From e393196922ca69e98c31ed9a74de433f5a87086a Mon Sep 17 00:00:00 2001
From: GitHub Action <action@github.com>
Date: Tue, 21 Mar 2023 06:09:30 +0000
Subject: [PATCH] Auto Generated cves.json [Tue Mar 21 06:09:30 UTC 2023]
 :robot:

---
 cves.json              | 25 ++++++++++++++++++++++++-
 cves.json-checksum.txt |  2 +-
 2 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/cves.json b/cves.json
index 7bd18c22c2..8b5450947c 100644
--- a/cves.json
+++ b/cves.json
@@ -681,7 +681,7 @@
 {"ID":"CVE-2019-6112","Info":{"Name":"WordPress Sell Media 2.4.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Plugin Sell Media v2.4.1 contains a cross-site scripting vulnerability in /inc/class-search.php that allows remote attackers to inject arbitrary web script or HTML via the keyword parameter (aka $search_term or the Search field).","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2019/CVE-2019-6112.yaml"}
 {"ID":"CVE-2019-6340","Info":{"Name":"Drupal - Remote Code Execution","Severity":"high","Description":"Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10 V contain certain field types that do not properly sanitize data from non-form sources, which can lead to arbitrary PHP code execution in some cases.","Classification":{"CVSSScore":"8.1"}},"file_path":"cves/2019/CVE-2019-6340.yaml"}
 {"ID":"CVE-2019-6715","Info":{"Name":"W3 Total Cache 0.9.2.6-0.9.3 - Unauthenticated File Read / Directory Traversal","Severity":"high","Description":"WordPress plugin W3 Total Cache before version 0.9.4 allows remote attackers to read arbitrary files via the SubscribeURL field in SubscriptionConfirmation JSON data via pub/sns.php.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2019/CVE-2019-6715.yaml"}
-{"ID":"CVE-2019-6799","Info":{"Name":"CVE-2019-6799","Severity":"medium","Description":"An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allow_local_infile PHP configuration, and the inadvertent ignoring of \"options(MYSQLI_OPT_LOCAL_INFILE\" calls.\n","Classification":{"CVSSScore":"5.9"}},"file_path":"cves/2019/CVE-2019-6799.yaml"}
+{"ID":"CVE-2019-6799","Info":{"Name":"phpMyAdmin \u003c 4.8.5 - Local File Read","Severity":"medium","Description":"An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allow_local_infile PHP configuration, and the inadvertent ignoring of \"options(MYSQLI_OPT_LOCAL_INFILE\" calls.\n","Classification":{"CVSSScore":"5.9"}},"file_path":"cves/2019/CVE-2019-6799.yaml"}
 {"ID":"CVE-2019-6802","Info":{"Name":"Pypiserver 1.2.5 - CRLF Injection","Severity":"medium","Description":"CRLF Injection in pypiserver 1.2.5 and below allows attackers to set arbitrary HTTP headers and possibly conduct XSS attacks via a %0d%0a in a URI\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2019/CVE-2019-6802.yaml"}
 {"ID":"CVE-2019-7219","Info":{"Name":"Zarafa WebApp \u003c=2.0.1.47791 - Cross-Site Scripting","Severity":"medium","Description":"Zarafa WebApp 2.0.1.47791 and earlier contains an unauthenticated reflected cross-site scripting vulnerability. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2019/CVE-2019-7219.yaml"}
 {"ID":"CVE-2019-7238","Info":{"Name":"Sonatype Nexus Repository Manager  \u003c3.15.0 - Remote Code Execution","Severity":"critical","Description":"Sonatype Nexus Repository Manager before 3.15.0 is susceptible to remote code execution.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2019/CVE-2019-7238.yaml"}
@@ -723,6 +723,7 @@
 {"ID":"CVE-2020-11450","Info":{"Name":"MicroStrategy Web 10.4 - Information Disclosure","Severity":"high","Description":"MicroStrategy Web 10.4 is susceptible to information disclosure. The JVM configuration, CPU architecture, installation folder, and other information are exposed through /MicroStrategyWS/happyaxis.jsp. An attacker can use this vulnerability to learn more about the application environment and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2020/CVE-2020-11450.yaml"}
 {"ID":"CVE-2020-11455","Info":{"Name":"LimeSurvey 4.1.11 - Local File Inclusion","Severity":"critical","Description":"LimeSurvey before 4.1.12+200324 is vulnerable to local file inclusion because it contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2020/CVE-2020-11455.yaml"}
 {"ID":"CVE-2020-11529","Info":{"Name":"Grav \u003c1.7  - Open Redirect","Severity":"medium","Description":"Grav before 1.7 has an open redirect vulnerability via common/Grav.php. This is partially fixed in 1.6.23 and still present in 1.6.x.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2020/CVE-2020-11529.yaml"}
+{"ID":"CVE-2020-11530","Info":{"Name":"Chopslider \u003c= 3.4 - Unauthenticated Blind SQL Injection","Severity":"critical","Description":"A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in the id GET parameter supplied to get_script/index.php, and allows an attacker to execute arbitrary SQL queries in the context of the WP database user.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2020/CVE-2020-11530.yaml"}
 {"ID":"CVE-2020-11546","Info":{"Name":"SuperWebmailer 7.21.0.01526 - Remote Code Execution","Severity":"critical","Description":"SuperWebMailer 7.21.0.01526 is susceptible to a remote code execution vulnerability in the Language parameter of mailingupgrade.php. An unauthenticated remote attacker can exploit this behavior to execute arbitrary PHP code via Code Injection.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2020/CVE-2020-11546.yaml"}
 {"ID":"CVE-2020-11547","Info":{"Name":"PRTG Network Monitor \u003c 20.1.57.1745 - Information Disclosure","Severity":"medium","Description":"PRTG Network Monitor before 20.1.57.1745 allows remote unauthenticated attackers to obtain information about probes running or the server itself via an HTTP request.","Classification":{"CVSSScore":"5.3"}},"file_path":"cves/2020/CVE-2020-11547.yaml"}
 {"ID":"CVE-2020-11710","Info":{"Name":"Kong Admin \u003c=2.03 - Admin API Access","Severity":"critical","Description":"Kong Admin through 2.0.3 contains an issue via docker-kong which makes the admin API port accessible on interfaces other than 127.0.0.1.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2020/CVE-2020-11710.yaml"}
@@ -753,6 +754,7 @@
 {"ID":"CVE-2020-13942","Info":{"Name":"Apache Unomi \u003c1.5.2 - Remote Code Execution","Severity":"critical","Description":"Apache Unomi allows conditions to use OGNL and MVEL scripting which\noffers the possibility to call static Java classes from the JDK\nthat could execute code with the permission level of the running Java process.\nThis vulnerability affects all versions of Apache Unomi prior to 1.5.2.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2020/CVE-2020-13942.yaml"}
 {"ID":"CVE-2020-13945","Info":{"Name":"Apache APISIX - Insufficiently Protected Credentials","Severity":"medium","Description":"Apache APISIX 1.2, 1.3, 1.4, and 1.5 is susceptible to insufficiently protected credentials. An attacker can enable the Admin API and delete the Admin API access IP restriction rules. Eventually, the default token is allowed to access APISIX management data.","Classification":{"CVSSScore":"6.5"}},"file_path":"cves/2020/CVE-2020-13945.yaml"}
