admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-07-09 08:00:36 +00:00
parent b194b40573
commit 026373d1a5
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
21 changed files with 1560 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2024/26xxx/CVE-2024-26621.json
View File

@ -139,6 +139,11 @@
"url": "http://www.openwall.com/lists/oss-security/2024/07/08/8",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2024/07/08/8"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/09/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2024/07/09/1"
}
]
},

105
2024/28xxx/CVE-2024-28747.json
View File

@ -1,17 +1,114 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-28747",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "info@cert.vde.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An unauthenticated remote attacker can use the hard-coded credentials to access the SmartSPS devices with high privileges.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798 Use of Hard-coded Credentials",
"cweId": "CWE-798"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ifm",
"product": {
"product_data": [
{
"product_name": "Smart PLC AC14xx Firmware",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "V4.3.17"
}
]
}
},
{
"product_name": "Smart PLC AC4xxS Firmware",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "V4.3.17"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-012",
"refsource": "MISC",
"name": "https://cert.vde.com/en/advisories/VDE-2024-012"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "VDE-2024-012",
"defect": [
"CERT@VDE#64595"
],
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Logan Carpenter"
},
{
"lang": "en",
"value": "Dragos"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

105
2024/28xxx/CVE-2024-28748.json
View File

@ -1,17 +1,114 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-28748",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "info@cert.vde.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A remote attacker with high privileges may use a reading file function to inject OS commands.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"cweId": "CWE-78"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ifm",
"product": {
"product_data": [
{
"product_name": "Smart PLC AC14xx Firmware",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "V4.3.17"
}
]
}
},
{
"product_name": "Smart PLC AC4xxS Firmware",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "V4.3.17"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-012",
"refsource": "MISC",
"name": "https://cert.vde.com/en/advisories/VDE-2024-012"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "VDE-2024-012",
"defect": [
"CERT@VDE#64595"
],
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Logan Carpenter"
},
{
"lang": "en",
"value": "Dragos"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

105
2024/28xxx/CVE-2024-28749.json
View File

@ -1,17 +1,114 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-28749",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "info@cert.vde.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A remote attacker with high privileges may use a writing file function to inject OS commands.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"cweId": "CWE-78"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ifm",
"product": {
"product_data": [
{
"product_name": "Smart PLC AC14xx Firmware",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "V4.3.17"
}
]
}
},
{
"product_name": "Smart PLC AC4xxS Firmware",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "V4.3.17"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-012",
"refsource": "MISC",
"name": "https://cert.vde.com/en/advisories/VDE-2024-012"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "VDE-2024-012",
"defect": [
"CERT@VDE#64595"
],
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Logan Carpenter"
},
{
"lang": "en",
"value": "Dragos"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

105
2024/28xxx/CVE-2024-28750.json
View File

@ -1,17 +1,114 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-28750",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "info@cert.vde.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A remote attacker with high privileges may use a deleting file function to inject OS commands.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"cweId": "CWE-78"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ifm",
"product": {
"product_data": [
{
"product_name": "Smart PLC AC14xx Firmware",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "V4.3.17"
}
]
}
},
{
"product_name": "Smart PLC AC4xxS Firmware",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "V4.3.17"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-012",
"refsource": "MISC",
"name": "https://cert.vde.com/en/advisories/VDE-2024-012"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "VDE-2024-012",
"defect": [
"CERT@VDE#64595"
],
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Logan Carpenter"
},
{
"lang": "en",
"value": "Dragos"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

105
2024/28xxx/CVE-2024-28751.json
View File

@ -1,17 +1,114 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-28751",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "info@cert.vde.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An high privileged remote attacker can enable telnet access that accepts hardcoded credentials.\u00a0\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"cweId": "CWE-78"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ifm",
"product": {
"product_data": [
{
"product_name": "Smart PLC AC14xx Firmware",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "V4.3.17"
}
]
}
},
{
"product_name": "Smart PLC AC4xxS Firmware",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "V4.3.17"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-012",
"refsource": "MISC",
"name": "https://cert.vde.com/en/advisories/VDE-2024-012"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "VDE-2024-012",
"defect": [
"CERT@VDE#64595"
],
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Logan Carpenter"
},
{
"lang": "en",
"value": "Dragos"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}

85
2024/37xxx/CVE-2024-37555.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-37555",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in ZealousWeb Generate PDF using Contact Form 7.This issue affects Generate PDF using Contact Form 7: from n/a through 4.0.6."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"cweId": "CWE-434"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ZealousWeb",
"product": {
"product_data": [
{
"product_name": "Generate PDF using Contact Form 7",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "n/a",
"version_value": "4.0.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/generate-pdf-using-contact-form-7/wordpress-generate-pdf-using-contact-form-7-plugin-4-0-6-arbitrary-file-upload-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/generate-pdf-using-contact-form-7/wordpress-generate-pdf-using-contact-form-7-plugin-4-0-6-arbitrary-file-upload-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Peng Zhou (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}

83
2024/37xxx/CVE-2024-37923.json
View File

@ -1,17 +1,92 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-37923",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Cliengo \u2013 Chatbot.This issue affects Cliengo \u2013 Chatbot: from n/a through 3.0.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/cliengo/wordpress-cliengo-chatbot-plugin-3-0-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/cliengo/wordpress-cliengo-chatbot-plugin-3-0-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Majed Refaea (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
}
]
}

75
2024/5xxx/CVE-2024-5881.json
View File

@ -1,17 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5881",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Webico Slider Flatsome Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wbc_image shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "tranbinhcse",
"product": {
"product_data": [
{
"product_name": "Webico Slider Flatsome Addons",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "2.0.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/71eeddf4-5693-41bc-93ad-3c93dafdd3bc?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/71eeddf4-5693-41bc-93ad-3c93dafdd3bc?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/webico-slider-flatsome-addons/trunk/shortcodes/wbc_slider.php#L4",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/webico-slider-flatsome-addons/trunk/shortcodes/wbc_slider.php#L4"
}
]
},
"credits": [
{
"lang": "en",
"value": "Francesco Carlucci"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
}
]
}

75
2024/6xxx/CVE-2024-6123.json
View File

@ -1,17 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6123",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Bit Form plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'iconUpload' function in all versions up to, and including, 2.12.2. This makes it possible for authenticated attackers, with administrator-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "bitpressadmin",
"product": {
"product_data": [
{
"product_name": "Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "2.12.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6d1b255f-d775-4bd5-892e-42bf82dd5632?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6d1b255f-d775-4bd5-892e-42bf82dd5632?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/bit-form/tags/2.12.2/includes/Admin/AdminAjax.php#L1176",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/bit-form/tags/2.12.2/includes/Admin/AdminAjax.php#L1176"
}
]
},
"credits": [
{
"lang": "en",
"value": "Istv\u00e1n M\u00e1rton"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.2,
"baseSeverity": "HIGH"
}
]
}

75
2024/6xxx/CVE-2024-6161.json
View File

@ -1,17 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6161",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Default Thumbnail Plus plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'get_cache_image' function in all versions up to, and including, 1.0.2.3. This makes it possible for authenticated attackers, with contributor-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "pjgalbraith",
"product": {
"product_data": [
{
"product_name": "Default Thumbnail Plus",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.0.2.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/046f11b6-7d1a-4bd3-8250-4c5a50fab3ff?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/046f11b6-7d1a-4bd3-8250-4c5a50fab3ff?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/default-thumbnail-plus/trunk/default-thumbnail-plus.php?rev=597280#L337",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/default-thumbnail-plus/trunk/default-thumbnail-plus.php?rev=597280#L337"
}
]
},
"credits": [
{
"lang": "en",
"value": "Istv\u00e1n M\u00e1rton"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}

