admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-07-09 09:00:35 +00:00
parent 026373d1a5
commit 0e8e041269
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
25 changed files with 1951 additions and 100 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

113
2024/37xxx/CVE-2024-37494.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-37494",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in KaineLabs Youzify.This issue affects Youzify: from n/a through 1.2.5."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "KaineLabs",
"product": {
"product_data": [
{
"product_name": "Youzify",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "1.2.6",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.2.5",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/youzify/wordpress-youzify-plugin-1-2-5-sql-injection-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/youzify/wordpress-youzify-plugin-1-2-5-sql-injection-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 1.2.6 or a higher version."
}
],
"value": "Update to 1.2.6 or a higher version."
}
],
"credits": [
{
"lang": "en",
"value": "LVT-tholv2k (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L",
"version": "3.1"
}
]
}

113
2024/37xxx/CVE-2024-37502.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-37502",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Deserialization of Untrusted Data vulnerability in wpweb WooCommerce Social Login.This issue affects WooCommerce Social Login: from n/a through 2.6.3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data",
"cweId": "CWE-502"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "wpweb",
"product": {
"product_data": [
{
"product_name": "WooCommerce Social Login",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "2.7.0",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.6.3",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/woo-social-login/wordpress-social-login-wordpress-woocommerce-plugin-plugin-2-6-3-php-object-injection-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/woo-social-login/wordpress-social-login-wordpress-woocommerce-plugin-plugin-2-6-3-php-object-injection-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 2.7.0 or a higher version."
}
],
"value": "Update to 2.7.0 or a higher version."
}
],
"credits": [
{
"lang": "en",
"value": "Ananda Dhakal (Patchstack)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
]
}

75
2024/3xxx/CVE-2024-3228.json
View File

@ -1,17 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-3228",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Social Sharing Plugin \u2013 Kiwi plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.1.7 via the 'kiwi-nw-pinterest' class. This makes it possible for unauthenticated attackers to view limited content from password protected posts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "wpkube",
"product": {
"product_data": [
{
"product_name": "Social Sharing Plugin \u2013 Kiwi",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "2.1.7"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/896a038f-fe54-4120-842e-093ef236a898?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/896a038f-fe54-4120-842e-093ef236a898?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3109786%40kiwi-social-share&new=3109786%40kiwi-social-share&sfp_email=&sfph_mail=",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3109786%40kiwi-social-share&new=3109786%40kiwi-social-share&sfp_email=&sfph_mail="
}
]
},
"credits": [
{
"lang": "en",
"value": "Krzysztof Zaj\u0105c"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
]
}

75
2024/3xxx/CVE-2024-3563.json
View File

@ -1,17 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-3563",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Genesis Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sharing block in all versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "studiopress",
"product": {
"product_data": [
{
"product_name": "Genesis Blocks",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "3.1.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ef21fae3-65ef-43e8-9792-619dfc4dfda8?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ef21fae3-65ef-43e8-9792-619dfc4dfda8?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/genesis-blocks/trunk/src/blocks/block-sharing/index.php#L268",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/genesis-blocks/trunk/src/blocks/block-sharing/index.php#L268"
}
]
},
"credits": [
{
"lang": "en",
"value": "Ng\u00f4 Thi\u00ean An"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
}
]
}

75
2024/3xxx/CVE-2024-3603.json
View File

@ -1,17 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-3603",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The OSM \u2013 OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'osm_map' shortcode in all versions up to, and including, 6.0.2 due to insufficient input sanitization and output escaping on user supplied attributes such as 'theme'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "photoweblog",
"product": {
"product_data": [
{
"product_name": "OSM \u2013 OpenStreetMap",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "6.0.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/845cea77-ea74-4459-817b-cfbdb877b75a?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/845cea77-ea74-4459-817b-cfbdb877b75a?source=cve"
},
{
"url": "https://wordpress.org/plugins/osm/",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/osm/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Krzysztof Zaj\u0105c"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
}
]
}

75
2024/3xxx/CVE-2024-3604.json
View File

@ -1,17 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-3604",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The OSM \u2013 OpenStreetMap plugin for WordPress is vulnerable to SQL Injection via the 'tagged_filter' attribute of the 'osm_map_v3' shortcode in all versions up to, and including, 6.0.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "photoweblog",
"product": {
"product_data": [
{
"product_name": "OSM \u2013 OpenStreetMap",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "6.0.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c8eebc67-e590-4d7f-8925-e5e5090cedf0?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c8eebc67-e590-4d7f-8925-e5e5090cedf0?source=cve"
},
{
"url": "https://wordpress.org/plugins/osm/",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/osm/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Krzysztof Zaj\u0105c"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
}
]
}

75
2024/3xxx/CVE-2024-3608.json
View File

@ -1,17 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-3608",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Product Designer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the product_designer_ajax_delete_attach_id() function in all versions up to, and including, 1.0.33. This makes it possible for unauthenticated attackers to delete arbitrary attachments."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "pickplugins",
"product": {
"product_data": [
{
"product_name": "Product Designer",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.0.33"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2f127fe5-67b8-40e1-a916-c607410b08b3?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2f127fe5-67b8-40e1-a916-c607410b08b3?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/product-designer/trunk/includes/designer-function.php#L412",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/product-designer/trunk/includes/designer-function.php#L412"
}
]
},
"credits": [
{
"lang": "en",
"value": "Lucio S\u00e1"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
]
}

75
2024/4xxx/CVE-2024-4100.json
View File

@ -1,17 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-4100",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Pricing Table plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.1. This is due to missing or incorrect nonce validation on the ajax() function. This makes it possible for unauthenticated attackers to perform a variety of actions related to managing pricing tables via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "elfsight",
"product": {
"product_data": [
{
"product_name": "Pricing Table",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "2.0.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4cb3d2d4-256c-4128-9397-8b9c7be1b9c8?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4cb3d2d4-256c-4128-9397-8b9c7be1b9c8?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/elfsight-pricing-table/trunk/core/includes/widgets-api.php#L71",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/elfsight-pricing-table/trunk/core/includes/widgets-api.php#L71"
}
]
},
"credits": [
{
"lang": "en",
"value": "Benedictus Jovan"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
]
}

75
2024/4xxx/CVE-2024-4102.json
View File

@ -1,17 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-4102",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Pricing Table plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax() function in all versions up to, and including, 2.0.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions like editing pricing tables."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "elfsight",
"product": {
"product_data": [
{
"product_name": "Pricing Table",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "2.0.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/aa769d51-8718-42e9-9070-0b878442dbc7?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/aa769d51-8718-42e9-9070-0b878442dbc7?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/elfsight-pricing-table/trunk/core/includes/widgets-api.php#L71",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/elfsight-pricing-table/trunk/core/includes/widgets-api.php#L71"
}
]
},
"credits": [
{
"lang": "en",
"value": "Benedictus Jovan"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
}
]
}

80
2024/4xxx/CVE-2024-4868.json
View File

@ -1,17 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-4868",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Extensions for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's EE Events and EE Flipbox widgets in all versions up to, and including, 2.0.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "petesheppard84",
"product": {
"product_data": [
{
"product_name": "Extensions for Elementor",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "2.0.31"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4322d9d6-13b6-4476-9eb5-fea4aff2e5ce?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4322d9d6-13b6-4476-9eb5-fea4aff2e5ce?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/extensions-for-elementor/trunk/modules/events/widgets/ee-events.php#L2632",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/extensions-for-elementor/trunk/modules/events/widgets/ee-events.php#L2632"
},
{
"url": "https://plugins.trac.wordpress.org/browser/extensions-for-elementor/trunk/modules/flipbox/widgets/ee-flipbox.php#L1515",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/extensions-for-elementor/trunk/modules/flipbox/widgets/ee-flipbox.php#L1515"
}
]
},
"credits": [
{
"lang": "en",
"value": "Matthew Rollings"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
}
]
}

75
2024/5xxx/CVE-2024-5456.json
View File

@ -1,17 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5456",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Panda Video plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.0 via the 'selected_button' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "pandavideo",
"product": {
"product_data": [
{
"product_name": "Panda Video",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.4.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/94ab250a-387c-431e-9b75-16ede94bf0ef?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/94ab250a-387c-431e-9b75-16ede94bf0ef?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/pandavideo/trunk/includes/widgets/PandaButton.php#L237",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/pandavideo/trunk/includes/widgets/PandaButton.php#L237"
}
]
},
"credits": [
{
"lang": "en",
"value": "Matthew Rollings"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}

85
2024/5xxx/CVE-2024-5457.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5457",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Panda Video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018id\u2019 parameter in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "pandavideo",
"product": {
"product_data": [
{
"product_name": "Panda Video",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.4.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/91a9dcf2-ba6b-4d03-9cdf-f50ea0d259d8?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/91a9dcf2-ba6b-4d03-9cdf-f50ea0d259d8?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/pandavideo/trunk/includes/assets/buttons/button-1.php#L6",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/pandavideo/trunk/includes/assets/buttons/button-1.php#L6"
},
{
"url": "https://plugins.trac.wordpress.org/browser/pandavideo/trunk/includes/assets/buttons/button-2.php#L7",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/pandavideo/trunk/includes/assets/buttons/button-2.php#L7"
},
{
"url": "https://plugins.trac.wordpress.org/browser/pandavideo/trunk/includes/assets/buttons/button-3.php#L8",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/pandavideo/trunk/includes/assets/buttons/button-3.php#L8"
}
]
},
"credits": [
{
"lang": "en",
"value": "Matthew Rollings"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
}
]
}

85
2024/5xxx/CVE-2024-5479.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5479",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Easy Pixels plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 2.13 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "jevnet",
"product": {
"product_data": [
{
"product_name": "Easy Pixels",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "2.13"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0a397025-ada7-4a59-80b9-5a778ea27776?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0a397025-ada7-4a59-80b9-5a778ea27776?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/easy-pixels-by-jevnet/trunk/admin/easyPixelsAdmin.php#L48",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/easy-pixels-by-jevnet/trunk/admin/easyPixelsAdmin.php#L48"
},
{
"url": "https://plugins.trac.wordpress.org/browser/easy-pixels-by-jevnet/trunk/easyPixels.php#L66",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/easy-pixels-by-jevnet/trunk/easyPixels.php#L66"
},
{
"url": "https://plugins.trac.wordpress.org/browser/easy-pixels-by-jevnet/trunk/classes/easy-pixels.php#L87",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/easy-pixels-by-jevnet/trunk/classes/easy-pixels.php#L87"
}
]
},
"credits": [
{
"lang": "en",
"value": "Lucio S\u00e1"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 7.2,
"baseSeverity": "HIGH"
}
]
}

75
2024/5xxx/CVE-2024-5600.json
View File

@ -1,17 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5600",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The SCSS Happy Compiler \u2013 Compile SCSS to CSS & Automatic Enqueue plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check and insufficient sanitization on the import_settings() function in all versions up to, and including, 1.3.10. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject malicious web scripts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "happymonkeyagency",
"product": {
"product_data": [
{
"product_name": "SCSS Happy Compiler \u2013 Compile SCSS to CSS & Automatic Enqueue",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.3.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3d0ecffe-8543-4d82-a1cc-f2474499f373?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3d0ecffe-8543-4d82-a1cc-f2474499f373?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/happy-scss-compiler/trunk/admin/class-hm-wp-scss-admin.php#L384",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/happy-scss-compiler/trunk/admin/class-hm-wp-scss-admin.php#L384"
}
]
},
"credits": [
{
"lang": "en",
"value": "Lucio S\u00e1"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
}
]
}

95
2024/5xxx/CVE-2024-5648.json
View File

@ -1,17 +1,104 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5648",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The LearnDash LMS \u2013 Reports plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.8.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update various plugin settings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "stellarwp",
"product": {
"product_data": [
{
"product_name": "LearnDash LMS \u2013 Reports",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.8.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7fbbd0d7-882f-4bc8-a67a-4d6dc05cb796?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7fbbd0d7-882f-4bc8-a67a-4d6dc05cb796?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wisdm-reports-for-learndash/trunk/includes/admin/class-admin-functions.php#L52",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/wisdm-reports-for-learndash/trunk/includes/admin/class-admin-functions.php#L52"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wisdm-reports-for-learndash/trunk/includes/admin/class-admin-functions.php#L261",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/wisdm-reports-for-learndash/trunk/includes/admin/class-admin-functions.php#L261"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wisdm-reports-for-learndash/trunk/includes/admin/class-admin-functions.php#L284",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/wisdm-reports-for-learndash/trunk/includes/admin/class-admin-functions.php#L284"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wisdm-reports-for-learndash/trunk/includes/admin/class-admin-functions.php#L423",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/wisdm-reports-for-learndash/trunk/includes/admin/class-admin-functions.php#L423"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wisdm-reports-for-learndash/trunk/includes/admin/class-admin-functions.php#L455",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/wisdm-reports-for-learndash/trunk/includes/admin/class-admin-functions.php#L455"
}
]
},
"credits": [
{
"lang": "en",
"value": "Lucio S\u00e1"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
}
]
}

75
2024/5xxx/CVE-2024-5669.json
View File

@ -1,17 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5669",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The XPlainer \u2013 WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ffw_activate_template' function in all versions up to, and including, 1.6.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to store cross-site scripting that will trigger when viewing the dashboard templates or accessing FAQs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "optemiz",
"product": {
"product_data": [
{
"product_name": "XPlainer \u2013 WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin]",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.6.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c5a404de-ee26-44af-9e4f-f93694da7a77?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c5a404de-ee26-44af-9e4f-f93694da7a77?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/faq-for-woocommerce/trunk/includes/admin/faq-woocommerce-admin-functions.php#L471",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/faq-for-woocommerce/trunk/includes/admin/faq-woocommerce-admin-functions.php#L471"
}
]
},
"credits": [
{
"lang": "en",
"value": "Lucio S\u00e1"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
}
]
}

95
2024/5xxx/CVE-2024-5704.json
View File

@ -1,17 +1,104 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5704",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The XPlainer \u2013 WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.6.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to add new and update existing FAQs, FAQ lists, and modify FAQ associations with products."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "optemiz",
"product": {
"product_data": [
{
"product_name": "XPlainer \u2013 WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin]",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.6.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1d3e476d-0885-4e8c-a682-bd64d9f13b53?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1d3e476d-0885-4e8c-a682-bd64d9f13b53?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/faq-for-woocommerce/trunk/includes/admin/faq-woocommerce-admin-functions.php#L100",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/faq-for-woocommerce/trunk/includes/admin/faq-woocommerce-admin-functions.php#L100"
},
{
"url": "https://plugins.trac.wordpress.org/browser/faq-for-woocommerce/trunk/includes/admin/faq-woocommerce-admin-functions.php#L216",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/faq-for-woocommerce/trunk/includes/admin/faq-woocommerce-admin-functions.php#L216"
},
{
"url": "https://plugins.trac.wordpress.org/browser/faq-for-woocommerce/trunk/includes/admin/faq-woocommerce-admin-functions.php#L269",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/faq-for-woocommerce/trunk/includes/admin/faq-woocommerce-admin-functions.php#L269"
},
{
"url": "https://plugins.trac.wordpress.org/browser/faq-for-woocommerce/trunk/includes/admin/faq-woocommerce-admin-functions.php#L326",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/faq-for-woocommerce/trunk/includes/admin/faq-woocommerce-admin-functions.php#L326"
},
{
"url": "https://plugins.trac.wordpress.org/browser/faq-for-woocommerce/trunk/includes/admin/faq-woocommerce-admin-functions.php#L385",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/faq-for-woocommerce/trunk/includes/admin/faq-woocommerce-admin-functions.php#L385"
}
]
},
"credits": [
{
"lang": "en",
"value": "Lucio S\u00e1"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
}
]
}

95
2024/5xxx/CVE-2024-5810.json
View File

@ -1,17 +1,104 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5810",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The WP2Speed Faster \u2013 Optimize PageSpeed Insights Score 90-100 plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.1. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This makes it possible for unauthenticated attackers to overwrite CSS, update the trial settings, purge the cache, and find attachments."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798 Use of Hard-coded Credentials"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "wp2speed",
"product": {
"product_data": [
{
"product_name": "WP2Speed Faster \u2013 Optimize PageSpeed Insights Score 90-100",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.0.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1fe97ac1-cab9-4b6f-bddd-bdcdc9faee40?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1fe97ac1-cab9-4b6f-bddd-bdcdc9faee40?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp2speed/trunk/lib/includes/optimize.php#L71",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/wp2speed/trunk/lib/includes/optimize.php#L71"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp2speed/trunk/lib/includes/optimize.php#L263",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/wp2speed/trunk/lib/includes/optimize.php#L263"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp2speed/trunk/lib/includes/optimize.php#L372",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/wp2speed/trunk/lib/includes/optimize.php#L372"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp2speed/trunk/lib/includes/optimize.php#L152",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/wp2speed/trunk/lib/includes/optimize.php#L152"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp2speed/trunk/lib/includes/optimize.php#L165",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/wp2speed/trunk/lib/includes/optimize.php#L165"
}
]
},
"credits": [
{
"lang": "en",
"value": "Lucio S\u00e1"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
]
}

75
2024/5xxx/CVE-2024-5856.json
View File

@ -1,17 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5856",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Comment Images Reloaded plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the cir_delete_image AJAX action in all versions up to, and including, 2.2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary media attachments."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "wppuzzle",
"product": {
"product_data": [
{
"product_name": "Comment Images Reloaded",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "2.2.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4f2dc3e7-1e10-4547-8469-726c6747465d?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4f2dc3e7-1e10-4547-8469-726c6747465d?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/comment-images-reloaded/trunk/functions/delete-comment.php#L7",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/comment-images-reloaded/trunk/functions/delete-comment.php#L7"
}
]
},
"credits": [
{
"lang": "en",
"value": "Lucio S\u00e1"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
}
]
}

75
2024/5xxx/CVE-2024-5937.json
View File

@ -1,17 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5937",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Simple Alert Boxes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Alert shortcode in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "mardojai",
"product": {
"product_data": [
{
"product_name": "Simple Alert Boxes",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.4.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a25ad405-a97e-4821-b57a-0f39d5ce5e70?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a25ad405-a97e-4821-b57a-0f39d5ce5e70?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/simple-alert-boxes/trunk/plugin.php#L71",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/simple-alert-boxes/trunk/plugin.php#L71"
}
]
},
"credits": [
{
"lang": "en",
"value": "Francesco Carlucci"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
}
]
}

80
2024/5xxx/CVE-2024-5992.json
View File

@ -1,17 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5992",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Cliengo \u2013 Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_chatbot_token' and 'update_chatbot_position' functions in all versions up to, and including, 3.0.1. This makes it possible for unauthenticated attackers to change chatbot settings, which can lead to unavailability or other changes to the chatbot."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "cliengo",
"product": {
"product_data": [
{
"product_name": "Cliengo \u2013 Chatbot",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "3.0.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a7f0afe8-234a-4c3f-87c8-f3f23ac94fe3?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a7f0afe8-234a-4c3f-87c8-f3f23ac94fe3?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/cliengo/trunk/admin/class-cliengo-form.php#L80",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/cliengo/trunk/admin/class-cliengo-form.php#L80"
},
{
"url": "https://plugins.trac.wordpress.org/browser/cliengo/trunk/admin/class-cliengo-form.php#L99",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/cliengo/trunk/admin/class-cliengo-form.php#L99"
}
]
},
"credits": [
{
"lang": "en",
"value": "Lucio S\u00e1"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
}
]
}