 {"ID":"CVE-2020-14092","Info":{"Name":"WordPress PayPal Pro \u003c1.1.65 - SQL Injection","Severity":"critical","Description":"WordPress PayPal Pro plugin before 1.1.65 is susceptible to SQL injection via the 'query' parameter which allows for any unauthenticated user to perform SQL queries with the results output to a web page in JSON format.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2020/CVE-2020-14092.yaml"}
+{"ID":"CVE-2020-14144","Info":{"Name":"Gitea Git Hooks Remote Code Execution","Severity":"high","Description":"The git hook feature in Gitea 1.1.0 through 1.12.5 might allow for authenticated remote code execution in customer environments where the documentation was not understood (e.g., one viewpoint is that the dangerousness of this feature should be documented immediately above the ENABLE_GIT_HOOKS line in the config file). NOTE: The vendor has indicated this is not a vulnerability and states \"This is a functionality of the software that is limited to a very limited subset of accounts. If you give someone the privilege to execute arbitrary code on your server, they can execute arbitrary code on your server. We provide very clear warnings to users around this functionality and what it provides.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"cves/2020/CVE-2020-14144.yaml"}
 {"ID":"CVE-2020-14179","Info":{"Name":"Atlassian Jira Server/Data Center \u003c8.5.8/8.6.0 - 8.11.1 - Information Disclosure","Severity":"medium","Description":"Atlassian Jira Server and Data Center before 8.5.8 and 8.6.0 through 8.11.1 are susceptible to information disclosure via the /secure/QueryComponent!Default.jspa endpoint. An attacker can view custom field names and custom SLA names.","Classification":{"CVSSScore":"5.3"}},"file_path":"cves/2020/CVE-2020-14179.yaml"}
 {"ID":"CVE-2020-14181","Info":{"Name":"User enumeration via insecure Jira endpoint","Severity":"medium","Description":"Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the /ViewUserHover.jspa endpoint. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, and from version 8.6.0 before 8.12.0.","Classification":{"CVSSScore":"5.3"}},"file_path":"cves/2020/CVE-2020-14181.yaml"}
 {"ID":"CVE-2020-14408","Info":{"Name":"Agentejo Cockpit 0.10.2 - Cross-Site Scripting","Severity":"medium","Description":"Agentejo Cockpit 0.10.2 contains a reflected cross-site scripting vulnerability due to insufficient sanitization of the to parameter in the /auth/login route, which allows for injection of arbitrary JavaScript code into a web page's content.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2020/CVE-2020-14408.yaml"}
@@ -768,6 +770,7 @@
 {"ID":"CVE-2020-15500","Info":{"Name":"TileServer GL \u003c=3.0.0 - Cross-Site Scripting","Severity":"medium","Description":"TileServer GL through 3.0.0 is vulnerable to reflected cross-site scripting via server.js  because the content of the key GET parameter is reflected unsanitized in an HTTP response for the application's main page.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2020/CVE-2020-15500.yaml"}
 {"ID":"CVE-2020-15505","Info":{"Name":"MobileIron Core \u0026 Connector \u003c= v10.6 \u0026 Sentry \u003c= v9.8 - Remote Code Execution","Severity":"critical","Description":"A remote code execution vulnerability in MobileIron Core \u0026 Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0; and Sentry versions 9.7.2 and earlier, and 9.8.0; and Monitor and Reporting Database (RDB) version 2.0.0.1 and earlier contain a vulnerability that allows remote attackers to execute arbitrary code via unspecified vectors.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2020/CVE-2020-15505.yaml"}
 {"ID":"CVE-2020-15568","Info":{"Name":"TerraMaster TOS \u003c.1.29 - Remote Code Execution","Severity":"critical","Description":"TerraMaster TOS before 4.1.29 has invalid parameter checking that leads to code injection as root. This is a dynamic class method invocation vulnerability in include/exportUser.php, in which an attacker can trigger a call to the exec method with (for example) OS commands in the opt parameter.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2020/CVE-2020-15568.yaml"}
+{"ID":"CVE-2020-15867","Info":{"Name":"Gogs Git Hooks - Remote Code Execution","Severity":"high","Description":"The git hook feature in Gogs 0.5.5 through 0.12.2 allows for authenticated remote code execution. There can be a privilege escalation if access to this hook feature is granted to a user who does not have administrative privileges.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"cves/2020/CVE-2020-15867.yaml"}
 {"ID":"CVE-2020-15895","Info":{"Name":"D-Link DIR-816L 2.x - Cross-Site Scripting","Severity":"medium","Description":"D-Link DIR-816L devices 2.x before 1.10b04Beta02 contains a cross-site scripting vulnerability. In the file webinc/js/info.php, no output filtration is applied to the RESULT parameter before being printed on the webpage. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can allow for theft of cookie-based authentication credentials and launch of other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2020/CVE-2020-15895.yaml"}
 {"ID":"CVE-2020-15920","Info":{"Name":"Mida eFramework \u003c=2.9.0 - Remote Command Execution","Severity":"critical","Description":"Mida eFramework through 2.9.0 allows an attacker to achieve remote code execution with administrative (root) privileges. No authentication is required.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2020/CVE-2020-15920.yaml"}
 {"ID":"CVE-2020-16139","Info":{"Name":"Cisco Unified IP Conference Station 7937G - Denial-of-Service","Severity":"high","Description":"Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers to restart the device remotely via specially crafted packets that can cause a denial-of-service condition. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being assigned to better serve our customers and ensure all who are still running this product understand that the product is end of life and should be removed or upgraded.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2020/CVE-2020-16139.yaml"}
@@ -900,6 +903,7 @@
 {"ID":"CVE-2020-6287","Info":{"Name":"SAP NetWeaver AS JAVA 7.30-7.50 - Remote Admin Addition","Severity":"critical","Description":"SAP NetWeaver AS JAVA (LM Configuration Wizard), versions 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create an administrative user, and therefore compromising Confidentiality, Integrity and Availability of the system.","Classification":{"CVSSScore":"10"}},"file_path":"cves/2020/CVE-2020-6287.yaml"}
 {"ID":"CVE-2020-6308","Info":{"Name":"SAP - Unauthenticated Blind SSRF","Severity":"medium","Description":"SAP BusinessObjects Business Intelligence Platform (Web Services) versions - 410, 420, 430, allows an unauthenticated attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful exploitation, attacker can scan internal network to determine internal infrastructure and gather information for further attacks like remote file inclusion, retrieve server files, bypass firewall and force the vulnerable server to perform malicious requests, resulting in a Server-Side Request Forgery vulnerability.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"cves/2020/CVE-2020-6308.yaml"}
