ info: severity: medium description: The plugin does not sanitise and escape a parameter before outputting back in an admin dashboard page, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged admin or editor. reference: https://wpscan.com/vulnerability/6dd00198-ef9b-4913-9494-e08a95e7f9a0 - tags: wordpress,wp-plugin,xss,wp + tags: wordpress,wp-plugin,xss,authenticated requests: - raw: diff --git a/vulnerabilities/wordpress/elex-woocommerce-xss.yaml b/vulnerabilities/wordpress/elex-woocommerce-xss.yaml index 4eaef6e57e..b8f690fce6 100644 --- a/vulnerabilities/wordpress/elex-woocommerce-xss.yaml +++ b/vulnerabilities/wordpress/elex-woocommerce-xss.yaml @@ -6,7 +6,7 @@ info: severity: medium description: The plugin does not sanitise or escape the search GET parameter before outputting back in the page, leading to a reflected Cross-Site Scripting issue, which will be executed in a logged in admin context. reference: https://wpscan.com/vulnerability/647448d6-32c0-4b38-a40a-3b54c55f4e2e - tags: wordpress,wp-plugin,xss,wp,woocommerce + tags: wordpress,wp-plugin,xss,authenticated,woocommerce requests: - raw: diff --git a/vulnerabilities/wordpress/feedwordpress-xss.yaml b/vulnerabilities/wordpress/feedwordpress-xss.yaml index 7e698cf3ac..81215e76ac 100644 --- a/vulnerabilities/wordpress/feedwordpress-xss.yaml +++ b/vulnerabilities/wordpress/feedwordpress-xss.yaml @@ -6,7 +6,7 @@ info: severity: medium description: The plugin is affected by a Reflected Cross-Site Scripting (XSS) within the "visibility" parameter. reference: https://wpscan.com/vulnerability/7ed050a4-27eb-4ecb-9182-1d8fa1e71571 - tags: wordpress,wp-plugin,xss,feedwordpress,wp + tags: wordpress,wp-plugin,xss,feedwordpress,authenticated requests: - raw: diff --git a/vulnerabilities/wordpress/my-chatbot-xss.yaml b/vulnerabilities/wordpress/my-chatbot-xss.yaml index 0b16c2e11c..bb9d481125 100644 --- a/vulnerabilities/wordpress/my-chatbot-xss.yaml +++ b/vulnerabilities/wordpress/my-chatbot-xss.yaml @@ -6,7 +6,7 @@ info: severity: medium description: The plugin does not sanitise or escape its tab parameter in the Settings page before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue. reference: https://wpscan.com/vulnerability/c0b6f63b-95d1-4782-9554-975d6d7bbd3d - tags: wordpress,wp-plugin,xss,wp + tags: wordpress,wp-plugin,xss,authenticated requests: - raw: diff --git a/vulnerabilities/wordpress/ninjaform-open-redirect.yaml b/vulnerabilities/wordpress/ninjaform-open-redirect.yaml index 56d4dba09a..bb9d46804c 100644 --- a/vulnerabilities/wordpress/ninjaform-open-redirect.yaml +++ b/vulnerabilities/wordpress/ninjaform-open-redirect.yaml @@ -6,7 +6,7 @@ info: severity: medium description: The wp_ajax_nf_oauth_connect AJAX action was vulnerable to open redirect due to the use of a user supplied redirect parameter and no protection in place. reference: https://wpscan.com/vulnerability/6147acf5-e43f-47e6-ab56-c9c8be584818 - tags: wordpress,redirect,wp-plugin,ninjaform,wp,authenticated + tags: wordpress,redirect,wp-plugin,ninjaform,authenticated requests: - raw: diff --git a/vulnerabilities/wordpress/wp-whmcs-xss.yaml b/vulnerabilities/wordpress/wp-whmcs-xss.yaml index 6bbc31e45d..28c799c391 100644 --- a/vulnerabilities/wordpress/wp-whmcs-xss.yaml +++ b/vulnerabilities/wordpress/wp-whmcs-xss.yaml @@ -6,7 +6,7 @@ info: severity: medium description: The plugin does not sanitise and escape the error parameter before outputting it back in admin dashboard, leading to a Reflected Cross-Site Scripting reference: https://wpscan.com/vulnerability/4aae2dd9-8d51-4633-91bc-ddb53ca3471c - tags: wordpress,wp-plugin,wp,whmcs,xss + tags: wordpress,wp-plugin,authenticated,whmcs,xss requests: - raw: