From 45de985c3bef412bd0e18dd8e0a3625aa389575b Mon Sep 17 00:00:00 2001 From: ghost Date: Sun, 11 Jan 2026 23:58:10 +0000 Subject: [PATCH] =?UTF-8?q?chore:=20generate=20CVEs=20metadata=20?= =?UTF-8?q?=F0=9F=A4=96?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cves.json | 1 + cves.json-checksum.txt | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/cves.json b/cves.json index fb158a13c22..442b5dcbc47 100644 --- a/cves.json +++ b/cves.json @@ -377,6 +377,7 @@ {"ID":"CVE-2016-10973","Info":{"Name":"Brafton WordPress Plugin \u003c 3.4.8 - Cross-Site Scripting","Severity":"medium","Description":"The Brafton plugin before 3.4.8 for WordPress has XSS via the wp-admin/admin.php?page=BraftonArticleLoader tab parameter to BraftonAdminPage.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2016/CVE-2016-10973.yaml"} {"ID":"CVE-2016-10976","Info":{"Name":"Safe Editor Plugin \u003c 1.2 - CSS/JS-injection","Severity":"medium","Description":"The safe-editor plugin before 1.2 for WordPress has no se_save authentication, with resultant XSS.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2016/CVE-2016-10976.yaml"} {"ID":"CVE-2016-10993","Info":{"Name":"ScoreMe Theme - Cross-Site Scripting","Severity":"medium","Description":"WordPress ScoreMe theme through 2016-04-01 contains a reflected cross-site scripting vulnerability via the s parameter which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2016/CVE-2016-10993.yaml"} +{"ID":"CVE-2016-15041","Info":{"Name":"MainWP Dashboard \u003c= 3.1.2 - Stored Cross-Site Scripting","Severity":"high","Description":"MainWP Dashboard – The Private WordPress Manager for Multiple Website Maintenance plugin for WordPress versions up to 3.1.2 contains a stored cross-site scripting caused by insufficient input sanitization and output escaping in 'mwp_setup_purchase_username' parameter, letting unauthenticated attackers inject and execute arbitrary scripts when users access affected pages.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2016/CVE-2016-15041.yaml"} {"ID":"CVE-2016-15042","Info":{"Name":"WordPress Frontend File Manager \u003c 4.0 \u0026 N-Media Post Frontend \u003c 1.1 - Arbitrary File Upload","Severity":"critical","Description":"The Frontend File Manager plugin (\u003c4.0) and N-Media Post Front-end Form plugin (\u003c1.1) for WordPress were vulnerable to arbitrary file uploads due to missing file type validation. This allowed unauthenticated attackers to upload arbitrary files and potentially achieve remote code execution.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2016/CVE-2016-15042.yaml"} {"ID":"CVE-2016-15043","Info":{"Name":"WP Mobile Detector \u003c= 3.5 - Unrestricted File Upload","Severity":"critical","Description":"WP Mobile Detector plugin for WordPress \u003c= 3.5 contains an unrestricted file upload vulnerability caused by missing file type validation in resize.php, letting unauthenticated attackers upload arbitrary files, potentially leading to remote code execution.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2016/CVE-2016-15043.yaml"} {"ID":"CVE-2016-1555","Info":{"Name":"NETGEAR WNAP320 Access Point Firmware - Remote Command Injection","Severity":"critical","Description":"NETGEAR WNAP320 Access Point Firmware version 2.0.3 could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2016/CVE-2016-1555.yaml"} diff --git a/cves.json-checksum.txt b/cves.json-checksum.txt index 98c0ac5baf5..c23772b269f 100644 --- a/cves.json-checksum.txt +++ b/cves.json-checksum.txt @@ -1 +1 @@ -8ce8439a513d625134eac84f0fa95032 +caf064fd7a56497f21981fd2fa6883b8