 {"ID":"CVE-2020-6637","Info":{"Name":"OpenSIS 7.3 - SQL Injection","Severity":"critical","Description":"OpenSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2020/CVE-2020-6637.yaml"}
+{"ID":"CVE-2020-7107","Info":{"Name":"Ultimate FAQ \u003c 1.8.30 - Cross Site Scripting","Severity":"medium","Description":"The Ultimate FAQ plugin before 1.8.30 for WordPress allows XSS via Display_FAQ to Shortcodes/DisplayFAQs.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2020/CVE-2020-7107.yaml"}
 {"ID":"CVE-2020-7136","Info":{"Name":"HPE Smart Update Manager \u003c 8.5.6 - Remote Unauthorized Access","Severity":"critical","Description":"HPE Smart Update Manager (SUM) prior to version 8.5.6 could allow remote unauthorized access.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2020/CVE-2020-7136.yaml"}
 {"ID":"CVE-2020-7209","Info":{"Name":"LinuxKI Toolset \u003c= 6.01 - Remote Command Execution","Severity":"critical","Description":"LinuxKI v6.0-1 and earlier are vulnerable to remote code execution.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2020/CVE-2020-7209.yaml"}
 {"ID":"CVE-2020-7247","Info":{"Name":"OpenSMTPD 6.4.0-6.6.1 - Remote Code Execution","Severity":"critical","Description":"OpenSMTPD versions 6.4.0 - 6.6.1 are susceptible to remote code execution. smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the \"uncommented\" default configuration. The issue exists because of an incorrect return value upon failure of input validation.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2020/CVE-2020-7247.yaml"}
@@ -1029,6 +1033,8 @@
 {"ID":"CVE-2021-24389","Info":{"Name":"WordPress FoodBakery \u003c2.2 - Cross-Site Scripting","Severity":"medium","Description":"WordPress FoodBakery before 2.2 contains an unauthenticated reflected cross-site scripting vulnerability. It does not properly sanitize the foodbakery_radius parameter before outputting it back in the response.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24389.yaml"}
 {"ID":"CVE-2021-24406","Info":{"Name":"WordPress wpForo Forum \u003c 1.9.7 - Open Redirect","Severity":"medium","Description":"WordPress wpForo Forum \u003c 1.9.7 is susceptible to an open redirect vulnerability because the plugin did not validate the redirect_to parameter in the login form of the forum, leading to an open redirect issue after a successful login.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24406.yaml"}
 {"ID":"CVE-2021-24407","Info":{"Name":"WordPress Jannah Theme \u003c5.4.5 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Jannah theme before 5.4.5 contains a reflected cross-site scripting vulnerability. It does not properly sanitize the 'query' POST parameter in its tie_ajax_search AJAX action.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24407.yaml"}
+{"ID":"CVE-2021-24436","Info":{"Name":"W3 Total Cache \u003c 2.1.3 - Reflected XSS in Extensions Page","Severity":"medium","Description":"The W3 Total Cache WordPress plugin before 2.1.4 was vulnerable to a reflected Cross-Site Scripting (XSS) security vulnerability within the \"extension\" parameter in the Extensions dashboard, which is output in an attribute without being escaped first. This could allow an attacker, who can convince an authenticated admin into clicking a link, to run malicious JavaScript within the user's web browser, which could lead to full site compromise.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24436.yaml"}
+{"ID":"CVE-2021-24452","Info":{"Name":"W3 Total Cache \u003c 2.1.5 - Cross-Site Scripting","Severity":"medium","Description":"The W3 Total Cache WordPress plugin before 2.1.5 was affected by a reflected Cross-Site Scripting (XSS) issue within the \"extension\" parameter in the Extensions dashboard, when the 'Anonymously track usage to improve product quality' setting is enabled, as the parameter is output in a JavaScript context without proper escaping. This could allow an attacker, who can convince an authenticated admin into clicking a link, to run malicious JavaScript within the user's web browser, which could lead to full site compromise.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24452.yaml"}
 {"ID":"CVE-2021-24472","Info":{"Name":"Onair2 \u003c 3.9.9.2 \u0026 KenthaRadio \u003c 2.0.2 - Remote File Inclusion/Server-Side Request Forgery","Severity":"critical","Description":"Onair2 \u003c 3.9.9.2 and KenthaRadio \u003c 2.0.2  have exposed proxy functionality to unauthenticated users. Sending requests to this proxy functionality will have the web server fetch and display the content from any URI, allowing remote file inclusion and server-side request forgery.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-24472.yaml"}
 {"ID":"CVE-2021-24488","Info":{"Name":"WordPress Post Grid \u003c2.1.8 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Post Grid plugin before 2.1.8 contains a reflected cross-site scripting vulnerability. The slider import search feature and tab parameter of thesettings are not properly sanitized before being output back in the pages,","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24488.yaml"}
 {"ID":"CVE-2021-24495","Info":{"Name":"Wordpress Marmoset Viewer \u003c1.9.3 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Marmoset Viewer plugin before 1.9.3 contains a cross-site scripting vulnerability. It does not property sanitize, validate, or escape the 'id' parameter before outputting back in the page.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24495.yaml"}
@@ -1041,6 +1047,7 @@
 {"ID":"CVE-2021-24762","Info":{"Name":"WordPress Perfect Survey\u003c1.5.2 - SQL Injection","Severity":"critical","Description":"Perfect Survey WordPress plugin before 1.5.2 does not validate and escape the question_id GET parameter before using it in a SQL statement in the get_question AJAX action, allowing unauthenticated users to perform SQL injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-24762.yaml"}
 {"ID":"CVE-2021-24827","Info":{"Name":"WordPress Asgaros Forum \u003c1.15.13 - SQL Injection","Severity":"critical","Description":"WordPress Asgaros Forum plugin before 1.15.13 is susceptible to SQL injection. The plugin does not validate and escape user input when subscribing to a topic before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-24827.yaml"}
 {"ID":"CVE-2021-24838","Info":{"Name":"WordPress AnyComment \u003c0.3.5 - Open Redirect","Severity":"medium","Description":"WordPress AnyComment plugin before 0.3.5 contains an open redirect vulnerability via an API endpoint which passes user input via the redirect parameter to the wp_redirect() function without being validated. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24838.yaml"}
+{"ID":"CVE-2021-24862","Info":{"Name":"RegistrationMagic \u003c 5.0.1.6 - Admin+ SQL Injection","Severity":"high","Description":"The RegistrationMagic WordPress plugin before 5.0.1.6 does not escape user input in its rm_chronos_ajax AJAX action before using it in a SQL statement when duplicating tasks in batches, which could lead to a SQL injection issue.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"cves/2021/CVE-2021-24862.yaml"}