80
2024/6xxx/CVE-2024-6180.json
View File

@ -1,17 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6180",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The EventON plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'eventon_import_settings' ajax action in all versions up to, and including, 2.2.15. This makes it possible for unauthenticated attackers to update plugin settings, including adding stored cross-site scripting to settings options displayed on event calendar pages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ashanjay",
"product": {
"product_data": [
{
"product_name": "EventON",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "2.2.15"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/12f3dc64-322d-4015-8c57-eaa41c9a1829?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/12f3dc64-322d-4015-8c57-eaa41c9a1829?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/eventon-lite/trunk/assets/js/admin/wp_admin.js#L714",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/eventon-lite/trunk/assets/js/admin/wp_admin.js#L714"
},
{
"url": "https://plugins.trac.wordpress.org/browser/eventon-lite/trunk/includes/calendar/class-calendar-event-structure.php#L590",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/eventon-lite/trunk/includes/calendar/class-calendar-event-structure.php#L590"
}
]
},
"credits": [
{
"lang": "en",
"value": "Lucio S\u00e1"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 7.2,
"baseSeverity": "HIGH"
}
]
}

80
2024/6xxx/CVE-2024-6309.json
View File

@ -1,17 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6309",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Attachment File Icons (AF Icons) plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 1.3. This is due to missing nonce validation in the 'afi_overview' function and missing file type validation in the 'upload_icons' function. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "praveen-rajan",
"product": {
"product_data": [
{
"product_name": "Attachment File Icons (AF Icons)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7e3fd472-c8ea-42dc-93df-872361ec97f3?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7e3fd472-c8ea-42dc-93df-872361ec97f3?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/attachment-file-icons/tags/1.3/attachment-file-icons.php#L130",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/attachment-file-icons/tags/1.3/attachment-file-icons.php#L130"
},
{
"url": "https://plugins.trac.wordpress.org/browser/attachment-file-icons/tags/1.3/attachment-file-icons.php#L337",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/attachment-file-icons/tags/1.3/attachment-file-icons.php#L337"
}
]
},
"credits": [
{
"lang": "en",
"value": "Istv\u00e1n M\u00e1rton"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}

80
2024/6xxx/CVE-2024-6310.json
View File

@ -1,17 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6310",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Advanced AJAX Page Loader plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 2.7.7. This is due to missing nonce validation in the 'admin_init_AAPL' function and missing file type validation in the 'AAPL_options_validate' function. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "deano1987",
"product": {
"product_data": [
{
"product_name": "Advanced AJAX Page Loader",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "2.7.7"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ccc75dee-1cf8-4fda-b2a1-f5d68e6c7887?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ccc75dee-1cf8-4fda-b2a1-f5d68e6c7887?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/advanced-ajax-page-loader/tags/2.7.7/advanced-ajax-page-loader.php#L41",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/advanced-ajax-page-loader/tags/2.7.7/advanced-ajax-page-loader.php#L41"
},
{
"url": "https://plugins.trac.wordpress.org/browser/advanced-ajax-page-loader/tags/2.7.7/advanced-ajax-page-loader.php#L131",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/advanced-ajax-page-loader/tags/2.7.7/advanced-ajax-page-loader.php#L131"
}
]
},
"credits": [
{
"lang": "en",
"value": "Istv\u00e1n M\u00e1rton"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}

80
2024/6xxx/CVE-2024-6313.json
View File

@ -1,17 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6313",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Gutenberg Forms plugin for WordPress is vulnerable to arbitrary file uploads due to the users can specify the allowed file types in the 'upload' function in versions up to, and including, 2.2.9. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "nikolaystrikhar",
"product": {
"product_data": [
{
"product_name": "Gutenberg Forms \u2013 WordPress Form Builder Plugin",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "2.2.9"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b0315b53-46a1-46b4-a53e-0d914866ca50?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b0315b53-46a1-46b4-a53e-0d914866ca50?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/forms-gutenberg/tags/2.2.9/triggers/email.php#L268",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/forms-gutenberg/tags/2.2.9/triggers/email.php#L268"
},
{
"url": "https://plugins.trac.wordpress.org/browser/forms-gutenberg/tags/2.2.9/Utils/Bucket.php#L19",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/forms-gutenberg/tags/2.2.9/Utils/Bucket.php#L19"
}
]
},
"credits": [
{
"lang": "en",
"value": "Istv\u00e1n M\u00e1rton"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
}
]
}

75
2024/6xxx/CVE-2024-6314.json
View File

@ -1,17 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6314",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The IQ Testimonials plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'process_image_upload' function in versions up to, and including, 2.2.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. This can only be exploited if the 'gd' php extension is not loaded on the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "rmac0001",
"product": {
"product_data": [
{
"product_name": "IQ Testimonials",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "2.2.7"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bec50640-a550-49a8-baf6-2dd53995f90b?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bec50640-a550-49a8-baf6-2dd53995f90b?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/iq-testimonials/tags/2.2.7/lib/iq-testimonials-form.php#L296",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/iq-testimonials/tags/2.2.7/lib/iq-testimonials-form.php#L296"
}
]
},
"credits": [
{
"lang": "en",
"value": "Istv\u00e1n M\u00e1rton"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
}
]
}

75
2024/6xxx/CVE-2024-6316.json
View File

@ -1,17 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6316",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Generate PDF using Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 4.0.6. This is due to missing nonce validation and missing file type validation in the 'wp_cf7_pdf_dashboard_html_page' function. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "zealopensource",
"product": {
"product_data": [
{
"product_name": "Generate PDF using Contact Form 7",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "4.0.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/52cce49b-49b3-49b0-9f18-4829f07a420f?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/52cce49b-49b3-49b0-9f18-4829f07a420f?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/generate-pdf-using-contact-form-7/tags/4.0.6/inc/templates/cf7-pdf-generation.admin.html.php#L72",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/generate-pdf-using-contact-form-7/tags/4.0.6/inc/templates/cf7-pdf-generation.admin.html.php#L72"
}
]
},
"credits": [
{
"lang": "en",
"value": "Istv\u00e1n M\u00e1rton"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}

75
2024/6xxx/CVE-2024-6317.json
View File

@ -1,17 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6317",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Generate PDF using Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 4.0.6. This is due to missing nonce validation and the plugin not properly validating a file or its path prior to deleting it in the 'wp_cf7_pdf_dashboard_html_page' function. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "zealopensource",
"product": {
"product_data": [
{
"product_name": "Generate PDF using Contact Form 7",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "4.0.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/455b9695-e140-4bdb-b626-5c1695518563?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/455b9695-e140-4bdb-b626-5c1695518563?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/generate-pdf-using-contact-form-7/tags/4.0.6/inc/templates/cf7-pdf-generation.admin.html.php#L74",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/generate-pdf-using-contact-form-7/tags/4.0.6/inc/templates/cf7-pdf-generation.admin.html.php#L74"
}
]
},
"credits": [
{
"lang": "en",
"value": "Istv\u00e1n M\u00e1rton"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}

75
2024/6xxx/CVE-2024-6320.json
View File

@ -1,17 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6320",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The ScrollTo Top plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 1.2.2. This is due to missing nonce validation and missing file type validation in the 'options_page' function. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "dwieeb",
"product": {
"product_data": [
{
"product_name": "ScrollTo Top",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.2.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e11f1a56-d5a2-47a4-a5cc-34345966495a?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e11f1a56-d5a2-47a4-a5cc-34345966495a?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/scrollto-top/trunk/scrollto-top.php?rev=662578#L238",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/scrollto-top/trunk/scrollto-top.php?rev=662578#L238"
}
]
},
"credits": [
{
"lang": "en",
"value": "Istv\u00e1n M\u00e1rton"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}

75
2024/6xxx/CVE-2024-6321.json
View File

@ -1,17 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6321",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The ScrollTo Bottom plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 1.1.1. This is due to missing nonce validation and missing file type validation in the 'options_page' function. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "dwieeb",
"product": {
"product_data": [
{
"product_name": "ScrollTo Bottom",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.1.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d560f28f-899c-44cf-8640-55647c1de7dc?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d560f28f-899c-44cf-8640-55647c1de7dc?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/scrollto-bottom/trunk/scrollto-bottom.php?rev=516875#L256",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/scrollto-bottom/trunk/scrollto-bottom.php?rev=516875#L256"
}
]
},
"credits": [
{
"lang": "en",
"value": "Istv\u00e1n M\u00e1rton"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}

18
2024/6xxx/CVE-2024-6596.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6596",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}