Sandeep Singh
GitHub
commit
95ea269243
|
|
@ -4,7 +4,10 @@ info:
|
|||
name: anti-plagiarism <= 3.60 - Reflected Cross-Site Scripting (XSS)
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000128
|
||||
description: Reflected XSS in wordpress plugin anti-plagiarism v3.60
|
||||
reference: |
|
||||
- http://www.vapidlabs.com/wp/wp_advisory.php?v=161
|
||||
- https://wordpress.org/plugins/anti-plagiarism
|
||||
tags: cve,cve2016,wordpress,xss,wp-plugin
|
||||
|
||||
requests:
|
||||
|
|
|
|||
|
|
@ -5,7 +5,9 @@ info:
|
|||
author: daffainfo
|
||||
severity: medium
|
||||
description: In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS.
|
||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2019-16332
|
||||
reference: |
|
||||
- https://plugins.trac.wordpress.org/changeset/2152730
|
||||
- https://wordpress.org/plugins/api-bearer-auth/#developers
|
||||
tags: cve,cve2019,wordpress,xss,wp-plugin
|
||||
|
||||
requests:
|
||||
|
|
|
|||
|
|
@ -3,8 +3,10 @@ id: CVE-2019-3401
|
|||
info:
|
||||
name: Atlassian JIRA Information Exposure (CVE-2019-3401)
|
||||
author: TechbrunchFR,milo2012
|
||||
description: The ManageFilters.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.
|
||||
severity: info
|
||||
tags: cve,cve2019,jira,atlassian
|
||||
reference: https://jira.atlassian.com/browse/JRASERVER-69244
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
|||
|
|
@ -26,5 +26,11 @@ requests:
|
|||
|
||||
- type: regex
|
||||
regex:
|
||||
- '^= ([0-4]\.[0-9\.]+|5\.[0-2]|5\.[0-2]\.[0-9]+|5\.3\.[0-1]) ='
|
||||
- '^== Changelog =="'
|
||||
part: body
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- '^= (5\.3\.[2-9]+|5\.[4-9]+\.|[6-9]\.[0-9]+\.[0-9]+|1[0-9]+\.) ='
|
||||
negative: true
|
||||
part: body
|
||||
|
|
@ -7,7 +7,9 @@ info:
|
|||
description: The BuddyPress WordPress plugin was affected by an REST API Privilege Escalation to RCE
|
||||
reference: |
|
||||
- https://github.com/HoangKien1020/CVE-2021-21389
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-21389
|
||||
- https://buddypress.org/2021/03/buddypress-7-2-1-security-release/
|
||||
- https://codex.buddypress.org/releases/version-7-2-1/
|
||||
- https://github.com/buddypress/BuddyPress/security/advisories/GHSA-m6j4-8r7p-wpp3
|
||||
tags: cve,cve2021,wordpress,wp-plugin,rce
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -5,7 +5,9 @@ info:
|
|||
author: daffainfo
|
||||
severity: medium
|
||||
description: The Bello - Directory & Listing WordPress theme before 1.6.0 did not properly sanitise and escape its listing_list_view, bt_bb_listing_field_my_lat, bt_bb_listing_field_my_lng, bt_bb_listing_field_distance_value, bt_bb_listing_field_my_lat_default, bt_bb_listing_field_keyword, bt_bb_listing_field_location_autocomplete, bt_bb_listing_field_price_range_from and bt_bb_listing_field_price_range_to parameter in ints listing page, leading to reflected Cross-Site Scripting issues.
|
||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2021-24320
|
||||
reference: |
|
||||
- https://m0ze.ru/vulnerability/%5B2021-03-21%5D-%5BWordPress%5D-%5BCWE-79%5D-Bello-WordPress-Theme-v1.5.9.txt
|
||||
- https://wpscan.com/vulnerability/6b5b42fd-028a-4405-b027-3266058029bb
|
||||
tags: cve,cve2021,wordpress,xss,wp-plugin
|
||||
|
||||
requests:
|
||||
|
|
|
|||
Loading…
Reference in New Issue