 {"ID":"CVE-2021-24875","Info":{"Name":"WordPress eCommerce Product Catalog \u003c3.0.39 - Cross-Site Scripting","Severity":"medium","Description":"WordPress eCommerce Product Catalog plugin before 3.0.39 contains a cross-site scripting vulnerability. The plugin does not escape the ic-settings-search parameter before outputting it back in the page in an attribute. This can allow an attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24875.yaml"}
 {"ID":"CVE-2021-24891","Info":{"Name":"WordPress Elementor Website Builder \u003c3.1.4 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Elementor Website Builder plugin before 3.1.4 contains a DOM cross-site scripting vulnerability. It does not sanitize or escape user input appended to the DOM via a malicious hash.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24891.yaml"}
 {"ID":"CVE-2021-24910","Info":{"Name":"WordPress Transposh Translation \u003c1.0.8 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Transposh Translation plugin before 1.0.8 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the a parameter via an AJAX action (available to both unauthenticated and authenticated users when the curl library is installed) before outputting it back in the response.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24910.yaml"}
@@ -1050,6 +1057,7 @@
 {"ID":"CVE-2021-24940","Info":{"Name":"WordPress Persian Woocommerce \u003c=5.8.0 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Persian Woocommerce plugin through 5.8.0 contains a cross-site scripting vulnerability. The plugin does not escape the s parameter before outputting it back in an attribute in the admin dashboard. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site and possibly steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24940.yaml"}
 {"ID":"CVE-2021-24946","Info":{"Name":"WordPress Modern Events Calendar \u003c6.1.5 - Blind SQL Injection","Severity":"critical","Description":"WordPress Modern Events Calendar plugin before 6.1.5 is susceptible to blind SQL injection. The plugin does not sanitize and escape the time parameter before using it in a SQL statement in the mec_load_single_page AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-24946.yaml"}
 {"ID":"CVE-2021-24947","Info":{"Name":"WordPress Responsive Vector Maps \u003c 6.4.2 - Arbitrary File Read","Severity":"medium","Description":"WordPress Responsive Vector Maps \u003c 6.4.2 contains an arbitrary file read vulnerability because the plugin does not have proper authorization and validation of the rvm_upload_regions_file_path parameter in the rvm_import_regions AJAX action, allowing any authenticated user to read arbitrary files on the web server.","Classification":{"CVSSScore":"6.5"}},"file_path":"cves/2021/CVE-2021-24947.yaml"}
+{"ID":"CVE-2021-24970","Info":{"Name":"All-In-One-Gallery - Local File Inclusion","Severity":"high","Description":"The All-in-One Video Gallery WordPress plugin before 2.5.0 does not sanitise and validate the tab parameter before using it in a require statement in the admin dashboard, leading to a Local File Inclusion issue\n","Classification":{"CVSSScore":"7.2"}},"file_path":"cves/2021/CVE-2021-24970.yaml"}
 {"ID":"CVE-2021-24987","Info":{"Name":"WordPress Super Socializer \u003c7.13.30 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Super Socializer plugin before 7.13.30 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the urls parameter in its the_champ_sharing_count AJAX action (available to both unauthenticated and authenticated users) before outputting it back in the response.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24987.yaml"}
 {"ID":"CVE-2021-24991","Info":{"Name":"WooCommerce PDF Invoices \u0026 Packing Slips WordPress Plugin \u003c 2.10.5 - Cross-Site Scripting","Severity":"medium","Description":"The Wordpress plugin WooCommerce PDF Invoices \u0026 Packing Slips before 2.10.5 does not escape the tab and section parameters before reflecting it an attribute, leading to a reflected cross-site scripting in the admin dashboard.","Classification":{"CVSSScore":"4.8"}},"file_path":"cves/2021/CVE-2021-24991.yaml"}
 {"ID":"CVE-2021-24997","Info":{"Name":"WordPress Guppy \u003c=1.1 - Information Disclosure","Severity":"medium","Description":"WordPress Guppy plugin through 1.1 is susceptible to an API disclosure vulnerability. This can allow an attacker to obtain all user IDs and then use them to make API requests to get messages sent between users and/or send messages posing as one user to another.","Classification":{"CVSSScore":"6.5"}},"file_path":"cves/2021/CVE-2021-24997.yaml"}
@@ -1112,6 +1120,7 @@
 {"ID":"CVE-2021-28164","Info":{"Name":"Jetty Authorization Before Parsing and Canonicalization","Severity":"medium","Description":"The default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"cves/2021/CVE-2021-28164.yaml"}
 {"ID":"CVE-2021-28169","Info":{"Name":"Jetty Utility Servlets Information Disclosure","Severity":"medium","Description":"For Eclipse Jetty versions \u003c= 9.4.40, \u003c= 10.0.2, \u003c= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"cves/2021/CVE-2021-28169.yaml"}
 {"ID":"CVE-2021-28377","Info":{"Name":"Joomla! ChronoForums 2.0.11 - Local File Inclusion","Severity":"medium","Description":"Joomla! ChronoForums 2.0.11 avatar function is vulnerable to local file inclusion through unauthenticated path traversal attacks. This enables an attacker to read arbitrary files, for example the Joomla! configuration file which contains credentials.","Classification":{"CVSSScore":"5.3"}},"file_path":"cves/2021/CVE-2021-28377.yaml"}
+{"ID":"CVE-2021-28419","Info":{"Name":"SEO Panel 4.8.0 - 'order_col' Blind SQL Injection","Severity":"high","Description":"The \"order_col\" parameter in archive.php of SEO Panel 4.8.0 is vulnerable to time-based blind SQL injection, which leads to the ability to retrieve all databases.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"cves/2021/CVE-2021-28419.yaml"}
 {"ID":"CVE-2021-28854","Info":{"Name":"VICIdial Sensitive Information Disclosure","Severity":"high","Description":"VICIdial's Web Client is susceptible to information disclosure because it contains many sensitive files that can be accessed from the client side. These files contain mysqli logs, auth logs, debug information, successful and unsuccessful login attempts with their corresponding IP's, User-Agents, credentials and much more. This information can be leveraged by an attacker to gain further access to VICIdial systems.","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2021/CVE-2021-28854.yaml"}
 {"ID":"CVE-2021-28918","Info":{"Name":"Netmask NPM Package - Server-Side Request Forgery","Severity":"critical","Description":"Netmask NPM Package is susceptible to server-side request forgery because of improper input validation of octal strings in netmask npm package. This allows unauthenticated remote attackers to perform indeterminate SSRF, remote file inclusion, and local file inclusion attacks on many of the dependent packages. A remote unauthenticated attacker can bypass packages relying on netmask to filter IPs and reach critical VPN or LAN hosts.","Classification":{"CVSSScore":"9.1"}},"file_path":"cves/2021/CVE-2021-28918.yaml"}
