Search criteria
4 vulnerabilities by rich-web
CVE-2022-1322 (GCVE-0-2022-1322)
Vulnerability from cvelistv5 – Published: 2022-08-22 14:57 – Updated: 2024-08-03 00:03
VLAI?
Title
Coming Soon - Under Construction <= 1.1.9 - Admin+ Stored Cross-Site Scripting
Summary
The Coming Soon - Under Construction WordPress plugin through 1.1.9 does not sanitize and escape some of its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-Site Scripting (XSS)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/e1724471-26bd-4c… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Coming Soon – Under Construction |
Affected:
1.1.9 , ≤ 1.1.9
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:06.264Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/e1724471-26bd-4cb3-a279-51783102ed0c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Coming Soon \u2013 Under Construction",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "1.1.9",
"status": "affected",
"version": "1.1.9",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Fay\u00e7al CHENA"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Coming Soon - Under Construction WordPress plugin through 1.1.9 does not sanitize and escape some of its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-22T14:57:44.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/e1724471-26bd-4cb3-a279-51783102ed0c"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Coming Soon - Under Construction \u003c= 1.1.9 - Admin+ Stored Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1322",
"STATE": "PUBLIC",
"TITLE": "Coming Soon - Under Construction \u003c= 1.1.9 - Admin+ Stored Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Coming Soon \u2013 Under Construction",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1.1.9",
"version_value": "1.1.9"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Fay\u00e7al CHENA"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Coming Soon - Under Construction WordPress plugin through 1.1.9 does not sanitize and escape some of its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/e1724471-26bd-4cb3-a279-51783102ed0c",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/e1724471-26bd-4cb3-a279-51783102ed0c"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1322",
"datePublished": "2022-08-22T14:57:45.000Z",
"dateReserved": "2022-04-12T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:03:06.264Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1324 (GCVE-0-2022-1324)
Vulnerability from cvelistv5 – Published: 2022-08-01 12:47 – Updated: 2024-08-03 00:03
VLAI?
Title
Event Timeline <= 1.1.5 - Admin+ Stored Cross-Site Scripting
Summary
The Event Timeline WordPress plugin through 1.1.5 does not sanitize and escape Timeline Text, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/2ce2a387-acc8-48… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Event Timeline – Vertical Timeline |
Affected:
1.1.5 , ≤ 1.1.5
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:05.478Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/2ce2a387-acc8-482a-9452-a4d9acb187fd"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Event Timeline \u2013 Vertical Timeline",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "1.1.5",
"status": "affected",
"version": "1.1.5",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Fay\u00e7al CHENA"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Event Timeline WordPress plugin through 1.1.5 does not sanitize and escape Timeline Text, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-01T12:47:32.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/2ce2a387-acc8-482a-9452-a4d9acb187fd"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Event Timeline \u003c= 1.1.5 - Admin+ Stored Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1324",
"STATE": "PUBLIC",
"TITLE": "Event Timeline \u003c= 1.1.5 - Admin+ Stored Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Event Timeline \u2013 Vertical Timeline",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1.1.5",
"version_value": "1.1.5"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Fay\u00e7al CHENA"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Event Timeline WordPress plugin through 1.1.5 does not sanitize and escape Timeline Text, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/2ce2a387-acc8-482a-9452-a4d9acb187fd",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/2ce2a387-acc8-482a-9452-a4d9acb187fd"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1324",
"datePublished": "2022-08-01T12:47:32.000Z",
"dateReserved": "2022-04-12T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:03:05.478Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1327 (GCVE-0-2022-1327)
Vulnerability from cvelistv5 – Published: 2022-06-27 08:56 – Updated: 2024-08-03 00:03
VLAI?
Title
Image Gallery - Grid Gallery < 1.1.6 - Admin+ Stored Cross-Site Scripting
Summary
The Image Gallery WordPress plugin before 1.1.6 does not sanitize and escape some of its Image fields, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-Site Scripting (XSS)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/6b71eb38-0a4a-49… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Image Gallery – Grid Gallery |
Affected:
1.1.6 , < 1.1.6
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:05.781Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/6b71eb38-0a4a-49d1-96bc-84bbe675be1e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Image Gallery \u2013 Grid Gallery",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.1.6",
"status": "affected",
"version": "1.1.6",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Fay\u00e7al CHENA"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Image Gallery WordPress plugin before 1.1.6 does not sanitize and escape some of its Image fields, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-15T08:35:40.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/6b71eb38-0a4a-49d1-96bc-84bbe675be1e"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Image Gallery - Grid Gallery \u003c 1.1.6 - Admin+ Stored Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1327",
"STATE": "PUBLIC",
"TITLE": "Image Gallery - Grid Gallery \u003c 1.1.6 - Admin+ Stored Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Image Gallery \u2013 Grid Gallery",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.1.6",
"version_value": "1.1.6"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Fay\u00e7al CHENA"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Image Gallery WordPress plugin before 1.1.6 does not sanitize and escape some of its Image fields, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/6b71eb38-0a4a-49d1-96bc-84bbe675be1e",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/6b71eb38-0a4a-49d1-96bc-84bbe675be1e"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1327",
"datePublished": "2022-06-27T08:56:38.000Z",
"dateReserved": "2022-04-12T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:03:05.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24831 (GCVE-0-2021-24831)
Vulnerability from cvelistv5 – Published: 2022-01-03 12:49 – Updated: 2024-08-03 19:42
VLAI?
Title
Tab - Accordion, FAQ < 1.3.2 - Unauthenticated AJAX Calls
Summary
All AJAX actions of the Tab WordPress plugin before 1.3.2 are available to both unauthenticated and authenticated users, allowing unauthenticated attackers to modify various data in the plugin, such as add/edit/delete arbitrary tabs.
Severity ?
No CVSS data available.
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/75ed9f5f-e091-43… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Tab – Accordion, FAQ |
Affected:
1.3.2 , < 1.3.2
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:42:17.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/75ed9f5f-e091-4372-a6cb-57958ad5f900"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tab \u2013 Accordion, FAQ",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.3.2",
"status": "affected",
"version": "1.3.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Brandon Roldan"
}
],
"descriptions": [
{
"lang": "en",
"value": "All AJAX actions of the Tab WordPress plugin before 1.3.2 are available to both unauthenticated and authenticated users, allowing unauthenticated attackers to modify various data in the plugin, such as add/edit/delete arbitrary tabs."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-03T12:49:05.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/75ed9f5f-e091-4372-a6cb-57958ad5f900"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Tab - Accordion, FAQ \u003c 1.3.2 - Unauthenticated AJAX Calls",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24831",
"STATE": "PUBLIC",
"TITLE": "Tab - Accordion, FAQ \u003c 1.3.2 - Unauthenticated AJAX Calls"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tab \u2013 Accordion, FAQ",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.3.2",
"version_value": "1.3.2"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Brandon Roldan"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "All AJAX actions of the Tab WordPress plugin before 1.3.2 are available to both unauthenticated and authenticated users, allowing unauthenticated attackers to modify various data in the plugin, such as add/edit/delete arbitrary tabs."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/75ed9f5f-e091-4372-a6cb-57958ad5f900",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/75ed9f5f-e091-4372-a6cb-57958ad5f900"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24831",
"datePublished": "2022-01-03T12:49:05.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:42:17.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}