From 1182c3244d4586d30501dc052cb7ff14dec2a32d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 1 Feb 2025 13:00:32 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/13xxx/CVE-2024-13612.json | 91 +++++++++++++++++++++++++++-- 2024/13xxx/CVE-2024-13775.json | 76 ++++++++++++++++++++++-- 2025/0xxx/CVE-2025-0944.json | 103 +++++++++++++++++++++++++++++++-- 3 files changed, 258 insertions(+), 12 deletions(-) diff --git a/2024/13xxx/CVE-2024-13612.json b/2024/13xxx/CVE-2024-13612.json index 4a3782c307b..0403a4f2549 100644 --- a/2024/13xxx/CVE-2024-13612.json +++ b/2024/13xxx/CVE-2024-13612.json @@ -1,17 +1,100 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-13612", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Better Messages \u2013 Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'better_messages_live_chat_button' shortcode in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "wordplus", + "product": { + "product_data": [ + { + "product_name": "Better Messages \u2013 Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "2.6.9" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/169a857f-1ae0-40f6-8a34-10c573af59c5?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/169a857f-1ae0-40f6-8a34-10c573af59c5?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/bp-better-messages/trunk/inc/shortcodes.php#L84", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/bp-better-messages/trunk/inc/shortcodes.php#L84" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/bp-better-messages/trunk/inc/shortcodes.php#L125", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/bp-better-messages/trunk/inc/shortcodes.php#L125" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/bp-better-messages/trunk/inc/shortcodes.php#L127", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/bp-better-messages/trunk/inc/shortcodes.php#L127" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3228965/", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/3228965/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Bassem Essam" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/13xxx/CVE-2024-13775.json b/2024/13xxx/CVE-2024-13775.json index 5d36a2883f6..94be9fc11d0 100644 --- a/2024/13xxx/CVE-2024-13775.json +++ b/2024/13xxx/CVE-2024-13775.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-13775", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WooCommerce Support Ticket System plugin for WordPress is vulnerable to unauthorized access and loss of data due to missing capability checks on the 'ajax_delete_message', 'ajax_get_customers_partial_list', and 'ajax_get_admins_list' functions in all versions up to, and including, 17.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary posts, and read names, emails, and capabilities of all users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "vanquish", + "product": { + "product_data": [ + { + "product_name": "WooCommerce Support Ticket System", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "17.8" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/72dc919a-c13d-49b4-927d-a0bb837b63dd?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/72dc919a-c13d-49b4-927d-a0bb837b63dd?source=cve" + }, + { + "url": "https://codecanyon.net/item/woocommerce-support-ticket-system/17930050#item-description__change-log", + "refsource": "MISC", + "name": "https://codecanyon.net/item/woocommerce-support-ticket-system/17930050#item-description__change-log" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Lucio S\u00e1" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2025/0xxx/CVE-2025-0944.json b/2025/0xxx/CVE-2025-0944.json index 24d66ddc413..5dc3526fb0d 100644 --- a/2025/0xxx/CVE-2025-0944.json +++ b/2025/0xxx/CVE-2025-0944.json @@ -1,17 +1,112 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-0944", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file customerview.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in itsourcecode Tailoring Management System 1.0 ausgemacht. Sie wurde als kritisch eingestuft. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei customerview.php. Mittels dem Manipulieren des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection", + "cweId": "CWE-89" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Injection", + "cweId": "CWE-74" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "itsourcecode", + "product": { + "product_data": [ + { + "product_name": "Tailoring Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.294299", + "refsource": "MISC", + "name": "https://vuldb.com/?id.294299" + }, + { + "url": "https://vuldb.com/?ctiid.294299", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.294299" + }, + { + "url": "https://github.com/magic2353112890/cve/issues/7", + "refsource": "MISC", + "name": "https://github.com/magic2353112890/cve/issues/7" + }, + { + "url": "https://itsourcecode.com/", + "refsource": "MISC", + "name": "https://itsourcecode.com/" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] }