75
2024/5xxx/CVE-2024-5993.json
View File

@ -1,17 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5993",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Cliengo \u2013 Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_session' function in all versions up to, and including, 3.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the session token of the chatbot."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "cliengo",
"product": {
"product_data": [
{
"product_name": "Cliengo \u2013 Chatbot",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "3.0.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0a13e87d-51cd-43b0-a658-900a174738fc?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0a13e87d-51cd-43b0-a658-900a174738fc?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/cliengo/trunk/admin/class-cliengo-form.php#L109",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/cliengo/trunk/admin/class-cliengo-form.php#L109"
}
]
},
"credits": [
{
"lang": "en",
"value": "Lucio S\u00e1"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
}
]
}

85
2024/6xxx/CVE-2024-6069.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6069",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Registration Forms \u2013 User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation/deactivation due to missing capability checks on the pieregister_install_addon, pieregister_activate_addon and pieregister_deactivate_addon functions in all versions up to, and including, 3.8.3.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install, activate and deactivate arbitrary plugins. As a result attackers might achieve code execution on the targeted server"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "genetechproducts",
"product": {
"product_data": [
{
"product_name": "Registration Forms \u2013 User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "3.8.3.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b946ee73-4cf9-48c8-b456-285b118c6b05?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b946ee73-4cf9-48c8-b456-285b118c6b05?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/pie-register/tags/3.8.3.4/pie-register.php#L794",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/pie-register/tags/3.8.3.4/pie-register.php#L794"
},
{
"url": "https://plugins.trac.wordpress.org/browser/pie-register/tags/3.8.3.4/pie-register.php#L727",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/pie-register/tags/3.8.3.4/pie-register.php#L727"
},
{
"url": "https://plugins.trac.wordpress.org/browser/pie-register/tags/3.8.3.4/pie-register.php#L761",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/pie-register/tags/3.8.3.4/pie-register.php#L761"
}
]
},
"credits": [
{
"lang": "en",
"value": "Lucio S\u00e1"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}

75
2024/6xxx/CVE-2024-6167.json
View File

@ -1,17 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6167",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Just Custom Fields plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several AJAX functions in all versions up to, and including, 3.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to invoke this functionality intended for admin users. This enables subscribers to manage field groups, change visibility of items among other things."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "aprokopenko",
"product": {
"product_data": [
{
"product_name": "Just Custom Fields",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "3.3.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/14d71220-be60-498d-92ca-055f1c237060?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/14d71220-be60-498d-92ca-055f1c237060?source=cve"
},
{
"url": "https://wordpress.org/plugins/just-custom-fields",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/just-custom-fields"
}
]
},
"credits": [
{
"lang": "en",
"value": "Francesco Carlucci"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
}
]
}

75
2024/6xxx/CVE-2024-6168.json
View File

@ -1,17 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6168",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Just Custom Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.2. This is due to missing or incorrect nonce validation on several AJAX function. This makes it possible for unauthenticated attackers to invoke this functionality intended for admin users via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This enables subscribers to manage field groups, change visibility of items among other things."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "aprokopenko",
"product": {
"product_data": [
{
"product_name": "Just Custom Fields",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "3.3.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9d98946e-864f-434e-8f45-85d663bbefee?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9d98946e-864f-434e-8f45-85d663bbefee?source=cve"
},
{
"url": "https://wordpress.org/plugins/just-custom-fields",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/just-custom-fields"
}
]
},
"credits": [
{
"lang": "en",
"value": "Francesco Carlucci"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
}
]
}