diff --git a/cves/2016/CVE-2016-1000128.yaml b/cves/2016/CVE-2016-1000128.yaml index b3dea4bf0d..27d47c8577 100644 --- a/cves/2016/CVE-2016-1000128.yaml +++ b/cves/2016/CVE-2016-1000128.yaml @@ -4,7 +4,10 @@ info: name: anti-plagiarism <= 3.60 - Reflected Cross-Site Scripting (XSS) author: daffainfo severity: medium - reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000128 + description: Reflected XSS in wordpress plugin anti-plagiarism v3.60 + reference: | + - http://www.vapidlabs.com/wp/wp_advisory.php?v=161 + - https://wordpress.org/plugins/anti-plagiarism tags: cve,cve2016,wordpress,xss,wp-plugin requests: diff --git a/cves/2019/CVE-2019-16332.yaml b/cves/2019/CVE-2019-16332.yaml index 7a1a0b7835..3a7b34ee93 100644 --- a/cves/2019/CVE-2019-16332.yaml +++ b/cves/2019/CVE-2019-16332.yaml @@ -5,7 +5,9 @@ info: author: daffainfo severity: medium description: In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS. - reference: https://nvd.nist.gov/vuln/detail/CVE-2019-16332 + reference: | + - https://plugins.trac.wordpress.org/changeset/2152730 + - https://wordpress.org/plugins/api-bearer-auth/#developers tags: cve,cve2019,wordpress,xss,wp-plugin requests: diff --git a/cves/2019/CVE-2019-3401.yaml b/cves/2019/CVE-2019-3401.yaml index 929a402725..9c2a7c4819 100644 --- a/cves/2019/CVE-2019-3401.yaml +++ b/cves/2019/CVE-2019-3401.yaml @@ -3,8 +3,10 @@ id: CVE-2019-3401 info: name: Atlassian JIRA Information Exposure (CVE-2019-3401) author: TechbrunchFR,milo2012 + description: The ManageFilters.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check. severity: info tags: cve,cve2019,jira,atlassian + reference: https://jira.atlassian.com/browse/JRASERVER-69244 requests: - method: GET diff --git a/cves/2020/CVE-2020-35489.yaml b/cves/2020/CVE-2020-35489.yaml index 82d8a2fef0..bac1875c05 100644 --- a/cves/2020/CVE-2020-35489.yaml +++ b/cves/2020/CVE-2020-35489.yaml @@ -26,5 +26,11 @@ requests: - type: regex regex: - - '^= ([0-4]\.[0-9\.]+|5\.[0-2]|5\.[0-2]\.[0-9]+|5\.3\.[0-1]) =' + - '^== Changelog =="' + part: body + + - type: regex + regex: + - '^= (5\.3\.[2-9]+|5\.[4-9]+\.|[6-9]\.[0-9]+\.[0-9]+|1[0-9]+\.) =' + negative: true part: body \ No newline at end of file diff --git a/cves/2021/CVE-2021-21389.yaml b/cves/2021/CVE-2021-21389.yaml index a2d992ffd9..8470485e9e 100644 --- a/cves/2021/CVE-2021-21389.yaml +++ b/cves/2021/CVE-2021-21389.yaml @@ -7,7 +7,9 @@ info: description: The BuddyPress WordPress plugin was affected by an REST API Privilege Escalation to RCE reference: | - https://github.com/HoangKien1020/CVE-2021-21389 - - https://nvd.nist.gov/vuln/detail/CVE-2021-21389 + - https://buddypress.org/2021/03/buddypress-7-2-1-security-release/ + - https://codex.buddypress.org/releases/version-7-2-1/ + - https://github.com/buddypress/BuddyPress/security/advisories/GHSA-m6j4-8r7p-wpp3 tags: cve,cve2021,wordpress,wp-plugin,rce diff --git a/cves/2021/CVE-2021-24320.yaml b/cves/2021/CVE-2021-24320.yaml index 27ed4e29d1..90776f8a1c 100644 --- a/cves/2021/CVE-2021-24320.yaml +++ b/cves/2021/CVE-2021-24320.yaml @@ -5,7 +5,9 @@ info: author: daffainfo severity: medium description: The Bello - Directory & Listing WordPress theme before 1.6.0 did not properly sanitise and escape its listing_list_view, bt_bb_listing_field_my_lat, bt_bb_listing_field_my_lng, bt_bb_listing_field_distance_value, bt_bb_listing_field_my_lat_default, bt_bb_listing_field_keyword, bt_bb_listing_field_location_autocomplete, bt_bb_listing_field_price_range_from and bt_bb_listing_field_price_range_to parameter in ints listing page, leading to reflected Cross-Site Scripting issues. - reference: https://nvd.nist.gov/vuln/detail/CVE-2021-24320 + reference: | + - https://m0ze.ru/vulnerability/%5B2021-03-21%5D-%5BWordPress%5D-%5BCWE-79%5D-Bello-WordPress-Theme-v1.5.9.txt + - https://wpscan.com/vulnerability/6b5b42fd-028a-4405-b027-3266058029bb tags: cve,cve2021,wordpress,xss,wp-plugin requests: