diff --git a/cves/2021/CVE-2021-24146.yaml b/cves/2021/CVE-2021-24146.yaml index 3b9fa118f5..483136159e 100644 --- a/cves/2021/CVE-2021-24146.yaml +++ b/cves/2021/CVE-2021-24146.yaml @@ -1,13 +1,14 @@ id: CVE-2021-24146 info: - name: Modern Events Calendar Lite < 5.16.5 - Unauthenticated Events Export + name: WordPress Modern Events Calendar Lite <5.16.5 - Sensitive Information Disclosure author: random_robbie severity: high - description: Lack of authorisation checks in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format for example. + description: WordPress Modern Events Calendar Lite before 5.16.5 does not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format. reference: - https://wpscan.com/vulnerability/c7b1ebd6-3050-4725-9c87-0ea525f8fecc - http://packetstormsecurity.com/files/163345/WordPress-Modern-Events-Calendar-5.16.2-Information-Disclosure.html + - https://nvd.nist.gov/vuln/detail/CVE-2021-24146 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N cvss-score: 7.5 @@ -32,3 +33,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/06/22 diff --git a/cves/2021/CVE-2021-24226.yaml b/cves/2021/CVE-2021-24226.yaml index 80cb8fab90..53828a49bf 100644 --- a/cves/2021/CVE-2021-24226.yaml +++ b/cves/2021/CVE-2021-24226.yaml @@ -1,11 +1,10 @@ id: CVE-2021-24226 info: - name: AccessAlly < 3.5.7 - $_SERVER Superglobal Leakage + name: AccessAlly <3.5.7 - Sensitive Information Leakage author: dhiyaneshDK severity: high - description: In the AccessAlly WordPress plugin before 3.5.7, the file \"resource/frontend/product/product-shortcode.php\" responsible for the [accessally_order_form] shortcode is dumping serialize($_SERVER), which - contains all environment variables. The leakage occurs on all public facing pages containing the [accessally_order_form] shortcode, no login or administrator role is required. + description: WordPress AccessAlly plugin before 3.5.7 allows sensitive information leakage because the file \"resource/frontend/product/product-shortcode.php\" (which is responsible for the [accessally_order_form] shortcode) dumps serialize($_SERVER), which contains all environment variables. The leakage occurs on all public facing pages containing the [accessally_order_form] shortcode, and no login or administrator role is required. reference: - https://wpscan.com/vulnerability/8e3e89fd-e380-4108-be23-00e87fbaad16 - https://nvd.nist.gov/vuln/detail/CVE-2021-24226 @@ -32,3 +31,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/06/22 diff --git a/cves/2021/CVE-2021-24278.yaml b/cves/2021/CVE-2021-24278.yaml index 05508a9689..db00615e37 100644 --- a/cves/2021/CVE-2021-24278.yaml +++ b/cves/2021/CVE-2021-24278.yaml @@ -1,14 +1,14 @@ id: CVE-2021-24278 info: - name: Redirection for Contact Form 7 < 2.3.4 - Unauthenticated Arbitrary Nonce Generation + name: WordPress Contact Form 7 <2.3.4 - Arbitrary Nonce Generation author: 2rs3c severity: high - description: In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, unauthenticated users can use the wpcf7r_get_nonce AJAX action to retrieve a valid nonce for any WordPress action/function. + description: WordPress Contact Form 7 before version 2.3.4 allows unauthenticated users to use the wpcf7r_get_nonce AJAX action to retrieve a valid nonce for any WordPress action/function. reference: - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24278 - https://wpscan.com/vulnerability/99f30604-d62b-4e30-afcd-b482f8d66413 - https://www.wordfence.com/blog/2021/04/severe-vulnerabilities-patched-in-redirection-for-contact-form-7-plugin/ + - https://nvd.nist.gov/vuln/detail/CVE-2021-24278 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 @@ -43,4 +43,6 @@ requests: - type: regex part: body regex: - - '"nonce":"[a-f0-9]+"' \ No newline at end of file + - '"nonce":"[a-f0-9]+"' + +# Enhanced by mp on 2022/06/22 diff --git a/cves/2021/CVE-2021-24340.yaml b/cves/2021/CVE-2021-24340.yaml index d23a363deb..83981c0099 100644 --- a/cves/2021/CVE-2021-24340.yaml +++ b/cves/2021/CVE-2021-24340.yaml @@ -1,15 +1,16 @@ id: CVE-2021-24340 info: - name: WordPress Plugin WP Statistics < 13.0.8 - Unauthenticated Time-Based Blind SQL Injection + name: WordPress Statistics <13.0.8 - Blind SQL Injection author: lotusdll severity: high - description: The WP Statistic WordPress plugin was affected by an Unauthenticated Time-Based Blind SQL Injection security vulnerability. + description: WordPress Statistic plugin versions prior to version 13.0.8 are affected by an unauthenticated time-based blind SQL injection vulnerability. reference: - https://www.exploit-db.com/exploits/49894 - https://www.wordfence.com/blog/2021/05/over-600000-sites-impacted-by-wp-statistics-patch/ - https://github.com/Udyz/WP-Statistics-BlindSQL - https://wpscan.com/vulnerability/d2970cfb-0aa9-4516-9a4b-32971f41a19c + - https://nvd.nist.gov/vuln/detail/CVE-2021-24340 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 @@ -49,3 +50,5 @@ requests: - type: dsl dsl: - compare_versions(version, '< 13.0.8') + +# Enhanced by mp on 2022/06/22 diff --git a/cves/2021/CVE-2021-24750.yaml b/cves/2021/CVE-2021-24750.yaml index 9e34e7e0ac..5cd49508c5 100644 --- a/cves/2021/CVE-2021-24750.yaml +++ b/cves/2021/CVE-2021-24750.yaml @@ -1,15 +1,15 @@ id: CVE-2021-24750 info: - name: WP Visitor Statistics (Real Time Traffic) WordPress plugin before 4.8 SQLI + name: WordPress Visitor Statistics (Real Time Traffic) <4.8 -SQL Injection author: cckuakilong severity: high - description: The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 4.8 does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which could allow users with a role as low as subscriber to perform SQL injection attacks. + description: WordPress Visitor Statistics (Real Time Traffic) plugin before 4.8 does not properly sanitize and escape the refUrl in the refDetails AJAX action, which is available to any authenticated user. This could allow users with a role as low as subscriber to perform SQL injection attacks. reference: - https://github.com/fimtow/CVE-2021-24750/blob/master/exploit.py - - https://nvd.nist.gov/vuln/detail/CVE-2021-24750 - https://wpscan.com/vulnerability/7528aded-b8c9-4833-89d6-9cd7df3620de - https://plugins.trac.wordpress.org/changeset/2622268 + - https://nvd.nist.gov/vuln/detail/CVE-2021-24750 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.8 @@ -43,3 +43,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/06/22 diff --git a/cves/2021/CVE-2021-3017.yaml b/cves/2021/CVE-2021-3017.yaml index 7a07931362..9dc06e0212 100644 --- a/cves/2021/CVE-2021-3017.yaml +++ b/cves/2021/CVE-2021-3017.yaml @@ -1,7 +1,7 @@ id: CVE-2021-3017 info: - name: Intelbras WIN 300/WRN 342 Credential Disclosure + name: Intelbras WIN 300/WRN 342 - Credentials Disclosure author: pikpikcu severity: high description: Intelbras WIN 300 and WRN 342 devices through 2021-01-04 allows remote attackers to discover credentials by reading the def_wirelesspassword line in the HTML source code. diff --git a/cves/2021/CVE-2021-46379.yaml b/cves/2021/CVE-2021-46379.yaml index a64ce02434..db866ee120 100644 --- a/cves/2021/CVE-2021-46379.yaml +++ b/cves/2021/CVE-2021-46379.yaml @@ -4,12 +4,11 @@ info: name: D-Link DIR850 ET850-1.08TRb03 - Open Redirect author: 0x_Akoko severity: medium - description: DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through URL redirection to untrusted site. + description: DLink DIR850 ET850-1.08TRb03 contains incorrect access control vulnerability in URL redirection, which can be used to mislead users to go to untrusted sites. reference: - - https://www.opencve.io/cve/CVE-2021-46379 + - https://nvd.nist.gov/vuln/detail/CVE-2021-46379 - https://drive.google.com/file/d/1rrlwnIxSHEoO4SMAHRPKZSRzK5MwZQRf/view - - https://www.cvedetails.com/cve/CVE-2021-46379 - - https://www.dlink.com/en/security-bulletin/ + - https://www.dlink.com/en/security-bulletin classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 @@ -29,3 +28,5 @@ requests: part: header regex: - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1 + +# Enhanced by cs 06/22/2022 diff --git a/cves/2022/CVE-2022-1904.yaml b/cves/2022/CVE-2022-1904.yaml index b1fc88e18e..21521ab7e8 100644 --- a/cves/2022/CVE-2022-1904.yaml +++ b/cves/2022/CVE-2022-1904.yaml @@ -4,7 +4,10 @@ info: name: Easy Pricing Tables < 3.2.1 - Reflected Cross-Site-Scripting author: Akincibor severity: medium - description: The plugin does not sanitise and escape parameter before outputting it back in a page available to any user (both authenticated and unauthenticated) when a specific setting is enabled, leading to a Reflected Cross-Site Scripting. + description: | + The plugin does not sanitize and escape parameter before reflecting it back in a page available to any user (both authenticated and unauthenticated) when a specific setting is enabled, leading to a reflected cross-site scripting. + classification: + cve-id: CVE-2022-1904 reference: - https://wpscan.com/vulnerability/92215d07-d129-49b4-a838-0de1a944c06b - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1904 diff --git a/cves/2022/CVE-2022-26148.yaml b/cves/2022/CVE-2022-26148.yaml index 315b0b25a8..145648a2d6 100644 --- a/cves/2022/CVE-2022-26148.yaml +++ b/cves/2022/CVE-2022-26148.yaml @@ -1,7 +1,7 @@ id: CVE-2022-26148 info: - name: Grafana & Zabbix Integration - Credential Disclosure + name: Grafana & Zabbix Integration - Credentials Disclosure author: Geekby severity: critical description: |