 {"ID":"CVE-2021-28937","Info":{"Name":"Acexy Wireless-N WiFi Repeater REV 1.0 - Repeater Password Disclosure","Severity":"high","Description":"Acexy Wireless-N WiFi Repeater REV 1.0 is vulnerable to password disclosure because the password.html page of the web management interface contains the administrator account password in plaintext.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2021/CVE-2021-28937.yaml"}
@@ -1317,6 +1326,7 @@
 {"ID":"CVE-2022-0165","Info":{"Name":"WordPress Page Builder KingComposer \u003c=2.9.6 - Open Redirect","Severity":"high","Description":"WordPress Page Builder KingComposer 2.9.6 and prior does not validate the id parameter before redirecting the user to it via the kc_get_thumbn AJAX action (which is available to both unauthenticated and authenticated users).","Classification":{"CVSSScore":"8.80"}},"file_path":"cves/2022/CVE-2022-0165.yaml"}
 {"ID":"CVE-2022-0189","Info":{"Name":"WordPress RSS Aggregator \u003c 4.20 - Authenticated Cross-Site Scripting","Severity":"medium","Description":"WordPress RSS Aggregator \u003c 4.20 is susceptible to cross-site scripting. The plugin does not sanitize and escape the id parameter in the wprss_fetch_items_row_action AJAX action before outputting it back in the response, leading to reflected cross-site scripting.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-0189.yaml"}
 {"ID":"CVE-2022-0201","Info":{"Name":"WordPress Permalink Manager \u003c2.2.15 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Permalink Manager Lite and Pro plugins before 2.2.15 contain a reflected cross-site scripting vulnerability. They do not sanitize and escape query parameters before outputting them back in the debug page.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-0201.yaml"}
+{"ID":"CVE-2022-0206","Info":{"Name":"NewStatPress \u003c 1.3.6 - Cross-Site Scripting","Severity":"medium","Description":"The plugin does not properly escape the whatX parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-0206.yaml"}
 {"ID":"CVE-2022-0208","Info":{"Name":"WordPress Plugin MapPress \u003c2.73.4 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Plugin MapPress before version 2.73.4 does not sanitize and escape the 'mapid' parameter before outputting it back in the \"Bad mapid\" error message, leading to reflected cross-site scripting.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-0208.yaml"}
 {"ID":"CVE-2022-0218","Info":{"Name":"HTML Email Template Designer \u003c 3.1 - Stored Cross-Site Scripting","Severity":"medium","Description":"WordPress Email Template Designer WP HTML Mail allows stored cross-site scripting through an unprotected REST-API endpoint.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-0218.yaml"}
 {"ID":"CVE-2022-0220","Info":{"Name":"WordPress GDPR \u0026 CCPA \u003c1.9.27 -  Cross-Site Scripting","Severity":"medium","Description":"WordPress GDPR \u0026 CCPA plugin before 1.9.27 contains a cross-site scripting vulnerability. The check_privacy_settings AJAX action, available to both unauthenticated and authenticated users, responds with JSON data without an \"application/json\" content-type, and JavaScript code may be executed on a victim's browser.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-0220.yaml"}
@@ -1329,6 +1339,7 @@
 {"ID":"CVE-2022-0378","Info":{"Name":"Microweber Cross-Site Scripting","Severity":"medium","Description":"Microweber contains a reflected cross-site scripting in Packagist microweber/microweber prior to 1.2.11.","Classification":{"CVSSScore":"5.4"}},"file_path":"cves/2022/CVE-2022-0378.yaml"}
 {"ID":"CVE-2022-0381","Info":{"Name":"WordPress Embed Swagger \u003c=1.0.0 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Embed Swagger plugin 1.0.0 and prior contains a reflected cross-site scripting vulnerability due to insufficient escaping/sanitization and validation via the url parameter found in the ~/swagger-iframe.php file, which allows attackers to inject arbitrary web scripts onto the page.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-0381.yaml"}
 {"ID":"CVE-2022-0412","Info":{"Name":"WordPress TI WooCommerce Wishlist \u003c1.40.1 - SQL Injection","Severity":"critical","Description":"WordPress TI WooCommerce Wishlist plugin before 1.40.1 contains a SQL injection vulnerability. The plugin does not sanitize and escape the item_id parameter before using it in a SQL statement via the wishlist/remove_product REST endpoint.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-0412.yaml"}
+{"ID":"CVE-2022-0415","Info":{"Name":"Gogs \u003c 0.12.6 - Remote Command Execution","Severity":"high","Description":"Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2022/CVE-2022-0415.yaml"}
 {"ID":"CVE-2022-0422","Info":{"Name":"WordPress White Label CMS \u003c2.2.9 - Cross-Site Scripting","Severity":"medium","Description":"WordPress White Label CMS plugin before 2.2.9 contains a reflected cross-site scripting vulnerability. It does not sanitize and validate the wlcms[_login_custom_js] parameter before outputting it back in the response while previewing.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-0422.yaml"}
 {"ID":"CVE-2022-0432","Info":{"Name":"Mastodon Prototype Pollution Vulnerability","Severity":"medium","Description":"The GitHub repository mastodon/mastodon prior to 3.5.0 contains a Prototype Pollution vulnerability.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-0432.yaml"}
 {"ID":"CVE-2022-0434","Info":{"Name":"WordPress Page Views Count \u003c2.4.15 - SQL Injection","Severity":"critical","Description":"WordPress Page Views Count plugin prior to 2.4.15 contains an unauthenticated SQL injection vulnerability.  It does not sanitise and escape the post_ids parameter before using it in a SQL statement via a REST endpoint. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-0434.yaml"}
@@ -1380,11 +1391,13 @@
 {"ID":"CVE-2022-1162","Info":{"Name":"GitLab CE/EE - Hardcoded password","Severity":"critical","Description":"A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts.  This template attempts to passively identify vulnerable versions of GitLab without the need for an exploit by matching unique hashes for the application-\u003chash\u003e.css file in the header for unauthenticated requests. Positive matches do not guarantee exploitability. Tooling to find relevant hashes based on the semantic version ranges specified in the CVE is linked in the references section below.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-1162.yaml"}
 {"ID":"CVE-2022-1168","Info":{"Name":"WordPress WP JobSearch \u003c1.5.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress WP JobSearch plugin prior to 1.5.1 contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-1168.yaml"}
 {"ID":"CVE-2022-1221","Info":{"Name":"WordPress Gwyn's Imagemap Selector \u003c=0.3.3 - Cross-Site Scripting","Severity":"medium","Description":"Wordpress Gwyn's Imagemap Selector plugin 0.3.3 and prior contains a reflected cross-site scripting vulnerability. It does not sanitize the id and class parameters before returning them back in attributes.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-1221.yaml"}
