diff --git a/2022/48xxx/CVE-2022-48554.json b/2022/48xxx/CVE-2022-48554.json index 3acd940e74a..af969276937 100644 --- a/2022/48xxx/CVE-2022-48554.json +++ b/2022/48xxx/CVE-2022-48554.json @@ -86,6 +86,11 @@ "refsource": "CONFIRM", "name": "https://support.apple.com/kb/HT214086", "url": "https://support.apple.com/kb/HT214086" + }, + { + "refsource": "FULLDISC", + "name": "20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4", + "url": "http://seclists.org/fulldisclosure/2024/Mar/21" } ] } diff --git a/2023/42xxx/CVE-2023-42853.json b/2023/42xxx/CVE-2023-42853.json index 0fdf4f910f5..e5203acfe56 100644 --- a/2023/42xxx/CVE-2023-42853.json +++ b/2023/42xxx/CVE-2023-42853.json @@ -73,6 +73,11 @@ "url": "https://support.apple.com/kb/HT214084", "refsource": "MISC", "name": "https://support.apple.com/kb/HT214084" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/21" } ] } diff --git a/2023/48xxx/CVE-2023-48795.json b/2023/48xxx/CVE-2023-48795.json index bbde590db79..7f7477bbb2d 100644 --- a/2023/48xxx/CVE-2023-48795.json +++ b/2023/48xxx/CVE-2023-48795.json @@ -621,6 +621,11 @@ "refsource": "CONFIRM", "name": "https://support.apple.com/kb/HT214084", "url": "https://support.apple.com/kb/HT214084" + }, + { + "refsource": "FULLDISC", + "name": "20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4", + "url": "http://seclists.org/fulldisclosure/2024/Mar/21" } ] } diff --git a/2023/5xxx/CVE-2023-5663.json b/2023/5xxx/CVE-2023-5663.json index 5eaa398831f..fa59c4f587b 100644 --- a/2023/5xxx/CVE-2023-5663.json +++ b/2023/5xxx/CVE-2023-5663.json @@ -1,17 +1,89 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-5663", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The News Announcement Scroll plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 9.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "storeapps", + "product": { + "product_data": [ + { + "product_name": "News Announcement Scroll", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "9.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b29113d6-7a9a-4e10-a446-147ec146ac93?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b29113d6-7a9a-4e10-a446-147ec146ac93?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/news-announcement-scroll/tags/9.0.0/news-announcement-scroll.php#L261", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/news-announcement-scroll/tags/9.0.0/news-announcement-scroll.php#L261" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/2987837/news-announcement-scroll#file2", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/2987837/news-announcement-scroll#file2" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Istv\u00e1n M\u00e1rton" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH" } ] } diff --git a/2023/6xxx/CVE-2023-6785.json b/2023/6xxx/CVE-2023-6785.json index de6b71f993d..b72864453c6 100644 --- a/2023/6xxx/CVE-2023-6785.json +++ b/2023/6xxx/CVE-2023-6785.json @@ -1,17 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6785", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Download Manager plugin for WordPress is vulnerable to unauthorized file download of files added via the plugin in all versions up to, and including, 3.2.84. This makes it possible for unauthenticated attackers to download files added with the plugin (even when privately published)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Control" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "codename065", + "product": { + "product_data": [ + { + "product_name": "Download Manager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "3.2.84" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7b3608ca-8ed6-46ff-8e57-d8b68f91b9f2?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7b3608ca-8ed6-46ff-8e57-d8b68f91b9f2?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3038209%40download-manager%2Ftrunk&old=3022104%40download-manager%2Ftrunk&sfp_email=&sfph_mail=", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3038209%40download-manager%2Ftrunk&old=3022104%40download-manager%2Ftrunk&sfp_email=&sfph_mail=" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "wesley" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/6xxx/CVE-2023-6809.json b/2023/6xxx/CVE-2023-6809.json index 6687b444386..73bea8036bb 100644 --- a/2023/6xxx/CVE-2023-6809.json +++ b/2023/6xxx/CVE-2023-6809.json @@ -1,17 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6809", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Custom fields shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cf shortcode in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping on user supplied custom post meta values. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "gonahkar", + "product": { + "product_data": [ + { + "product_name": "Custom fields shortcode", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/99d3d5aa-dd82-415a-bc40-9d2c677d9248?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/99d3d5aa-dd82-415a-bc40-9d2c677d9248?source=cve" + }, + { + "url": "https://wordpress.org/plugins/beepress/", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/beepress/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Francesco Carlucci" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/6xxx/CVE-2023-6825.json b/2023/6xxx/CVE-2023-6825.json index 2f884a8155e..f0506a097fc 100644 --- a/2023/6xxx/CVE-2023-6825.json +++ b/2023/6xxx/CVE-2023-6825.json @@ -1,17 +1,108 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6825", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The File Manager and File Manager Pro plugins for WordPress are vulnerable to Directory Traversal in versions up to, and including version 7.2.1 (free version) and 8.3.4 (Pro version) via the target parameter in the mk_file_folder_manager_action_callback_shortcode function. This makes it possible for attackers to read the contents of arbitrary files on the server, which can contain sensitive information and to upload files into directories other than the intended directory for file uploads. The free version requires Administrator access for this vulnerability to be exploitable. The Pro version allows a file manager to be embedded via a shortcode and also allows admins to grant file handling privileges to other user levels, which could lead to this vulnerability being exploited by lower-level users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-23 Relative Path Traversal" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "mndpsingh287", + "product": { + "product_data": [ + { + "product_name": "File Manager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "7.2.1" + } + ] + } + } + ] + } + }, + { + "vendor_name": "File Manager", + "product": { + "product_data": [ + { + "product_name": "File Manager Pro", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "8.3.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/93f377a1-2c33-4dd7-8fd6-190d9148e804?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/93f377a1-2c33-4dd7-8fd6-190d9148e804?source=cve" + }, + { + "url": "https://github.com/Studio-42/elFinder/blob/master/php/elFinderVolumeDriver.class.php#L6784", + "refsource": "MISC", + "name": "https://github.com/Studio-42/elFinder/blob/master/php/elFinderVolumeDriver.class.php#L6784" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3023403%40wp-file-manager%2Ftrunk&old=2984933%40wp-file-manager%2Ftrunk&sfp_email=&sfph_mail=", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3023403%40wp-file-manager%2Ftrunk&old=2984933%40wp-file-manager%2Ftrunk&sfp_email=&sfph_mail=" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Tobias Wei\u00dfhaar" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 9.9, + "baseSeverity": "CRITICAL" } ] } diff --git a/2023/6xxx/CVE-2023-6880.json b/2023/6xxx/CVE-2023-6880.json index 37bde682f1b..1ab4bcb0e36 100644 --- a/2023/6xxx/CVE-2023-6880.json +++ b/2023/6xxx/CVE-2023-6880.json @@ -1,17 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6880", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom fields in all versions up to, and including, 45.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "visualcomposer", + "product": { + "product_data": [ + { + "product_name": "Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "45.6.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/622b9b46-774d-4251-9a79-73e5b398de57?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/622b9b46-774d-4251-9a79-73e5b398de57?source=cve" + }, + { + "url": "https://help.visualcomposer.com/release-notes/", + "refsource": "MISC", + "name": "https://help.visualcomposer.com/release-notes/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Francesco Carlucci" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/6xxx/CVE-2023-6954.json b/2023/6xxx/CVE-2023-6954.json index 230f633296e..a172525d06e 100644 --- a/2023/6xxx/CVE-2023-6954.json +++ b/2023/6xxx/CVE-2023-6954.json @@ -1,17 +1,99 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6954", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.2.85 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "codename065", + "product": { + "product_data": [ + { + "product_name": "Download Manager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "3.2.85" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5cdd64a4-040b-4dc9-a8df-dbecfeb928c8?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5cdd64a4-040b-4dc9-a8df-dbecfeb928c8?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.2.83/src/Category/Shortcodes.php#L14", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.2.83/src/Category/Shortcodes.php#L14" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.2.83/src/Package/Shortcodes.php#L106", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.2.83/src/Package/Shortcodes.php#L106" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.2.83/src/Package/views/packages-shortcode.php", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.2.83/src/Package/views/packages-shortcode.php" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.2.83/src/Package/views/packages-shortcode-toolbar.php", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.2.83/src/Package/views/packages-shortcode-toolbar.php" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Richard Telleng" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/6xxx/CVE-2023-6957.json b/2023/6xxx/CVE-2023-6957.json index 132e783628c..d63a4ac0389 100644 --- a/2023/6xxx/CVE-2023-6957.json +++ b/2023/6xxx/CVE-2023-6957.json @@ -1,17 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6957", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Fluent Forms plugin for WordPress by Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.9 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The exploitation level depends on who is granted the right to create forms by an administrator. This level can be as low as contributor, but by default is admin." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "techjewel", + "product": { + "product_data": [ + { + "product_name": "Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "5.1.9" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f4050403-6b8c-4023-b170-39f3cb68583e?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f4050403-6b8c-4023-b170-39f3cb68583e?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3041316%40fluentform%2Ftrunk&old=3025740%40fluentform%2Ftrunk&sfp_email=&sfph_mail=", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3041316%40fluentform%2Ftrunk&old=3025740%40fluentform%2Ftrunk&sfp_email=&sfph_mail=" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Pedro Paniago" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/6xxx/CVE-2023-6969.json b/2023/6xxx/CVE-2023-6969.json index 1c99e28bd05..71814c59dd0 100644 --- a/2023/6xxx/CVE-2023-6969.json +++ b/2023/6xxx/CVE-2023-6969.json @@ -1,17 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6969", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The User Shortcodes Plus plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the user_meta shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with contributor-level access and above, to retrieve potentially sensitive user meta." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-639 Authorization Bypass Through User-Controlled Key" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "kbjohnson90", + "product": { + "product_data": [ + { + "product_name": "User Shortcodes Plus", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "2.0.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/76a0a87a-dff0-4a51-bad0-8868c342ecde?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/76a0a87a-dff0-4a51-bad0-8868c342ecde?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/user-shortcodes-plus/trunk/includes/Shortcodes/UserMeta.php", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/user-shortcodes-plus/trunk/includes/Shortcodes/UserMeta.php" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Francesco Carlucci" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/7xxx/CVE-2023-7015.json b/2023/7xxx/CVE-2023-7015.json index 406e6c34c3e..766a9e3ea2b 100644 --- a/2023/7xxx/CVE-2023-7015.json +++ b/2023/7xxx/CVE-2023-7015.json @@ -1,17 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-7015", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The File Manager Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tb' parameter in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "File Manager", + "product": { + "product_data": [ + { + "product_name": "File Manager Pro", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "8.3.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/94750424-bb52-4236-962e-aa8cbdeb1459?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/94750424-bb52-4236-962e-aa8cbdeb1459?source=cve" + }, + { + "url": "https://filemanagerpro.io/changelog/", + "refsource": "MISC", + "name": "https://filemanagerpro.io/changelog/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Tobias Wei\u00dfhaar" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/7xxx/CVE-2023-7192.json b/2023/7xxx/CVE-2023-7192.json index 553cff015b8..8a61cc24d57 100644 --- a/2023/7xxx/CVE-2023-7192.json +++ b/2023/7xxx/CVE-2023-7192.json @@ -98,6 +98,20 @@ ], "defaultStatus": "affected" } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:5.14.0-70.93.1.rt21.165.el9_0", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } } ] } @@ -270,6 +284,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2024:1250" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:1306", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:1306" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-7192", "refsource": "MISC", diff --git a/2024/0xxx/CVE-2024-0326.json b/2024/0xxx/CVE-2024-0326.json index 214cd8e530a..a966ce1b7ba 100644 --- a/2024/0xxx/CVE-2024-0326.json +++ b/2024/0xxx/CVE-2024-0326.json @@ -1,17 +1,99 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-0326", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Link Wrapper functionality in all versions up to, and including, 4.10.17 due to insufficient input sanitization and output escaping on user supplied links. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "leap13", + "product": { + "product_data": [ + { + "product_name": "Premium Addons for Elementor", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "4.0.17" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/22ba0eaf-f514-420a-9680-8126f6dcdde9?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/22ba0eaf-f514-420a-9680-8126f6dcdde9?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/trunk/modules/premium-wrapper-link/module.php#L173", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/trunk/modules/premium-wrapper-link/module.php#L173" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/trunk/includes/class-premium-template-tags.php#L1638", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/trunk/includes/class-premium-template-tags.php#L1638" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/trunk/widgets/premium-button.php#L1709", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/trunk/widgets/premium-button.php#L1709" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3022824/premium-addons-for-elementor/trunk/modules/premium-wrapper-link/module.php", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/3022824/premium-addons-for-elementor/trunk/modules/premium-wrapper-link/module.php" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Craig Smith" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/0xxx/CVE-2024-0368.json b/2024/0xxx/CVE-2024-0368.json index 1a70b5c981d..6b344fc153b 100644 --- a/2024/0xxx/CVE-2024-0368.json +++ b/2024/0xxx/CVE-2024-0368.json @@ -1,17 +1,99 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-0368", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Hustle \u2013 Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.8.3 via hardcoded API Keys. This makes it possible for unauthenticated attackers to extract sensitive data including PII." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-522 Insufficiently Protected Credentials" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "wpmudev", + "product": { + "product_data": [ + { + "product_name": "Hustle \u2013 Email Marketing, Lead Generation, Optins, Popups", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "7.8.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e6d40b41-540d-476d-afde-970845543933?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e6d40b41-540d-476d-afde-970845543933?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/wordpress-popup/trunk/inc/providers/hubspot/hustle-hubspot-api.php#L13", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/wordpress-popup/trunk/inc/providers/hubspot/hustle-hubspot-api.php#L13" + }, + { + "url": "https://developers.hubspot.com/docs/api/webhooks#scopes", + "refsource": "MISC", + "name": "https://developers.hubspot.com/docs/api/webhooks#scopes" + }, + { + "url": "https://developers.hubspot.com/docs/api/webhooks#manage-settings-via-api", + "refsource": "MISC", + "name": "https://developers.hubspot.com/docs/api/webhooks#manage-settings-via-api" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3047775/wordpress-popup/trunk/inc/providers/hubspot/hustle-hubspot-api.php?old=3025070&old_path=wordpress-popup/tags/7.8.3/inc/providers/hubspot/hustle-hubspot-api.php", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/3047775/wordpress-popup/trunk/inc/providers/hubspot/hustle-hubspot-api.php?old=3025070&old_path=wordpress-popup/tags/7.8.3/inc/providers/hubspot/hustle-hubspot-api.php" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Sean Murphy" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", + "baseScore": 8.6, + "baseSeverity": "HIGH" } ] } diff --git a/2024/0xxx/CVE-2024-0369.json b/2024/0xxx/CVE-2024-0369.json index 3470fd53c56..b9517e30c8d 100644 --- a/2024/0xxx/CVE-2024-0369.json +++ b/2024/0xxx/CVE-2024-0369.json @@ -1,17 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-0369", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Bulk Edit Post Titles plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bulkUpdatePostTitles function in all versions up to, and including, 5.0.0. This makes it possible for authenticated attackers, with subscriber access and above, to modify the titles of arbitrary posts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Control" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "pawaryogesh1989", + "product": { + "product_data": [ + { + "product_name": "Bulk Edit Post Titles", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "5.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cad19306-6eef-4f80-9442-e7b314b3a873?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cad19306-6eef-4f80-9442-e7b314b3a873?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/bulk-edit-post-titles/trunk/classes/class.bulk.titles.php#L130", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/bulk-edit-post-titles/trunk/classes/class.bulk.titles.php#L130" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Francesco Carlucci" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/0xxx/CVE-2024-0377.json b/2024/0xxx/CVE-2024-0377.json index 6b2ff183977..0f7ac443f27 100644 --- a/2024/0xxx/CVE-2024-0377.json +++ b/2024/0xxx/CVE-2024-0377.json @@ -1,17 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-0377", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The LifterLMS \u2013 WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_review' function in all versions up to, and including, 7.5.1. This makes it possible for unauthenticated attackers to publish an unrestricted number of reviews on the site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Control" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "chrisbadgett", + "product": { + "product_data": [ + { + "product_name": "LifterLMS \u2013 WordPress LMS Plugin for eLearning", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "7.5.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d1f41400-5c59-444d-9c1e-121e83449521?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d1f41400-5c59-444d-9c1e-121e83449521?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3036762/lifterlms/tags/7.5.2/includes/class.llms.review.php?old=2903997&old_path=lifterlms/trunk/includes/class.llms.review.php", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/3036762/lifterlms/tags/7.5.2/includes/class.llms.review.php?old=2903997&old_path=lifterlms/trunk/includes/class.llms.review.php" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Francesco Carlucci" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/0xxx/CVE-2024-0385.json b/2024/0xxx/CVE-2024-0385.json index 0e51369b38a..47b8c43173e 100644 --- a/2024/0xxx/CVE-2024-0385.json +++ b/2024/0xxx/CVE-2024-0385.json @@ -1,17 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-0385", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxAddCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to add categories." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "frenify", + "product": { + "product_data": [ + { + "product_name": "Categorify \u2013 WordPress Media Library Category & File Manager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.0.7.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1c7c74cf-a109-4f77-a740-5a43ccd4e96a?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1c7c74cf-a109-4f77-a740-5a43ccd4e96a?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3034410/categorify", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/3034410/categorify" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Francesco Carlucci" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/0xxx/CVE-2024-0447.json b/2024/0xxx/CVE-2024-0447.json index 2cbc22d208a..8a0a8683930 100644 --- a/2024/0xxx/CVE-2024-0447.json +++ b/2024/0xxx/CVE-2024-0447.json @@ -1,17 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-0447", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The ArtiBot Free Chat Bot for WordPress WebSites plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the artibot_update function in all versions up to, and including, 1.1.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to update plugin settings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "artibot", + "product": { + "product_data": [ + { + "product_name": "ArtiBot Free Chat Bot for WordPress WebSites", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.1.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/848f36de-c62a-45ee-b259-46dab73e4439?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/848f36de-c62a-45ee-b259-46dab73e4439?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/artibot/trunk/artibot.php#L60", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/artibot/trunk/artibot.php#L60" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Francesco Carlucci" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", + "baseScore": 5, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/0xxx/CVE-2024-0449.json b/2024/0xxx/CVE-2024-0449.json index dffc5a62418..e4752bb15ad 100644 --- a/2024/0xxx/CVE-2024-0449.json +++ b/2024/0xxx/CVE-2024-0449.json @@ -1,17 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-0449", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The ArtiBot Free Chat Bot for WordPress WebSites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "artibot", + "product": { + "product_data": [ + { + "product_name": "ArtiBot Free Chat Bot for WordPress WebSites", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.1.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/450d0748-93d6-448a-97a2-06fc2f8065b3?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/450d0748-93d6-448a-97a2-06fc2f8065b3?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/artibot/trunk/artibot.php#L52", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/artibot/trunk/artibot.php#L52" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Francesco Carlucci" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/0xxx/CVE-2024-0591.json b/2024/0xxx/CVE-2024-0591.json index d3cdb5c8284..1fb2c51d374 100644 --- a/2024/0xxx/CVE-2024-0591.json +++ b/2024/0xxx/CVE-2024-0591.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-0591", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The wpDataTables \u2013 WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'A' parameter in all versions up to, and including, 3.4.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "wpdatatables", + "product": { + "product_data": [ + { + "product_name": "wpDataTables \u2013 WordPress Data Table, Dynamic Tables & Table Charts Plugin", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "3.4.2.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5a679863-3c22-4d34-9994-1f8ec121ad86?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5a679863-3c22-4d34-9994-1f8ec121ad86?source=cve" + }, + { + "url": "https://plugins.svn.wordpress.org/wpdatatables/trunk/lib/phpoffice/phpspreadsheet/", + "refsource": "MISC", + "name": "https://plugins.svn.wordpress.org/wpdatatables/trunk/lib/phpoffice/phpspreadsheet/" + }, + { + "url": "https://plugins.svn.wordpress.org/wpdatatables/trunk/lib/phpoffice/phpspreadsheet/samples/Basic/45_Quadratic_equation_solver.php", + "refsource": "MISC", + "name": "https://plugins.svn.wordpress.org/wpdatatables/trunk/lib/phpoffice/phpspreadsheet/samples/Basic/45_Quadratic_equation_solver.php" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3037741%40wpdatatables&new=3037741%40wpdatatables&sfp_email=&sfph_mail=", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3037741%40wpdatatables&new=3037741%40wpdatatables&sfp_email=&sfph_mail=" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Matthew Rollings" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/0xxx/CVE-2024-0592.json b/2024/0xxx/CVE-2024-0592.json index 4c779f4a53e..c4f168bc6ae 100644 --- a/2024/0xxx/CVE-2024-0592.json +++ b/2024/0xxx/CVE-2024-0592.json @@ -1,17 +1,89 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-0592", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Related Posts for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the handle_create_link() function. This makes it possible for unauthenticated attackers to add related posts to other posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This ultimately makes it possible for attackers to view draft and password protected posts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "barrykooij", + "product": { + "product_data": [ + { + "product_name": "Related Posts for WordPress", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "2.2.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5d21aad7-dbee-4204-afbd-0a5fdeaca50e?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5d21aad7-dbee-4204-afbd-0a5fdeaca50e?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/related-posts-for-wp/trunk/classes/hooks/class-hook-link-related-screen.php#L70", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/related-posts-for-wp/trunk/classes/hooks/class-hook-link-related-screen.php#L70" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3049719/related-posts-for-wp/tags/2.2.2/classes/hooks/class-hook-link-related-screen.php", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/3049719/related-posts-for-wp/tags/2.2.2/classes/hooks/class-hook-link-related-screen.php" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Krzysztof Zaj\u0105c" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/0xxx/CVE-2024-0614.json b/2024/0xxx/CVE-2024-0614.json index 5f31073fda0..c5ace476ba9 100644 --- a/2024/0xxx/CVE-2024-0614.json +++ b/2024/0xxx/CVE-2024-0614.json @@ -1,17 +1,89 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-0614", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Events Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.4.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "netweblogic", + "product": { + "product_data": [ + { + "product_name": "Events Manager \u2013 Calendar, Bookings, Tickets, and more!", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "6.4.6.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6288fddf-926f-4506-94de-696e0a23766d?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6288fddf-926f-4506-94de-696e0a23766d?source=cve" + }, + { + "url": "https://advisory.abay.sh/cve-2024-0614", + "refsource": "MISC", + "name": "https://advisory.abay.sh/cve-2024-0614" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3042128/events-manager/trunk/admin/em-options.php?old=2769385&old_path=events-manager/trunk/admin/em-options.php", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/3042128/events-manager/trunk/admin/em-options.php?old=2769385&old_path=events-manager/trunk/admin/em-options.php" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Akbar Kustirama" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/0xxx/CVE-2024-0631.json b/2024/0xxx/CVE-2024-0631.json index d4db8b5b9ca..137aa777de4 100644 --- a/2024/0xxx/CVE-2024-0631.json +++ b/2024/0xxx/CVE-2024-0631.json @@ -1,17 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-0631", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Duitku Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the check_duitku_response function in all versions up to, and including, 2.11.4. This makes it possible for unauthenticated attackers to change the payment status of orders to failed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Control" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "rayhanduitku", + "product": { + "product_data": [ + { + "product_name": "Duitku Payment Gateway", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "2.11.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a33de35f-1c9d-4fc9-9be8-0a1c7d9352ec?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a33de35f-1c9d-4fc9-9be8-0a1c7d9352ec?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/duitku-social-payment-gateway/trunk/woocommerce-gateway-duitku.php#L409", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/duitku-social-payment-gateway/trunk/woocommerce-gateway-duitku.php#L409" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Francesco Carlucci" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/0xxx/CVE-2024-0646.json b/2024/0xxx/CVE-2024-0646.json index 729d79821bb..72cc573a4ae 100644 --- a/2024/0xxx/CVE-2024-0646.json +++ b/2024/0xxx/CVE-2024-0646.json @@ -179,6 +179,12 @@ ], "defaultStatus": "affected" } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } } ] } @@ -275,6 +281,20 @@ "defaultStatus": "affected" } }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:5.14.0-70.93.1.rt21.165.el9_0", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, { "version_value": "not down converted", "x_cve_json_5_version_data": { @@ -476,6 +496,16 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2024:1269" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:1278", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:1278" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:1306", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:1306" + }, { "url": "https://access.redhat.com/security/cve/CVE-2024-0646", "refsource": "MISC", diff --git a/2024/0xxx/CVE-2024-0681.json b/2024/0xxx/CVE-2024-0681.json index 157a2408ff6..34b128288bc 100644 --- a/2024/0xxx/CVE-2024-0681.json +++ b/2024/0xxx/CVE-2024-0681.json @@ -1,17 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-0681", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Page Restriction WordPress (WP) \u2013 Protect WP Pages/Post plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.3.4. This is due to the plugin not properly restricting access to pages via the REST API when a page has been made private. This makes it possible for unauthenticated attackers to view protected pages. The vendor has decided that they will not implement REST API protection on posts and pages and the restrictions will only apply to the front-end of the site. The vendors solution was to add notices throughout the dashboard and recommends installing the WordPress REST API Authentication plugin for REST API coverage." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-693 Protection Mechanism Failure" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "cyberlord92", + "product": { + "product_data": [ + { + "product_name": "Page Restriction WordPress (WP) \u2013 Protect WP Pages/Post", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.3.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a3e33a5c-df7c-4ef5-a59c-1c31abcda6d1?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a3e33a5c-df7c-4ef5-a59c-1c31abcda6d1?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3034414%40page-and-post-restriction&new=3034414%40page-and-post-restriction&sfp_email=&sfph_mail=", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3034414%40page-and-post-restriction&new=3034414%40page-and-post-restriction&sfp_email=&sfph_mail=" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Francesco Carlucci" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/0xxx/CVE-2024-0683.json b/2024/0xxx/CVE-2024-0683.json index 491de436723..86bea7c1243 100644 --- a/2024/0xxx/CVE-2024-0683.json +++ b/2024/0xxx/CVE-2024-0683.json @@ -1,17 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-0683", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Bulgarisation for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions in all versions up to, and including, 3.0.14. This makes it possible for unauthenticated and authenticated attackers, with subscriber-level access and above, to generate and delete labels." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "autopolisbg", + "product": { + "product_data": [ + { + "product_name": "Bulgarisation for WooCommerce", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "3.0.14" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/be759c83-a9df-4858-a724-28006a595404?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/be759c83-a9df-4858-a724-28006a595404?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3034198%40bulgarisation-for-woocommerce&new=3034198%40bulgarisation-for-woocommerce&sfp_email=&sfph_mail=", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3034198%40bulgarisation-for-woocommerce&new=3034198%40bulgarisation-for-woocommerce&sfp_email=&sfph_mail=" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Francesco Carlucci" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH" } ] } diff --git a/2024/0xxx/CVE-2024-0687.json b/2024/0xxx/CVE-2024-0687.json index bf5296839e1..acf2553a3ad 100644 --- a/2024/0xxx/CVE-2024-0687.json +++ b/2024/0xxx/CVE-2024-0687.json @@ -1,17 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-0687", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Restrict User Access \u2013 Ultimate Membership & Content Protection plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5 via API. This makes it possible for unauthenticated attackers to obtain the contents of posts and pages via API." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Control" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "intoxstudio", + "product": { + "product_data": [ + { + "product_name": "Restrict User Access \u2013 Ultimate Membership & Content Protection", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "2.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f67684cd-3e0f-48bb-967a-16ea2b027843?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f67684cd-3e0f-48bb-967a-16ea2b027843?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3037773%40restrict-user-access%2Ftrunk&old=3010745%40restrict-user-access%2Ftrunk&sfp_email=&sfph_mail=", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3037773%40restrict-user-access%2Ftrunk&old=3010745%40restrict-user-access%2Ftrunk&sfp_email=&sfph_mail=" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Francesco Carlucci" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/0xxx/CVE-2024-0700.json b/2024/0xxx/CVE-2024-0700.json index bc5a3d7fc9b..1cbb84d4c3a 100644 --- a/2024/0xxx/CVE-2024-0700.json +++ b/2024/0xxx/CVE-2024-0700.json @@ -1,17 +1,89 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-0700", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Simple Tweet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Tweet this text value in all versions up to, and including, 1.4.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "wokamoto", + "product": { + "product_data": [ + { + "product_name": "Simple Tweet", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.4.0.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a5da021c-3835-4251-a3e5-3b5aaa11ea14?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a5da021c-3835-4251-a3e5-3b5aaa11ea14?source=cve" + }, + { + "url": "https://github.com/wTeBwAA/PoC-SimpleTweet/blob/main/POST-request", + "refsource": "MISC", + "name": "https://github.com/wTeBwAA/PoC-SimpleTweet/blob/main/POST-request" + }, + { + "url": "https://wordpress.org/plugins/simple-tweet/", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/simple-tweet/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Benachi" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/0xxx/CVE-2024-0827.json b/2024/0xxx/CVE-2024-0827.json index 6f20f277af0..41f65799689 100644 --- a/2024/0xxx/CVE-2024-0827.json +++ b/2024/0xxx/CVE-2024-0827.json @@ -1,17 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-0827", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Play.ht \u2013 Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.4. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to invoke those functions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "hammadh", + "product": { + "product_data": [ + { + "product_name": "Play.ht \u2013 Make Your Blog Posts Accessible With Text to Speech Audio", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "3.6.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/de112e5a-4b92-4389-8c6e-b2bfeb6f6cd4?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/de112e5a-4b92-4389-8c6e-b2bfeb6f6cd4?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/play-ht/trunk/includes/class-ajax-handler.php", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/play-ht/trunk/includes/class-ajax-handler.php" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Francesco Carlucci" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/0xxx/CVE-2024-0828.json b/2024/0xxx/CVE-2024-0828.json index c94e469c6a9..4b52f6965df 100644 --- a/2024/0xxx/CVE-2024-0828.json +++ b/2024/0xxx/CVE-2024-0828.json @@ -1,17 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-0828", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Play.ht \u2013 Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 3.6.4. This makes it possible for authenticated attackers, with subscriber access or higher, to delete, retrieve, or modify post metadata, retrieve posts contents of protected posts, modify conversion data and delete article audio." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "hammadh", + "product": { + "product_data": [ + { + "product_name": "Play.ht \u2013 Make Your Blog Posts Accessible With Text to Speech Audio", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "3.6.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5708a414-7cd8-4926-8871-3248ebf4c39d?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5708a414-7cd8-4926-8871-3248ebf4c39d?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/play-ht/trunk/includes/class-ajax-handler.php", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/play-ht/trunk/includes/class-ajax-handler.php" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Francesco Carlucci" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/0xxx/CVE-2024-0829.json b/2024/0xxx/CVE-2024-0829.json index 61e2207a5a2..a929a4e2631 100644 --- a/2024/0xxx/CVE-2024-0829.json +++ b/2024/0xxx/CVE-2024-0829.json @@ -1,17 +1,89 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-0829", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Comments Extra Fields For Post,Pages and CPT plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.0. This is due to missing or incorrect capability checks on several ajax actions. This makes it possible for authenticated attackers, with subscriber access or higher, to invoke those actions. As a result, they may modify comment form fields and update plugin settings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "nmedia", + "product": { + "product_data": [ + { + "product_name": "Comments Extra Fields For Post,Pages and CPT", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "5.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cc5754c2-a052-41ac-af19-7c4f55860f95?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cc5754c2-a052-41ac-af19-7c4f55860f95?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/wp-comment-fields/trunk/classes/admin.class.php", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/wp-comment-fields/trunk/classes/admin.class.php" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3040734%40wp-comment-fields%2Ftrunk&old=3039523%40wp-comment-fields%2Ftrunk&sfp_email=&sfph_mail=", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3040734%40wp-comment-fields%2Ftrunk&old=3039523%40wp-comment-fields%2Ftrunk&sfp_email=&sfph_mail=" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Francesco Carlucci" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/0xxx/CVE-2024-0830.json b/2024/0xxx/CVE-2024-0830.json index 94f2faab276..7f771e65d21 100644 --- a/2024/0xxx/CVE-2024-0830.json +++ b/2024/0xxx/CVE-2024-0830.json @@ -1,17 +1,89 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-0830", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Comments Extra Fields For Post,Pages and CPT plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0. This is due to missing or incorrect nonce validation on several ajax actions. This makes it possible for unauthenticated attackers to invoke those actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. As a result, they may modify comment form fields and update plugin settings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "nmedia", + "product": { + "product_data": [ + { + "product_name": "Comments Extra Fields For Post,Pages and CPT", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "5.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8ea53b11-37fa-4c45-a158-5a7709b842fc?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8ea53b11-37fa-4c45-a158-5a7709b842fc?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/wp-comment-fields/trunk/classes/admin.class.php", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/wp-comment-fields/trunk/classes/admin.class.php" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3040734%40wp-comment-fields%2Ftrunk&old=3039523%40wp-comment-fields%2Ftrunk&sfp_email=&sfph_mail=", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3040734%40wp-comment-fields%2Ftrunk&old=3039523%40wp-comment-fields%2Ftrunk&sfp_email=&sfph_mail=" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Francesco Carlucci" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/0xxx/CVE-2024-0839.json b/2024/0xxx/CVE-2024-0839.json index 23e81ae96bd..491a53df0f6 100644 --- a/2024/0xxx/CVE-2024-0839.json +++ b/2024/0xxx/CVE-2024-0839.json @@ -1,17 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-0839", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The FeedWordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2022.0222 due to missing validation on the user controlled 'guid' key. This makes it possible for unauthenticated attackers to view draft posts that may contain sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-639 Authorization Bypass Through User-Controlled Key" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "radgeek", + "product": { + "product_data": [ + { + "product_name": "FeedWordPress", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "2022.0222" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1ead46fd-5744-4fbb-9efd-980f9216abbc?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1ead46fd-5744-4fbb-9efd-980f9216abbc?source=cve" + }, + { + "url": "https://wordpress.org/plugins/feedwordpress/", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/feedwordpress/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Krzysztof Zaj\u0105c" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/0xxx/CVE-2024-0871.json b/2024/0xxx/CVE-2024-0871.json index e75c565f4ab..ab527f06e5e 100644 --- a/2024/0xxx/CVE-2024-0871.json +++ b/2024/0xxx/CVE-2024-0871.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-0871", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Icon Widget 'fl_builder_data[node_preview][link]' and 'fl_builder_data[settings][link_target]' parameters in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "justinbusa", + "product": { + "product_data": [ + { + "product_name": "Beaver Builder \u2013 WordPress Page Builder", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "2.7.4.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/26bfef74-214f-4257-afc7-730e82e80946?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/26bfef74-214f-4257-afc7-730e82e80946?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3032810/beaver-builder-lite-version", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/3032810/beaver-builder-lite-version" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "wesley" + }, + { + "lang": "en", + "value": "Nikolas Santos" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/0xxx/CVE-2024-0896.json b/2024/0xxx/CVE-2024-0896.json index 4ef1e0848db..a308c756250 100644 --- a/2024/0xxx/CVE-2024-0896.json +++ b/2024/0xxx/CVE-2024-0896.json @@ -1,17 +1,97 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-0896", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Beaver Builder \u2013 WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button link parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "justinbusa", + "product": { + "product_data": [ + { + "product_name": "Beaver Builder \u2013 WordPress Page Builder", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "2.7.4.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/96086886-72f4-4a62-8f31-fc20e5240ba4?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/96086886-72f4-4a62-8f31-fc20e5240ba4?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/beaver-builder-lite-version/tags/2.7.4.2/modules/button/includes/frontend.php#L13", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/beaver-builder-lite-version/tags/2.7.4.2/modules/button/includes/frontend.php#L13" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3032810%40beaver-builder-lite-version%2Ftrunk&old=3012562%40beaver-builder-lite-version%2Ftrunk&sfp_email=&sfph_mail=", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3032810%40beaver-builder-lite-version%2Ftrunk&old=3012562%40beaver-builder-lite-version%2Ftrunk&sfp_email=&sfph_mail=" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "wesley" + }, + { + "lang": "en", + "value": "Maxuel" + }, + { + "lang": "en", + "value": "Mdr001" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/0xxx/CVE-2024-0897.json b/2024/0xxx/CVE-2024-0897.json index f2fb3c63c64..6f91ed92da6 100644 --- a/2024/0xxx/CVE-2024-0897.json +++ b/2024/0xxx/CVE-2024-0897.json @@ -1,17 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-0897", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Beaver Builder \u2013 WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image URL parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "justinbusa", + "product": { + "product_data": [ + { + "product_name": "Beaver Builder \u2013 WordPress Page Builder", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "2.7.4.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/21d1feae-e70f-439d-8992-f136211fdde0?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/21d1feae-e70f-439d-8992-f136211fdde0?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3032810%40beaver-builder-lite-version%2Ftrunk&old=3012562%40beaver-builder-lite-version%2Ftrunk&sfp_email=&sfph_mail=", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3032810%40beaver-builder-lite-version%2Ftrunk&old=3012562%40beaver-builder-lite-version%2Ftrunk&sfp_email=&sfph_mail=" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Maxuel" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/0xxx/CVE-2024-0898.json b/2024/0xxx/CVE-2024-0898.json index eba9d127a19..80ce1a2ce82 100644 --- a/2024/0xxx/CVE-2024-0898.json +++ b/2024/0xxx/CVE-2024-0898.json @@ -1,17 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-0898", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Chat Bubble \u2013 Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "bluecoral", + "product": { + "product_data": [ + { + "product_name": "Chat Bubble \u2013 Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "2.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a56772fd-f77f-4ba5-b5c4-79ac8204b599?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a56772fd-f77f-4ba5-b5c4-79ac8204b599?source=cve" + }, + { + "url": "https://wordpress.org/plugins/chat-bubble/", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/chat-bubble/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Dikshita Trivedi" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/0xxx/CVE-2024-0976.json b/2024/0xxx/CVE-2024-0976.json index 331ce6fa954..f39f2fc2016 100644 --- a/2024/0xxx/CVE-2024-0976.json +++ b/2024/0xxx/CVE-2024-0976.json @@ -1,17 +1,89 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-0976", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WP Event Manager \u2013 Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the plugin parameter in all versions up to, and including, 3.1.41 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "wpeventmanager", + "product": { + "product_data": [ + { + "product_name": "WP Event Manager \u2013 Events Calendar, Registrations, Sell Tickets with WooCommerce", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "3.1.41" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4d7f4d17-8318-4ab3-b4a2-81d7a017c397?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4d7f4d17-8318-4ab3-b4a2-81d7a017c397?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/wp-event-manager/trunk/admin/wp-event-manager-shortcode-list.php#L32", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/wp-event-manager/trunk/admin/wp-event-manager-shortcode-list.php#L32" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3039683/wp-event-manager/trunk/admin/wp-event-manager-shortcode-list.php", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/3039683/wp-event-manager/trunk/admin/wp-event-manager-shortcode-list.php" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Maksim Kosenko" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/1xxx/CVE-2024-1038.json b/2024/1xxx/CVE-2024-1038.json index 7ce2d063b22..346f73d3345 100644 --- a/2024/1xxx/CVE-2024-1038.json +++ b/2024/1xxx/CVE-2024-1038.json @@ -1,17 +1,89 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-1038", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Beaver Builder \u2013 WordPress Page Builder plugin for WordPress is vulnerable to DOM-Based Reflected Cross-Site Scripting via a 'playground.wordpress.net' parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "justinbusa", + "product": { + "product_data": [ + { + "product_name": "Beaver Builder \u2013 WordPress Page Builder", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "2.7.4.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e2cc2776-9496-42b5-a242-c572ae5462fb?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e2cc2776-9496-42b5-a242-c572ae5462fb?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/beaver-builder-lite-version/tags/2.7.4.2/js/fl-builder.js#L1578", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/beaver-builder-lite-version/tags/2.7.4.2/js/fl-builder.js#L1578" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3032809/beaver-builder-lite-version/tags/2.7.4.3/js/fl-builder.js?old=3012561&old_path=beaver-builder-lite-version/tags/2.7.4.2/js/fl-builder.js", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/3032809/beaver-builder-lite-version/tags/2.7.4.3/js/fl-builder.js?old=3012561&old_path=beaver-builder-lite-version/tags/2.7.4.2/js/fl-builder.js" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "wesley" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/1xxx/CVE-2024-1071.json b/2024/1xxx/CVE-2024-1071.json index 46ffcc81a0b..e8d684479b6 100644 --- a/2024/1xxx/CVE-2024-1071.json +++ b/2024/1xxx/CVE-2024-1071.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-1071", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the 'sorting' parameter in versions 2.1.3 to 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ultimatemember", + "product": { + "product_data": [ + { + "product_name": "Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "2.1.3", + "version_value": "2.8.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/005fa621-3c49-4c23-add5-d6b7a9110055?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/005fa621-3c49-4c23-add5-d6b7a9110055?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.8.2/includes/core/class-member-directory-meta.php?rev=3022076", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.8.2/includes/core/class-member-directory-meta.php?rev=3022076" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.8.2/includes/core/class-member-directory-meta.php?rev=3022076#L666", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.8.2/includes/core/class-member-directory-meta.php?rev=3022076#L666" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.8.2/includes/core/class-member-directory-meta.php?rev=3022076#L858", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.8.2/includes/core/class-member-directory-meta.php?rev=3022076#L858" + }, + { + "url": "https://wordpress.org/plugins/ultimate-member/", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/ultimate-member/" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3038036/ultimate-member/trunk/includes/core/class-member-directory-meta.php", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/3038036/ultimate-member/trunk/includes/core/class-member-directory-meta.php" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Christiaan Swiers" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" } ] } diff --git a/2024/1xxx/CVE-2024-1074.json b/2024/1xxx/CVE-2024-1074.json index 8744a742c2b..dcfc78ca0cd 100644 --- a/2024/1xxx/CVE-2024-1074.json +++ b/2024/1xxx/CVE-2024-1074.json @@ -1,17 +1,89 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-1074", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Beaver Builder \u2013 WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the audio widget 'link_url' parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "justinbusa", + "product": { + "product_data": [ + { + "product_name": "Beaver Builder \u2013 WordPress Page Builder", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "2.7.4.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a49e4f5a-ac9d-4f9b-8de2-c7871da8de35?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a49e4f5a-ac9d-4f9b-8de2-c7871da8de35?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/beaver-builder-lite-version/tags/2.7.4.2/modules/audio/includes/frontend.php#L34", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/beaver-builder-lite-version/tags/2.7.4.2/modules/audio/includes/frontend.php#L34" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3032809/beaver-builder-lite-version/tags/2.7.4.3/modules/audio/includes/frontend.php?old=3012561&old_path=beaver-builder-lite-version/tags/2.7.4.2/modules/audio/includes/frontend.php", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/3032809/beaver-builder-lite-version/tags/2.7.4.3/modules/audio/includes/frontend.php?old=3012561&old_path=beaver-builder-lite-version/tags/2.7.4.2/modules/audio/includes/frontend.php" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Maxuel" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/1xxx/CVE-2024-1080.json b/2024/1xxx/CVE-2024-1080.json index caa9c4f2ffb..8e7d2c50f70 100644 --- a/2024/1xxx/CVE-2024-1080.json +++ b/2024/1xxx/CVE-2024-1080.json @@ -1,17 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-1080", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Beaver Builder \u2013 WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the via the heading tag in all versions up to, and including, 2.7.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "justinbusa", + "product": { + "product_data": [ + { + "product_name": "Beaver Builder \u2013 WordPress Page Builder", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "2.7.4.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d62d3ca5-5795-46ef-ad8c-4474ff1e504e?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d62d3ca5-5795-46ef-ad8c-4474ff1e504e?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/beaver-builder-lite-version/tags/2.7.4.2/modules/heading/includes/frontend.php#L1", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/beaver-builder-lite-version/tags/2.7.4.2/modules/heading/includes/frontend.php#L1" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Mdr001" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/1xxx/CVE-2024-1083.json b/2024/1xxx/CVE-2024-1083.json index 5b41844d7ff..404aba8a587 100644 --- a/2024/1xxx/CVE-2024-1083.json +++ b/2024/1xxx/CVE-2024-1083.json @@ -1,17 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-1083", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Simple Restrict plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.6 via the REST API. This makes it possible for authenticated attackers to bypass the plugin's restrictions to extract post titles and content" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Information Exposure" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "wpchill", + "product": { + "product_data": [ + { + "product_name": "Simple Restrict", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.2.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/65963ce0-6589-4753-837c-14ef37a1a9e3?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/65963ce0-6589-4753-837c-14ef37a1a9e3?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3035727%40simple-restrict&new=3035727%40simple-restrict&sfp_email=&sfph_mail=", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3035727%40simple-restrict&new=3035727%40simple-restrict&sfp_email=&sfph_mail=" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Francesco Carlucci" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/1xxx/CVE-2024-1126.json b/2024/1xxx/CVE-2024-1126.json index e123d871ab8..9153f3deab7 100644 --- a/2024/1xxx/CVE-2024-1126.json +++ b/2024/1xxx/CVE-2024-1126.json @@ -1,17 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-1126", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The EventPrime \u2013 Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_attendees_email_by_event_id() function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to to retrieve the attendees list for any event." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "metagauss", + "product": { + "product_data": [ + { + "product_name": "EventPrime \u2013 Events Calendar, Bookings and Tickets", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "3.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d266b6ee-24ec-4363-a986-5ccd4db5ae3c?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d266b6ee-24ec-4363-a986-5ccd4db5ae3c?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3033882%40eventprime-event-calendar-management&new=3033882%40eventprime-event-calendar-management&sfp_email=&sfph_mail=", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3033882%40eventprime-event-calendar-management&new=3033882%40eventprime-event-calendar-management&sfp_email=&sfph_mail=" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Lucio S\u00e1" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/1xxx/CVE-2024-1127.json b/2024/1xxx/CVE-2024-1127.json index 609e40f7a69..3dead7c0cd4 100644 --- a/2024/1xxx/CVE-2024-1127.json +++ b/2024/1xxx/CVE-2024-1127.json @@ -1,17 +1,89 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-1127", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The EventPrime \u2013 Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the booking_export_all() function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve all event booking which can contain PII." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "metagauss", + "product": { + "product_data": [ + { + "product_name": "EventPrime \u2013 Events Calendar, Bookings and Tickets", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "3.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/39da62be-e630-48cd-b732-80ed3d337638?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/39da62be-e630-48cd-b732-80ed3d337638?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/eventprime-event-calendar-management/trunk//includes/service/class-ep-ajax.php#L1994", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/eventprime-event-calendar-management/trunk//includes/service/class-ep-ajax.php#L1994" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3033882%40eventprime-event-calendar-management&new=3033882%40eventprime-event-calendar-management&sfp_email=&sfph_mail=", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3033882%40eventprime-event-calendar-management&new=3033882%40eventprime-event-calendar-management&sfp_email=&sfph_mail=" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Lucio S\u00e1" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/1xxx/CVE-2024-1158.json b/2024/1xxx/CVE-2024-1158.json index 8ce275f3b13..71095656331 100644 --- a/2024/1xxx/CVE-2024-1158.json +++ b/2024/1xxx/CVE-2024-1158.json @@ -1,17 +1,89 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-1158", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Post Form \u2013 Registration Form \u2013 Profile Form for User Profiles \u2013 Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the buddyforms_new_page function in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber access or higher, to create pages with arbitrary titles. These pages are published." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "svenl77", + "product": { + "product_data": [ + { + "product_name": "Post Form \u2013 Registration Form \u2013 Profile Form for User Profiles \u2013 Frontend Content Forms for User Submissions (UGC)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "2.8.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/198cb3bb-73fe-45ae-b8e0-b7ee8dda9547?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/198cb3bb-73fe-45ae-b8e0-b7ee8dda9547?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/buddyforms/trunk/includes/admin/admin-ajax.php?rev=2820257#L80", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/buddyforms/trunk/includes/admin/admin-ajax.php?rev=2820257#L80" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3046092%40buddyforms%2Ftrunk&old=3031945%40buddyforms%2Ftrunk&sfp_email=&sfph_mail=", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3046092%40buddyforms%2Ftrunk&old=3031945%40buddyforms%2Ftrunk&sfp_email=&sfph_mail=" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Lucio S\u00e1" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/23xxx/CVE-2024-23205.json b/2024/23xxx/CVE-2024-23205.json index e95e3bdf993..9a27312e3ba 100644 --- a/2024/23xxx/CVE-2024-23205.json +++ b/2024/23xxx/CVE-2024-23205.json @@ -75,6 +75,11 @@ "url": "https://support.apple.com/en-us/HT214084", "refsource": "MISC", "name": "https://support.apple.com/en-us/HT214084" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/21" } ] } diff --git a/2024/23xxx/CVE-2024-23216.json b/2024/23xxx/CVE-2024-23216.json index ca0b07a42fc..8e8c5eb35ad 100644 --- a/2024/23xxx/CVE-2024-23216.json +++ b/2024/23xxx/CVE-2024-23216.json @@ -73,16 +73,6 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/21", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/21" - }, - { - "url": "http://seclists.org/fulldisclosure/2024/Mar/22", - "refsource": "MISC", - "name": "http://seclists.org/fulldisclosure/2024/Mar/22" - }, - { - "url": "http://seclists.org/fulldisclosure/2024/Mar/23", - "refsource": "MISC", - "name": "http://seclists.org/fulldisclosure/2024/Mar/23" } ] } diff --git a/2024/23xxx/CVE-2024-23225.json b/2024/23xxx/CVE-2024-23225.json index f5688f12ebd..cecbc087928 100644 --- a/2024/23xxx/CVE-2024-23225.json +++ b/2024/23xxx/CVE-2024-23225.json @@ -103,6 +103,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/18", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/18" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/21" } ] } diff --git a/2024/23xxx/CVE-2024-23226.json b/2024/23xxx/CVE-2024-23226.json index 39290ba525c..7c0c2422f44 100644 --- a/2024/23xxx/CVE-2024-23226.json +++ b/2024/23xxx/CVE-2024-23226.json @@ -131,21 +131,6 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/21", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/21" - }, - { - "url": "http://seclists.org/fulldisclosure/2024/Mar/25", - "refsource": "MISC", - "name": "http://seclists.org/fulldisclosure/2024/Mar/25" - }, - { - "url": "http://seclists.org/fulldisclosure/2024/Mar/24", - "refsource": "MISC", - "name": "http://seclists.org/fulldisclosure/2024/Mar/24" - }, - { - "url": "http://seclists.org/fulldisclosure/2024/Mar/26", - "refsource": "MISC", - "name": "http://seclists.org/fulldisclosure/2024/Mar/26" } ] } diff --git a/2024/23xxx/CVE-2024-23227.json b/2024/23xxx/CVE-2024-23227.json index b8c8c10e4b4..8d7029466a3 100644 --- a/2024/23xxx/CVE-2024-23227.json +++ b/2024/23xxx/CVE-2024-23227.json @@ -73,16 +73,6 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/21", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/21" - }, - { - "url": "http://seclists.org/fulldisclosure/2024/Mar/22", - "refsource": "MISC", - "name": "http://seclists.org/fulldisclosure/2024/Mar/22" - }, - { - "url": "http://seclists.org/fulldisclosure/2024/Mar/23", - "refsource": "MISC", - "name": "http://seclists.org/fulldisclosure/2024/Mar/23" } ] } diff --git a/2024/23xxx/CVE-2024-23231.json b/2024/23xxx/CVE-2024-23231.json index e5633c09b47..6e18920ea01 100644 --- a/2024/23xxx/CVE-2024-23231.json +++ b/2024/23xxx/CVE-2024-23231.json @@ -107,6 +107,11 @@ "url": "https://support.apple.com/kb/HT214085", "refsource": "MISC", "name": "https://support.apple.com/kb/HT214085" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/21" } ] } diff --git a/2024/23xxx/CVE-2024-23234.json b/2024/23xxx/CVE-2024-23234.json index eed40619ad1..62454e69330 100644 --- a/2024/23xxx/CVE-2024-23234.json +++ b/2024/23xxx/CVE-2024-23234.json @@ -73,16 +73,6 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/21", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/21" - }, - { - "url": "http://seclists.org/fulldisclosure/2024/Mar/22", - "refsource": "MISC", - "name": "http://seclists.org/fulldisclosure/2024/Mar/22" - }, - { - "url": "http://seclists.org/fulldisclosure/2024/Mar/23", - "refsource": "MISC", - "name": "http://seclists.org/fulldisclosure/2024/Mar/23" } ] } diff --git a/2024/23xxx/CVE-2024-23235.json b/2024/23xxx/CVE-2024-23235.json index f9b86f8b292..92e8e0fc7c0 100644 --- a/2024/23xxx/CVE-2024-23235.json +++ b/2024/23xxx/CVE-2024-23235.json @@ -136,21 +136,6 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/21", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/21" - }, - { - "url": "http://seclists.org/fulldisclosure/2024/Mar/25", - "refsource": "MISC", - "name": "http://seclists.org/fulldisclosure/2024/Mar/25" - }, - { - "url": "http://seclists.org/fulldisclosure/2024/Mar/24", - "refsource": "MISC", - "name": "http://seclists.org/fulldisclosure/2024/Mar/24" - }, - { - "url": "http://seclists.org/fulldisclosure/2024/Mar/26", - "refsource": "MISC", - "name": "http://seclists.org/fulldisclosure/2024/Mar/26" } ] } diff --git a/2024/23xxx/CVE-2024-23238.json b/2024/23xxx/CVE-2024-23238.json index 62591d35ba1..b5ae306957d 100644 --- a/2024/23xxx/CVE-2024-23238.json +++ b/2024/23xxx/CVE-2024-23238.json @@ -58,6 +58,11 @@ "url": "https://support.apple.com/en-us/HT214084", "refsource": "MISC", "name": "https://support.apple.com/en-us/HT214084" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/21" } ] } diff --git a/2024/23xxx/CVE-2024-23239.json b/2024/23xxx/CVE-2024-23239.json index 6cc629394d4..b37387d2c17 100644 --- a/2024/23xxx/CVE-2024-23239.json +++ b/2024/23xxx/CVE-2024-23239.json @@ -109,6 +109,11 @@ "url": "https://support.apple.com/en-us/HT214088", "refsource": "MISC", "name": "https://support.apple.com/en-us/HT214088" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/21" } ] } diff --git a/2024/23xxx/CVE-2024-23241.json b/2024/23xxx/CVE-2024-23241.json index 0ccb034939d..53d623052da 100644 --- a/2024/23xxx/CVE-2024-23241.json +++ b/2024/23xxx/CVE-2024-23241.json @@ -92,6 +92,11 @@ "url": "https://support.apple.com/en-us/HT214084", "refsource": "MISC", "name": "https://support.apple.com/en-us/HT214084" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/21" } ] } diff --git a/2024/23xxx/CVE-2024-23242.json b/2024/23xxx/CVE-2024-23242.json index 9418c92ec98..525253f85f4 100644 --- a/2024/23xxx/CVE-2024-23242.json +++ b/2024/23xxx/CVE-2024-23242.json @@ -75,6 +75,11 @@ "url": "https://support.apple.com/en-us/HT214084", "refsource": "MISC", "name": "https://support.apple.com/en-us/HT214084" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/21" } ] } diff --git a/2024/23xxx/CVE-2024-23245.json b/2024/23xxx/CVE-2024-23245.json index 894cd0f2a48..0050883cd1f 100644 --- a/2024/23xxx/CVE-2024-23245.json +++ b/2024/23xxx/CVE-2024-23245.json @@ -73,16 +73,6 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/21", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/21" - }, - { - "url": "http://seclists.org/fulldisclosure/2024/Mar/22", - "refsource": "MISC", - "name": "http://seclists.org/fulldisclosure/2024/Mar/22" - }, - { - "url": "http://seclists.org/fulldisclosure/2024/Mar/23", - "refsource": "MISC", - "name": "http://seclists.org/fulldisclosure/2024/Mar/23" } ] } diff --git a/2024/23xxx/CVE-2024-23247.json b/2024/23xxx/CVE-2024-23247.json index 79e16c25642..4b7c4ad5b7b 100644 --- a/2024/23xxx/CVE-2024-23247.json +++ b/2024/23xxx/CVE-2024-23247.json @@ -73,16 +73,6 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/21", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/21" - }, - { - "url": "http://seclists.org/fulldisclosure/2024/Mar/22", - "refsource": "MISC", - "name": "http://seclists.org/fulldisclosure/2024/Mar/22" - }, - { - "url": "http://seclists.org/fulldisclosure/2024/Mar/23", - "refsource": "MISC", - "name": "http://seclists.org/fulldisclosure/2024/Mar/23" } ] } diff --git a/2024/23xxx/CVE-2024-23248.json b/2024/23xxx/CVE-2024-23248.json index 650c3f63f4f..c67e2d11fef 100644 --- a/2024/23xxx/CVE-2024-23248.json +++ b/2024/23xxx/CVE-2024-23248.json @@ -58,6 +58,11 @@ "url": "https://support.apple.com/en-us/HT214084", "refsource": "MISC", "name": "https://support.apple.com/en-us/HT214084" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/21" } ] } diff --git a/2024/23xxx/CVE-2024-23252.json b/2024/23xxx/CVE-2024-23252.json index 7775b0d2e9f..bfef2215a2b 100644 --- a/2024/23xxx/CVE-2024-23252.json +++ b/2024/23xxx/CVE-2024-23252.json @@ -97,6 +97,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/20", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/20" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/21" } ] } diff --git a/2024/23xxx/CVE-2024-23253.json b/2024/23xxx/CVE-2024-23253.json index 6e8440bea20..f426550d6c2 100644 --- a/2024/23xxx/CVE-2024-23253.json +++ b/2024/23xxx/CVE-2024-23253.json @@ -58,6 +58,11 @@ "url": "https://support.apple.com/en-us/HT214084", "refsource": "MISC", "name": "https://support.apple.com/en-us/HT214084" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/21" } ] } diff --git a/2024/23xxx/CVE-2024-23254.json b/2024/23xxx/CVE-2024-23254.json index 53d520cfe38..7523885283c 100644 --- a/2024/23xxx/CVE-2024-23254.json +++ b/2024/23xxx/CVE-2024-23254.json @@ -148,6 +148,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/20", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/20" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/21" } ] } diff --git a/2024/23xxx/CVE-2024-23255.json b/2024/23xxx/CVE-2024-23255.json index 9acf54c5691..4bd72839575 100644 --- a/2024/23xxx/CVE-2024-23255.json +++ b/2024/23xxx/CVE-2024-23255.json @@ -75,6 +75,11 @@ "url": "https://support.apple.com/en-us/HT214084", "refsource": "MISC", "name": "https://support.apple.com/en-us/HT214084" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/21" } ] } diff --git a/2024/23xxx/CVE-2024-23257.json b/2024/23xxx/CVE-2024-23257.json index e05cec23760..e1dffb333da 100644 --- a/2024/23xxx/CVE-2024-23257.json +++ b/2024/23xxx/CVE-2024-23257.json @@ -107,21 +107,6 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/21", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/21" - }, - { - "url": "http://seclists.org/fulldisclosure/2024/Mar/22", - "refsource": "MISC", - "name": "http://seclists.org/fulldisclosure/2024/Mar/22" - }, - { - "url": "http://seclists.org/fulldisclosure/2024/Mar/23", - "refsource": "MISC", - "name": "http://seclists.org/fulldisclosure/2024/Mar/23" - }, - { - "url": "http://seclists.org/fulldisclosure/2024/Mar/26", - "refsource": "MISC", - "name": "http://seclists.org/fulldisclosure/2024/Mar/26" } ] } diff --git a/2024/23xxx/CVE-2024-23258.json b/2024/23xxx/CVE-2024-23258.json index 80190d02f1e..eb0e7d7f40b 100644 --- a/2024/23xxx/CVE-2024-23258.json +++ b/2024/23xxx/CVE-2024-23258.json @@ -80,11 +80,6 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/21", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/21" - }, - { - "url": "http://seclists.org/fulldisclosure/2024/Mar/26", - "refsource": "MISC", - "name": "http://seclists.org/fulldisclosure/2024/Mar/26" } ] } diff --git a/2024/23xxx/CVE-2024-23259.json b/2024/23xxx/CVE-2024-23259.json index 370b69a9327..ec9ea38f1eb 100644 --- a/2024/23xxx/CVE-2024-23259.json +++ b/2024/23xxx/CVE-2024-23259.json @@ -80,6 +80,11 @@ "url": "https://support.apple.com/en-us/HT214084", "refsource": "MISC", "name": "https://support.apple.com/en-us/HT214084" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/21" } ] } diff --git a/2024/23xxx/CVE-2024-23260.json b/2024/23xxx/CVE-2024-23260.json index 5f4bcb1fd60..054be0d3a48 100644 --- a/2024/23xxx/CVE-2024-23260.json +++ b/2024/23xxx/CVE-2024-23260.json @@ -58,6 +58,11 @@ "url": "https://support.apple.com/en-us/HT214084", "refsource": "MISC", "name": "https://support.apple.com/en-us/HT214084" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/21" } ] } diff --git a/2024/23xxx/CVE-2024-23263.json b/2024/23xxx/CVE-2024-23263.json index 2257eb2a659..94a66ace581 100644 --- a/2024/23xxx/CVE-2024-23263.json +++ b/2024/23xxx/CVE-2024-23263.json @@ -153,6 +153,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/20", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/20" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/21" } ] } diff --git a/2024/23xxx/CVE-2024-23264.json b/2024/23xxx/CVE-2024-23264.json index 3544773cb49..1471a4b6cb1 100644 --- a/2024/23xxx/CVE-2024-23264.json +++ b/2024/23xxx/CVE-2024-23264.json @@ -129,26 +129,6 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/21", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/21" - }, - { - "url": "http://seclists.org/fulldisclosure/2024/Mar/25", - "refsource": "MISC", - "name": "http://seclists.org/fulldisclosure/2024/Mar/25" - }, - { - "url": "http://seclists.org/fulldisclosure/2024/Mar/22", - "refsource": "MISC", - "name": "http://seclists.org/fulldisclosure/2024/Mar/22" - }, - { - "url": "http://seclists.org/fulldisclosure/2024/Mar/23", - "refsource": "MISC", - "name": "http://seclists.org/fulldisclosure/2024/Mar/23" - }, - { - "url": "http://seclists.org/fulldisclosure/2024/Mar/26", - "refsource": "MISC", - "name": "http://seclists.org/fulldisclosure/2024/Mar/26" } ] } diff --git a/2024/23xxx/CVE-2024-23265.json b/2024/23xxx/CVE-2024-23265.json index 1287e230cef..f34949b03e3 100644 --- a/2024/23xxx/CVE-2024-23265.json +++ b/2024/23xxx/CVE-2024-23265.json @@ -146,31 +146,6 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/21", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/21" - }, - { - "url": "http://seclists.org/fulldisclosure/2024/Mar/25", - "refsource": "MISC", - "name": "http://seclists.org/fulldisclosure/2024/Mar/25" - }, - { - "url": "http://seclists.org/fulldisclosure/2024/Mar/24", - "refsource": "MISC", - "name": "http://seclists.org/fulldisclosure/2024/Mar/24" - }, - { - "url": "http://seclists.org/fulldisclosure/2024/Mar/22", - "refsource": "MISC", - "name": "http://seclists.org/fulldisclosure/2024/Mar/22" - }, - { - "url": "http://seclists.org/fulldisclosure/2024/Mar/23", - "refsource": "MISC", - "name": "http://seclists.org/fulldisclosure/2024/Mar/23" - }, - { - "url": "http://seclists.org/fulldisclosure/2024/Mar/26", - "refsource": "MISC", - "name": "http://seclists.org/fulldisclosure/2024/Mar/26" } ] } diff --git a/2024/23xxx/CVE-2024-23267.json b/2024/23xxx/CVE-2024-23267.json index 2d00a655e22..b5e092e6506 100644 --- a/2024/23xxx/CVE-2024-23267.json +++ b/2024/23xxx/CVE-2024-23267.json @@ -73,16 +73,6 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/21", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/21" - }, - { - "url": "http://seclists.org/fulldisclosure/2024/Mar/22", - "refsource": "MISC", - "name": "http://seclists.org/fulldisclosure/2024/Mar/22" - }, - { - "url": "http://seclists.org/fulldisclosure/2024/Mar/23", - "refsource": "MISC", - "name": "http://seclists.org/fulldisclosure/2024/Mar/23" } ] } diff --git a/2024/23xxx/CVE-2024-23268.json b/2024/23xxx/CVE-2024-23268.json index 18ec1e320c9..9a2f4d109f9 100644 --- a/2024/23xxx/CVE-2024-23268.json +++ b/2024/23xxx/CVE-2024-23268.json @@ -73,16 +73,6 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/21", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/21" - }, - { - "url": "http://seclists.org/fulldisclosure/2024/Mar/22", - "refsource": "MISC", - "name": "http://seclists.org/fulldisclosure/2024/Mar/22" - }, - { - "url": "http://seclists.org/fulldisclosure/2024/Mar/23", - "refsource": "MISC", - "name": "http://seclists.org/fulldisclosure/2024/Mar/23" } ] } diff --git a/2024/23xxx/CVE-2024-23270.json b/2024/23xxx/CVE-2024-23270.json index 2dcd08ad7f9..0024dbd0fb0 100644 --- a/2024/23xxx/CVE-2024-23270.json +++ b/2024/23xxx/CVE-2024-23270.json @@ -107,21 +107,6 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/21", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/21" - }, - { - "url": "http://seclists.org/fulldisclosure/2024/Mar/25", - "refsource": "MISC", - "name": "http://seclists.org/fulldisclosure/2024/Mar/25" - }, - { - "url": "http://seclists.org/fulldisclosure/2024/Mar/22", - "refsource": "MISC", - "name": "http://seclists.org/fulldisclosure/2024/Mar/22" - }, - { - "url": "http://seclists.org/fulldisclosure/2024/Mar/23", - "refsource": "MISC", - "name": "http://seclists.org/fulldisclosure/2024/Mar/23" } ] } diff --git a/2024/23xxx/CVE-2024-23272.json b/2024/23xxx/CVE-2024-23272.json index 8882081cd2b..06bc355b506 100644 --- a/2024/23xxx/CVE-2024-23272.json +++ b/2024/23xxx/CVE-2024-23272.json @@ -73,16 +73,6 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/21", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/21" - }, - { - "url": "http://seclists.org/fulldisclosure/2024/Mar/22", - "refsource": "MISC", - "name": "http://seclists.org/fulldisclosure/2024/Mar/22" - }, - { - "url": "http://seclists.org/fulldisclosure/2024/Mar/23", - "refsource": "MISC", - "name": "http://seclists.org/fulldisclosure/2024/Mar/23" } ] } diff --git a/2024/23xxx/CVE-2024-23273.json b/2024/23xxx/CVE-2024-23273.json index 04d570005ae..9f2cbb4f674 100644 --- a/2024/23xxx/CVE-2024-23273.json +++ b/2024/23xxx/CVE-2024-23273.json @@ -97,6 +97,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/20", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/20" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/21" } ] } diff --git a/2024/23xxx/CVE-2024-23275.json b/2024/23xxx/CVE-2024-23275.json index 2a5d62fb5d9..f1c0d672a8e 100644 --- a/2024/23xxx/CVE-2024-23275.json +++ b/2024/23xxx/CVE-2024-23275.json @@ -73,16 +73,6 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/21", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/21" - }, - { - "url": "http://seclists.org/fulldisclosure/2024/Mar/22", - "refsource": "MISC", - "name": "http://seclists.org/fulldisclosure/2024/Mar/22" - }, - { - "url": "http://seclists.org/fulldisclosure/2024/Mar/23", - "refsource": "MISC", - "name": "http://seclists.org/fulldisclosure/2024/Mar/23" } ] } diff --git a/2024/23xxx/CVE-2024-23276.json b/2024/23xxx/CVE-2024-23276.json index c9c2d9ec72b..add41807a87 100644 --- a/2024/23xxx/CVE-2024-23276.json +++ b/2024/23xxx/CVE-2024-23276.json @@ -73,16 +73,6 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/21", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/21" - }, - { - "url": "http://seclists.org/fulldisclosure/2024/Mar/22", - "refsource": "MISC", - "name": "http://seclists.org/fulldisclosure/2024/Mar/22" - }, - { - "url": "http://seclists.org/fulldisclosure/2024/Mar/23", - "refsource": "MISC", - "name": "http://seclists.org/fulldisclosure/2024/Mar/23" } ] } diff --git a/2024/23xxx/CVE-2024-23277.json b/2024/23xxx/CVE-2024-23277.json index b2f881a2c05..9aa9e806c82 100644 --- a/2024/23xxx/CVE-2024-23277.json +++ b/2024/23xxx/CVE-2024-23277.json @@ -75,6 +75,11 @@ "url": "https://support.apple.com/en-us/HT214084", "refsource": "MISC", "name": "https://support.apple.com/en-us/HT214084" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/21" } ] } diff --git a/2024/23xxx/CVE-2024-23278.json b/2024/23xxx/CVE-2024-23278.json index 2d3d5256cf4..dc97f0c6212 100644 --- a/2024/23xxx/CVE-2024-23278.json +++ b/2024/23xxx/CVE-2024-23278.json @@ -124,6 +124,11 @@ "url": "https://support.apple.com/kb/HT214085", "refsource": "MISC", "name": "https://support.apple.com/kb/HT214085" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/21" } ] } diff --git a/2024/23xxx/CVE-2024-23280.json b/2024/23xxx/CVE-2024-23280.json index 2f071d6dedd..4051b507c91 100644 --- a/2024/23xxx/CVE-2024-23280.json +++ b/2024/23xxx/CVE-2024-23280.json @@ -131,6 +131,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/20", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/20" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/21" } ] } diff --git a/2024/23xxx/CVE-2024-23281.json b/2024/23xxx/CVE-2024-23281.json index 6ff358b7a58..d0a60799d48 100644 --- a/2024/23xxx/CVE-2024-23281.json +++ b/2024/23xxx/CVE-2024-23281.json @@ -58,6 +58,11 @@ "url": "https://support.apple.com/en-us/HT214084", "refsource": "MISC", "name": "https://support.apple.com/en-us/HT214084" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/21" } ] } diff --git a/2024/23xxx/CVE-2024-23285.json b/2024/23xxx/CVE-2024-23285.json index 261d807f656..3411768420d 100644 --- a/2024/23xxx/CVE-2024-23285.json +++ b/2024/23xxx/CVE-2024-23285.json @@ -58,6 +58,11 @@ "url": "https://support.apple.com/en-us/HT214084", "refsource": "MISC", "name": "https://support.apple.com/en-us/HT214084" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/21" } ] } diff --git a/2024/23xxx/CVE-2024-23286.json b/2024/23xxx/CVE-2024-23286.json index 040ae2a77d7..bbc0a562b33 100644 --- a/2024/23xxx/CVE-2024-23286.json +++ b/2024/23xxx/CVE-2024-23286.json @@ -146,31 +146,6 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/21", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/21" - }, - { - "url": "http://seclists.org/fulldisclosure/2024/Mar/25", - "refsource": "MISC", - "name": "http://seclists.org/fulldisclosure/2024/Mar/25" - }, - { - "url": "http://seclists.org/fulldisclosure/2024/Mar/24", - "refsource": "MISC", - "name": "http://seclists.org/fulldisclosure/2024/Mar/24" - }, - { - "url": "http://seclists.org/fulldisclosure/2024/Mar/22", - "refsource": "MISC", - "name": "http://seclists.org/fulldisclosure/2024/Mar/22" - }, - { - "url": "http://seclists.org/fulldisclosure/2024/Mar/23", - "refsource": "MISC", - "name": "http://seclists.org/fulldisclosure/2024/Mar/23" - }, - { - "url": "http://seclists.org/fulldisclosure/2024/Mar/26", - "refsource": "MISC", - "name": "http://seclists.org/fulldisclosure/2024/Mar/26" } ] } diff --git a/2024/23xxx/CVE-2024-23287.json b/2024/23xxx/CVE-2024-23287.json index 7f171f94a0f..b8bb0c270ac 100644 --- a/2024/23xxx/CVE-2024-23287.json +++ b/2024/23xxx/CVE-2024-23287.json @@ -92,6 +92,11 @@ "url": "https://support.apple.com/en-us/HT214088", "refsource": "MISC", "name": "https://support.apple.com/en-us/HT214088" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/21" } ] } diff --git a/2024/23xxx/CVE-2024-23289.json b/2024/23xxx/CVE-2024-23289.json index c77a2552e3c..c75fcfa4a1f 100644 --- a/2024/23xxx/CVE-2024-23289.json +++ b/2024/23xxx/CVE-2024-23289.json @@ -97,6 +97,11 @@ "url": "https://support.apple.com/en-us/HT214088", "refsource": "MISC", "name": "https://support.apple.com/en-us/HT214088" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/21" } ] } diff --git a/2024/23xxx/CVE-2024-23290.json b/2024/23xxx/CVE-2024-23290.json index f53957d8fe1..c7f773e67e9 100644 --- a/2024/23xxx/CVE-2024-23290.json +++ b/2024/23xxx/CVE-2024-23290.json @@ -109,6 +109,11 @@ "url": "https://support.apple.com/en-us/HT214088", "refsource": "MISC", "name": "https://support.apple.com/en-us/HT214088" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/21" } ] } diff --git a/2024/23xxx/CVE-2024-23291.json b/2024/23xxx/CVE-2024-23291.json index 716b923505b..b479a669731 100644 --- a/2024/23xxx/CVE-2024-23291.json +++ b/2024/23xxx/CVE-2024-23291.json @@ -109,6 +109,11 @@ "url": "https://support.apple.com/en-us/HT214088", "refsource": "MISC", "name": "https://support.apple.com/en-us/HT214088" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/21" } ] } diff --git a/2024/23xxx/CVE-2024-23293.json b/2024/23xxx/CVE-2024-23293.json index b3454efc1e0..9b4bdef29ec 100644 --- a/2024/23xxx/CVE-2024-23293.json +++ b/2024/23xxx/CVE-2024-23293.json @@ -109,6 +109,11 @@ "url": "https://support.apple.com/en-us/HT214088", "refsource": "MISC", "name": "https://support.apple.com/en-us/HT214088" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/21" } ] } diff --git a/2024/23xxx/CVE-2024-23294.json b/2024/23xxx/CVE-2024-23294.json index 0c8946c618a..bd7f2f54c33 100644 --- a/2024/23xxx/CVE-2024-23294.json +++ b/2024/23xxx/CVE-2024-23294.json @@ -58,6 +58,11 @@ "url": "https://support.apple.com/en-us/HT214084", "refsource": "MISC", "name": "https://support.apple.com/en-us/HT214084" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/21" } ] } diff --git a/2024/23xxx/CVE-2024-23296.json b/2024/23xxx/CVE-2024-23296.json index 0648502a915..77936c1f1cb 100644 --- a/2024/23xxx/CVE-2024-23296.json +++ b/2024/23xxx/CVE-2024-23296.json @@ -83,6 +83,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/18", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/18" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/21" } ] } diff --git a/2024/28xxx/CVE-2024-28662.json b/2024/28xxx/CVE-2024-28662.json index 252c423d960..499eed7ed7e 100644 --- a/2024/28xxx/CVE-2024-28662.json +++ b/2024/28xxx/CVE-2024-28662.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-28662", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-28662", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Cross Site Scripting vulnerability exists in Piwigo before 14.3.0 script because of missing sanitization in create_tag in admin/include/functions.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Piwigo/Piwigo/security/advisories/GHSA-8g2g-6f2c-6h7j", + "refsource": "MISC", + "name": "https://github.com/Piwigo/Piwigo/security/advisories/GHSA-8g2g-6f2c-6h7j" + }, + { + "refsource": "MISC", + "name": "https://github.com/Piwigo/Piwigo/commit/5069610aaeb1da6d96d389651a5ba9b38690c580", + "url": "https://github.com/Piwigo/Piwigo/commit/5069610aaeb1da6d96d389651a5ba9b38690c580" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/Piwigo/Piwigo/compare/14.2.0...14.3.0", + "url": "https://github.com/Piwigo/Piwigo/compare/14.2.0...14.3.0" } ] } diff --git a/2024/28xxx/CVE-2024-28670.json b/2024/28xxx/CVE-2024-28670.json index 1824dc03724..5325255d539 100644 --- a/2024/28xxx/CVE-2024-28670.json +++ b/2024/28xxx/CVE-2024-28670.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-28670", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-28670", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/freelist_main.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/777erp/cms/blob/main/9.md", + "refsource": "MISC", + "name": "https://github.com/777erp/cms/blob/main/9.md" } ] } diff --git a/2024/28xxx/CVE-2024-28671.json b/2024/28xxx/CVE-2024-28671.json index ab58b53a615..c7a3d200c33 100644 --- a/2024/28xxx/CVE-2024-28671.json +++ b/2024/28xxx/CVE-2024-28671.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-28671", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-28671", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/stepselect_main.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/777erp/cms/blob/main/7.md", + "refsource": "MISC", + "name": "https://github.com/777erp/cms/blob/main/7.md" } ] } diff --git a/2024/28xxx/CVE-2024-28672.json b/2024/28xxx/CVE-2024-28672.json index cacf99c509b..3946228d2fe 100644 --- a/2024/28xxx/CVE-2024-28672.json +++ b/2024/28xxx/CVE-2024-28672.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-28672", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-28672", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/media_edit.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/777erp/cms/blob/main/3.md", + "refsource": "MISC", + "name": "https://github.com/777erp/cms/blob/main/3.md" } ] } diff --git a/2024/28xxx/CVE-2024-28673.json b/2024/28xxx/CVE-2024-28673.json index b0f436e6f45..698d23590ba 100644 --- a/2024/28xxx/CVE-2024-28673.json +++ b/2024/28xxx/CVE-2024-28673.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-28673", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-28673", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/mychannel_edit.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/777erp/cms/blob/main/4.md", + "refsource": "MISC", + "name": "https://github.com/777erp/cms/blob/main/4.md" } ] } diff --git a/2024/28xxx/CVE-2024-28677.json b/2024/28xxx/CVE-2024-28677.json index 4207a6b6e48..36117d9847d 100644 --- a/2024/28xxx/CVE-2024-28677.json +++ b/2024/28xxx/CVE-2024-28677.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-28677", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-28677", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/article_keywords_main.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/777erp/cms/blob/main/14.md", + "refsource": "MISC", + "name": "https://github.com/777erp/cms/blob/main/14.md" } ] } diff --git a/2024/28xxx/CVE-2024-28678.json b/2024/28xxx/CVE-2024-28678.json index 0f2f86fb0a2..4295f5e0743 100644 --- a/2024/28xxx/CVE-2024-28678.json +++ b/2024/28xxx/CVE-2024-28678.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-28678", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-28678", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/article_description_main.php" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/777erp/cms/blob/main/15.md", + "refsource": "MISC", + "name": "https://github.com/777erp/cms/blob/main/15.md" } ] }