+{"ID":"CVE-2022-1329","Info":{"Name":"Elementor Website Builder Remote Code Execution Vulnerability","Severity":"high","Description":"The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the ~/core/app/modules/onboarding/module.php file that make it possible for attackers to modify site data in addition to uploading malicious files that can be used to obtain remote code execution, in versions 3.6.0 to 3.6.2.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2022/CVE-2022-1329.yaml"}
 {"ID":"CVE-2022-1386","Info":{"Name":"WordPress Fusion Builder \u003c 3.6.2 - Unauthenticated SSRF","Severity":"critical","Description":"The plugin, used in the Avada theme, does not validate a parameter in its forms which could be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. This could be used to interact with hosts on the server's local network bypassing firewalls and access control measures.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-1386.yaml"}
 {"ID":"CVE-2022-1388","Info":{"Name":"F5 BIG-IP iControl - REST Auth Bypass RCE","Severity":"critical","Description":"F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, may allow undisclosed requests to bypass iControl REST authentication.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-1388.yaml"}
 {"ID":"CVE-2022-1390","Info":{"Name":"WordPress Admin Word Count Column 2.2 - Local File Inclusion","Severity":"critical","Description":"The plugin does not validate the path parameter given to readfile(), which could allow unauthenticated attackers to read arbitrary files on server running old version of PHP susceptible to the null byte technique. This could also lead to RCE by using a Phar Deserialization technique.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-1390.yaml"}
 {"ID":"CVE-2022-1391","Info":{"Name":"WordPress Cab fare calculator \u003c 1.0.4 - Local File Inclusion","Severity":"critical","Description":"The Cab fare calculator WordPress plugin before 1.0.4 does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-1391.yaml"}
 {"ID":"CVE-2022-1392","Info":{"Name":"WordPress Videos sync PDF \u003c=1.7.4 - Local File Inclusion","Severity":"high","Description":"WordPress Videos sync PDF 1.7.4 and prior does not validate the p parameter before using it in an include statement, which could lead to local file inclusion.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-1392.yaml"}
+{"ID":"CVE-2022-1398","Info":{"Name":"External Media without Import \u003c= 1.1.2 - Authenticated Blind SSRF","Severity":"medium","Description":"The External Media without Import WordPress plugin through 1.1.2 does not have any authorisation and does to ensure that medias added via URLs are external medias, which could allow any authenticated users, such as subscriber to perform blind SSRF attacks.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"cves/2022/CVE-2022-1398.yaml"}
 {"ID":"CVE-2022-1439","Info":{"Name":"Microweber \u003c1.2.15 - Cross-Site Scripting","Severity":"medium","Description":"Microweber prior to 1.2.15 contains a reflected cross-site scripting vulnerability. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-1439.yaml"}
 {"ID":"CVE-2022-1442","Info":{"Name":"WordPress Plugin Metform \u003c= 2.1.3 - Unauthenticated Sensitive Information Disclosure","Severity":"high","Description":"The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the ~/core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs like that of PayPal, Stripe, Mailchimp, Hubspot, HelpScout, reCAPTCHA and many more, in versions up to and including 2.1.3.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-1442.yaml"}
 {"ID":"CVE-2022-1574","Info":{"Name":"WordPress HTML2WP \u003c=1.0.0 - Arbitrary File Upload","Severity":"critical","Description":"WordPress HTML2WP plugin through 1.0.0 contains an arbitrary file upload vulnerability. The plugin does not perform authorization and CSRF checks when importing files and does not validate them. As a result, an attacker can upload arbitrary files on the remote server.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-1574.yaml"}
@@ -1470,6 +1483,7 @@
 {"ID":"CVE-2022-2633","Info":{"Name":"All In One Video Gallery Plugin - Unauthenticated Arbitrary File Download \u0026 SSRF vulnerability","Severity":"","Description":"Unauthenticated Arbitrary File Download \u0026 SSRF vulnerability in WordPress All In One Video Gallery Plugin (versions \u003c= 2.6.0).\n","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2022/CVE-2022-2633.yaml"}
 {"ID":"CVE-2022-26352","Info":{"Name":"DotCMS - Arbitrary File Upload","Severity":"critical","Description":"DotCMS management system contains an arbitrary file upload vulnerability via the /api/content/ path which can allow attackers to upload malicious Trojans to obtain server permissions.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-26352.yaml"}
 {"ID":"CVE-2022-26564","Info":{"Name":"HotelDruid Hotel Management Software 3.0.3 - Cross-Site Scripting","Severity":"medium","Description":"HotelDruid Hotel Management Software 3.0.3 contains a cross-site scripting vulnerability via the prezzoperiodo4 parameter in creaprezzi.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-26564.yaml"}
+{"ID":"CVE-2022-26833","Info":{"Name":"Open Automation Software OAS Platform V16.00.0121 - Missing Authentication","Severity":"critical","Description":"An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series of HTTP requests to trigger this vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-26833.yaml"}
 {"ID":"CVE-2022-26960","Info":{"Name":"elFinder \u003c=2.1.60 - Local File Inclusion","Severity":"critical","Description":"elFinder through 2.1.60 is affected by local file inclusion via connector.minimal.php. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"cves/2022/CVE-2022-26960.yaml"}
 {"ID":"CVE-2022-27593","Info":{"Name":"QNAP QTS Photo Station External Reference - Local File Inclusion","Severity":"critical","Description":"QNAP QTS Photo Station External Reference is vulnerable to local file inclusion via an externally controlled reference to a resource vulnerability. If exploited, this could allow an attacker to modify system files. The vulnerability is fixed in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later QTS 4.3.6: Photo Station 5.7.18 and later QTS 4.3.3: Photo Station 5.4.15 and later QTS 4.2.6: Photo Station 5.2.14 and later.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"cves/2022/CVE-2022-27593.yaml"}
 {"ID":"CVE-2022-27849","Info":{"Name":"WordPress Simple Ajax Chat \u003c20220116 - Sensitive Information Disclosure vulnerability","Severity":"high","Description":"WordPress Simple Ajax Chat before 20220216 is vulnerable to sensitive information disclosure. The plugin does not properly restrict access to the exported data via the sac-export.csv file, which could allow unauthenticated users to access it.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-27849.yaml"}
@@ -1525,6 +1539,7 @@
 {"ID":"CVE-2022-31845","Info":{"Name":"WAVLINK WN535 G3 - Information Disclosure","Severity":"high","Description":"WAVLINK WN535 G3 M35G3R.V5030.180927 is susceptible to information disclosure in live_check.shtml. An attacker can obtain sensitive router information via execution of the exec cmd function and thereby possibly obtain additional sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-31845.yaml"}
 {"ID":"CVE-2022-31846","Info":{"Name":"WAVLINK WN535 G3 - Information Disclosure","Severity":"high","Description":"WAVLINK WN535 G3 M35G3R.V5030.180927 is susceptible to information disclosure in the live_mfg.shtml page. An attacker can obtain sensitive router information via the exec cmd function and possibly obtain additional sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-31846.yaml"}
 {"ID":"CVE-2022-31847","Info":{"Name":"WAVLINK WN579 X3 M79X3.V5030.180719 - Information Disclosure","Severity":"high","Description":"WAVLINK WN579 X3 M79X3.V5030.180719 is susceptible to information disclosure in /cgi-bin/ExportAllSettings.sh. An attacker can obtain sensitive router information via a crafted POST request and thereby possibly obtain additional sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-31847.yaml"}
+{"ID":"CVE-2022-31854","Info":{"Name":"CodoForum v5.1 - Remote Code Execution","Severity":"high","Description":"Codoforum v5.1 was discovered to contain an arbitrary file upload vulnerability via the logo change option in the admin panel.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"cves/2022/CVE-2022-31854.yaml"}
 {"ID":"CVE-2022-32007","Info":{"Name":"Complete Online Job Search System 1.0 - SQL Injection","Severity":"high","Description":"Complete Online Job Search System 1.0 contains a SQL injection vulnerability via /eris/admin/company/index.php?view=edit\u0026id=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"cves/2022/CVE-2022-32007.yaml"}
 {"ID":"CVE-2022-32015","Info":{"Name":"Complete Online Job Search System 1.0 - SQL Injection","Severity":"high","Description":"Complete Online Job Search System 1.0 contains a SQL injection vulnerability via /eris/index.php?q=category\u0026search=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"cves/2022/CVE-2022-32015.yaml"}
 {"ID":"CVE-2022-32018","Info":{"Name":"Complete Online Job Search System 1.0 - SQL Injection","Severity":"high","Description":"Complete Online Job Search System 1.0 contains a SQL injection vulnerability via /eris/index.php?q=hiring\u0026search=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"cves/2022/CVE-2022-32018.yaml"}
@@ -1580,7 +1595,9 @@
 {"ID":"CVE-2022-38794","Info":{"Name":"Zaver - Local File Inclusion","Severity":"high","Description":"Zaver through 2020-12-15  is vulnerable to local file inclusion via the GET /.. substring.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-38794.yaml"}
 {"ID":"CVE-2022-38817","Info":{"Name":"Dapr Dashboard 0.1.0-0.10.0 - Improper Access Control","Severity":"high","Description":"Dapr Dashboard 0.1.0 through 0.10.0 is susceptible to improper access control. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-38817.yaml"}
 {"ID":"CVE-2022-38870","Info":{"Name":"Free5gc 3.2.1 - Information Disclosure","Severity":"high","Description":"Free5gc 3.2.1 is susceptible to information disclosure. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-38870.yaml"}
+{"ID":"CVE-2022-3908","Info":{"Name":"Helloprint \u003c 1.4.7 - Cross-Site Scripting","Severity":"medium","Description":"The Helloprint WordPress plugin before 1.4.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-3908.yaml"}
 {"ID":"CVE-2022-39195","Info":{"Name":"LISTSERV 17 - Cross-Site Scripting","Severity":"medium","Description":"LISTSERV 17 web interface contains a cross-site scripting vulnerability. An attacker can inject arbitrary JavaScript or HTML via the \"c\" parameter, thereby possibly allowing the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-39195.yaml"}
+{"ID":"CVE-2022-3933","Info":{"Name":"Essential Real Estate - Cross Site Scripting","Severity":"medium","Description":"The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as Admin to perform Cross-Site Scripting attacks.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"cves/2022/CVE-2022-3933.yaml"}
 {"ID":"CVE-2022-3934","Info":{"Name":"WordPress FlatPM \u003c3.0.13 - Cross-Site Scripting","Severity":"medium","Description":"WordPress FlatPM plugin before 3.0.13 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape certain parameters before outputting them back in pages, which can be exploited against high privilege users such as admin. An attacker can steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"cves/2022/CVE-2022-3934.yaml"}
 {"ID":"CVE-2022-39952","Info":{"Name":"FortiNAC Unauthenticated Arbitrary File Write","Severity":"critical","Description":"A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-39952.yaml"}
 {"ID":"CVE-2022-39960","Info":{"Name":"Atlassian Jira addon Netic Group Export \u003c 1.0.3 - Unauthenticated Access","Severity":"medium","Description":"The Netic Group Export add-on before 1.0.3 for Atlassian Jira does not perform authorization checks. This might allow an unauthenticated user to export all groups from the Jira instance by making a groupexport_download=true request to a plugins/servlet/groupexportforjira/admin/ URI.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"cves/2022/CVE-2022-39960.yaml"}
@@ -1593,6 +1610,7 @@
 {"ID":"CVE-2022-40734","Info":{"Name":"Laravel Filemanager v2.5.1 - Local File Inclusion","Severity":"medium","Description":"Laravel Filemanager (aka UniSharp) through version 2.5.1 is vulnerable to local file inclusion via download?working_dir=%2F.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"cves/2022/CVE-2022-40734.yaml"}
 {"ID":"CVE-2022-40879","Info":{"Name":"kkFileView 4.1.0 - Cross-Site Scripting","Severity":"medium","Description":"kkFileView 4.1.0 contains multiple cross-site scripting vulnerabilities via the errorMsg parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-40879.yaml"}
 {"ID":"CVE-2022-40881","Info":{"Name":"SolarView 6.00 - Remote Command Execution","Severity":"critical","Description":"SolarView Compact 6.00 is vulnerable to a command injection via network_test.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-40881.yaml"}
+{"ID":"CVE-2022-4117","Info":{"Name":"IWS Geo Form Fields \u003c= 1.0 - Unauthenticated SQL Injection","Severity":"critical","Description":"The IWS WordPress plugin through 1.0 does not properly escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-4117.yaml"}
 {"ID":"CVE-2022-41473","Info":{"Name":"RPCMS 3.0.2 - Cross-Site Scripting","Severity":"medium","Description":"RPCMS 3.0.2 contains a cross-site scripting vulnerability in the Search function. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-41473.yaml"}
 {"ID":"CVE-2022-41840","Info":{"Name":"Welcart eCommerce \u003c=2.7.7 - Local File Inclusion","Severity":"critical","Description":"Welcart eCommerce 2.7.7 and before are vulnerable to unauthenticated local file inclusion.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-41840.yaml"}
 {"ID":"CVE-2022-42233","Info":{"Name":"Tenda 11N - Authentication Bypass","Severity":"critical","Description":"Tenda 11N with firmware version V5.07.33_cn suffers from an Authentication Bypass vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-42233.yaml"}
@@ -1608,6 +1626,8 @@
 {"ID":"CVE-2022-43017","Info":{"Name":"OpenCATS 0.9.6 - Cross-Site Scripting","Severity":"medium","Description":"OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the indexFile component. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-43017.yaml"}
 {"ID":"CVE-2022-43018","Info":{"Name":"OpenCATS 0.9.6 - Cross-Site Scripting","Severity":"medium","Description":"OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the email parameter in the Check Email function. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-43018.yaml"}
 {"ID":"CVE-2022-4306","Info":{"Name":"WordPress Panda Pods Repeater Field \u003c1.5.4 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Panda Pods Repeater Field before 1.5.4 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. This can be leveraged against a user who has at least Contributor permission. An attacker can also steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"cves/2022/CVE-2022-4306.yaml"}
+{"ID":"CVE-2022-4320","Info":{"Name":"WordPress Events Calendar Plugin - Cross-Site Scripting","Severity":"medium","Description":"WordPress Events Calendar Plugin \u003c 1.4.5 - Multiple Reflected XSS\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-4320.yaml"}
+{"ID":"CVE-2022-4325","Info":{"Name":"Post Status Notifier Lite \u003c 1.10.1 - Cross Site Scripting","Severity":"medium","Description":"The Post Status Notifier Lite WordPress plugin before 1.10.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which can be used against high privilege users such as admin.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-4325.yaml"}
 {"ID":"CVE-2022-4447","Info":{"Name":"WordPress Fontsy \u003c=1.8.6 - SQL Injection","Severity":"critical","Description":"WordPress Fontsy plugin through 1.8.6 is susceptible to SQL injection. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action.  An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-4447.yaml"}
 {"ID":"CVE-2022-44877","Info":{"Name":"Centos Web Panel - Unauthenticated Remote Code Execution","Severity":"critical","Description":"RESERVED An issue in the /login/index.php component of Centos Web Panel 7 before v0.9.8.1147 allows unauthenticated attackers to execute arbitrary system commands via crafted HTTP requests.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-44877.yaml"}
 {"ID":"CVE-2022-45362","Info":{"Name":"Paytm Payment Gateway Plugin \u003c= 2.7.0 Server Side Request Forgery (SSRF)","Severity":"high","Description":"Server Side Request Forgery (SSRF) vulnerability in WordPress Paytm Payment Gateway Plugin. This could allow a malicious actor to cause a website to execute website requests to an arbitrary domain of the attacker. This could allow a malicious actor to find sensitive information.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"cves/2022/CVE-2022-45362.yaml"}
@@ -1624,6 +1644,8 @@
 {"ID":"CVE-2022-47986","Info":{"Name":"Pre-Auth RCE in Aspera Faspex","Severity":"critical","Description":"IBM Aspera Faspex could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The obsolete API call was removed in Faspex 4.4.2 PL2.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-47986.yaml"}
 {"ID":"CVE-2022-48165","Info":{"Name":"Wavlink - Configuration Exposure","Severity":"high","Description":"An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN530H4 M30H4.V5030.210121 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-48165.yaml"}
 {"ID":"CVE-2022-4897","Info":{"Name":"WordPress BackupBuddy \u003c8.8.3 - Cross Site Scripting","Severity":"medium","Description":"WordPress BackupBuddy plugin before 8.8.3 contains a cross-site vulnerability. The plugin does not sanitize and escape some parameters before outputting them back in various locations. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-4897.yaml"}
+{"ID":"CVE-2023-0236","Info":{"Name":"Tutor LMS \u003c 2.0.10 - Cross Site Scripting","Severity":"medium","Description":"The Tutor LMS WordPress plugin before 2.0.10 does not sanitise and escape the reset_key and user_id parameters before outputting then back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2023/CVE-2023-0236.yaml"}
+{"ID":"CVE-2023-0261","Info":{"Name":"WP TripAdvisor Review Slider \u003c 10.8 - Subscriber+ SQLi","Severity":"high","Description":"The WP TripAdvisor Review Slider WordPress plugin before 10.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2023/CVE-2023-0261.yaml"}
 {"ID":"CVE-2023-0669","Info":{"Name":"GoAnywhere MFT - Remote Code Execution (ZeroDay)","Severity":"high","Description":"Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"cves/2023/CVE-2023-0669.yaml"}
 {"ID":"CVE-2023-23488","Info":{"Name":"WordPress Paid Memberships Pro \u003c2.9.8 - Blind SQL Injection","Severity":"critical","Description":"WordPress Paid Memberships Pro plugin before 2.9.8 contains a blind SQL injection vulnerability in the 'code' parameter of the /pmpro/v1/order REST route. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2023/CVE-2023-23488.yaml"}
 {"ID":"CVE-2023-23489","Info":{"Name":"WordPress Easy Digital Downloads 3.1.0.2/3.1.0.3 - SQL Injection","Severity":"critical","Description":"WordPress Easy Digital Downloads plugin 3.1.0.2 and 3.1.0.3 contains a SQL injection vulnerability in the s parameter of its edd_download_search action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2023/CVE-2023-23489.yaml"}
@@ -1633,3 +1655,4 @@
 {"ID":"CVE-2023-24322","Info":{"Name":"mojoPortal 2.7.0.0 - Cross-Site Scripting","Severity":"medium","Description":"mojoPortal 2.7.0.0 contains a cross-site scripting vulnerability in the FileDialog.aspx component, which can allow an attacker to execute arbitrary web scripts or HTML via a crafted payload injected into the ed and tbi parameters.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2023/CVE-2023-24322.yaml"}
 {"ID":"CVE-2023-26255","Info":{"Name":"STAGIL Navigation for Jira - Menu \u0026 Themes - Local File Inclusion","Severity":"high","Description":"An unauthenticated path traversal vulnerability affects the \"STAGIL Navigation for Jira - Menu \u0026 Themes\" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjCustomDesignConfig endpoint, it is possible to traverse and read the file system.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2023/CVE-2023-26255.yaml"}
 {"ID":"CVE-2023-26256","Info":{"Name":"STAGIL Navigation for Jira - Menu \u0026 Themes - Local File Inclusion","Severity":"high","Description":"An unauthenticated path traversal vulnerability affects the \"STAGIL Navigation for Jira - Menu \u0026 Themes\" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjFooterNavigationConfig endpoint, it is possible to traverse and read the file system.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2023/CVE-2023-26256.yaml"}
+{"ID":"CVE-2023-27292","Info":{"Name":"OpenCATS - Open Redirect","Severity":"medium","Description":"An open redirect vulnerability exposes OpenCATS to template injection due to improper validation of user-supplied GET parameters.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"cves/2023/CVE-2023-27292.yaml"}
diff --git a/cves.json-checksum.txt b/cves.json-checksum.txt
index c53c6aff05..01da963f2a 100644
--- a/cves.json-checksum.txt
+++ b/cves.json-checksum.txt
@@ -1 +1 @@
-86331afa337bf587e802c3e7b3e7e655
+69680682404a6485d850e028aaeb2ea6