admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-03-05 02:00:35 +00:00
parent 5ade750def
commit 5185f50cd6
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
16 changed files with 924 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

75
2024/0xxx/CVE-2024-0698.json
View File

@ -1,17 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-0698",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Easy!Appointments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "alextselegidis",
"product": {
"product_data": [
{
"product_name": "Easy!Appointments",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.3.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4b002e40-712d-4c3f-b168-9132e7b77e60?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4b002e40-712d-4c3f-b168-9132e7b77e60?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/easyappointments/trunk/public/class-easyappointments-public.php#L141",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/easyappointments/trunk/public/class-easyappointments-public.php#L141"
}
]
},
"credits": [
{
"lang": "en",
"value": "wesley"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
}
]
}

75
2024/0xxx/CVE-2024-0825.json
View File

@ -1,17 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-0825",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Vimeography: Vimeo Video Gallery WordPress Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.3.2 via deserialization of untrusted input via the vimeography_duplicate_gallery_serialized in the duplicate_gallery function. This makes it possible for authenticated attackers attackers, with contributor access or higher, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "videogallery",
"product": {
"product_data": [
{
"product_name": "Vimeography: Vimeo Video Gallery WordPress Plugin",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "2.3.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/853516b2-ec50-4937-89d3-d16042a6f71c?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/853516b2-ec50-4937-89d3-d16042a6f71c?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/vimeography/trunk/lib/api/galleries.php#L816",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/vimeography/trunk/lib/api/galleries.php#L816"
}
]
},
"credits": [
{
"lang": "en",
"value": "Lucio S\u00e1"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}

75
2024/1xxx/CVE-2024-1088.json
View File

@ -1,17 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-1088",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Password Protected Store for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9 via the REST API. This makes it possible for unauthenticated attackers to extract sensitive data including post titles and content."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "rajkakadiya",
"product": {
"product_data": [
{
"product_name": "Password Protected Store for WooCommerce",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.9"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7ae1e8fd-4d1b-4590-a141-f93d6347c0f2?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7ae1e8fd-4d1b-4590-a141-f93d6347c0f2?source=cve"
},
{
"url": "https://wordpress.org/plugins/password-protected-woo-store/",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/password-protected-woo-store/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Francesco Carlucci"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
]
}

75
2024/1xxx/CVE-2024-1093.json
View File

@ -1,17 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-1093",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Change Memory Limit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admin_logic() function hooked via admin_init in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to update the memory limit."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "simon99",
"product": {
"product_data": [
{
"product_name": "Change Memory Limit",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/eee7344d-5459-4558-a557-d8c5935ecc30?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/eee7344d-5459-4558-a557-d8c5935ecc30?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/change-memory-limit/trunk/change-mem-limit.php#L104",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/change-memory-limit/trunk/change-mem-limit.php#L104"
}
]
},
"credits": [
{
"lang": "en",
"value": "Francesco Carlucci"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
]
}

75
2024/1xxx/CVE-2024-1095.json
View File

@ -1,17 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-1095",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Build & Control Block Patterns \u2013 Boost up Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the settings_export() function in all versions up to, and including, 1.3.5.4. This makes it possible for unauthenticated attackers to export the plugin's settings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "razib_",
"product": {
"product_data": [
{
"product_name": "Build & Control Block Patterns \u2013 Boost up Gutenberg Editor",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.3.5.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/38f09a45-2b11-47c7-af16-c7f9c3a46e0e?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/38f09a45-2b11-47c7-af16-c7f9c3a46e0e?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/control-block-patterns/trunk/classes/Settings/SettingsPage.php#L166",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/control-block-patterns/trunk/classes/Settings/SettingsPage.php#L166"
}
]
},
"credits": [
{
"lang": "en",
"value": "Francesco Carlucci"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
]
}

75
2024/1xxx/CVE-2024-1178.json
View File

@ -1,17 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-1178",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The SportsPress \u2013 Sports Club & League Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settings_save() function in all versions up to, and including, 2.7.17. This makes it possible for unauthenticated attackers to update the permalink structure for the clubs"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "themeboy",
"product": {
"product_data": [
{
"product_name": "SportsPress \u2013 Sports Club & League Manager",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "2.7.17"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/098dfee2-ba0b-420f-89ed-8ad1e41faec4?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/098dfee2-ba0b-420f-89ed-8ad1e41faec4?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3043889%40sportspress&new=3043889%40sportspress&sfp_email=&sfph_mail=",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3043889%40sportspress&new=3043889%40sportspress&sfp_email=&sfph_mail="
}
]
},
"credits": [
{
"lang": "en",
"value": "Francesco Carlucci"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
]
}

75
2024/1xxx/CVE-2024-1285.json
View File

@ -1,17 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-1285",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Page Builder Sandwich \u2013 Front End WordPress Page Builder Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'gambit_builder_save_content' function in all versions up to, and including, 5.1.0. This makes it possible for authenticated attackers, with subscriber access and above, to insert arbitrary content into existing posts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "pagebuildersandwich",
"product": {
"product_data": [
{
"product_name": "Page Builder Sandwich \u2013 Front End WordPress Page Builder Plugin",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "5.1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/69d3d66c-5557-4fb4-8bd7-05d76d6b86ab?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/69d3d66c-5557-4fb4-8bd7-05d76d6b86ab?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/page-builder-sandwich/tags/5.1.0/class-page-builder-sandwich.php#L958",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/page-builder-sandwich/tags/5.1.0/class-page-builder-sandwich.php#L958"
}
]
},
"credits": [
{
"lang": "en",
"value": "Krzysztof Zaj\u0105c"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
}
]
}

75
2024/1xxx/CVE-2024-1381.json
View File

@ -1,17 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-1381",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Page Builder Sandwich \u2013 Front End WordPress Page Builder Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.1.0. This makes it possible for authenticated attackers, with subscriber access and higher, to extract sensitive user or configuration data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "pagebuildersandwich",
"product": {
"product_data": [
{
"product_name": "Page Builder Sandwich \u2013 Front End WordPress Page Builder Plugin",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "5.1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8e98d92a-fe64-4591-972b-ed11542506b7?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8e98d92a-fe64-4591-972b-ed11542506b7?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/page-builder-sandwich/trunk/class-inspector.php#L90",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/page-builder-sandwich/trunk/class-inspector.php#L90"
}
]
},
"credits": [
{
"lang": "en",
"value": "Krzysztof Zaj\u0105c"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
}
]
}

75
2024/1xxx/CVE-2024-1478.json
View File

@ -1,17 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-1478",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.0 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page content via API thus bypassing the content protection provided by the plugin."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "helderk",
"product": {
"product_data": [
{
"product_name": "Maintenance Mode",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "2.5.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/36def628-e09e-4da0-ab14-35aefcb67f73?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/36def628-e09e-4da0-ab14-35aefcb67f73?source=cve"
},
{
"url": "https://wordpress.org/plugins/hkdev-maintenance-mode/",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/hkdev-maintenance-mode/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Francesco Carlucci"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
]
}

75
2024/1xxx/CVE-2024-1731.json
View File

@ -1,17 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-1731",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Auto Refresh Single Page plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1 via deserialization of untrusted input from the arsp_options post meta option. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "jkohlbach",
"product": {
"product_data": [
{
"product_name": "Auto Refresh Single Page",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5f8f8d46-d7e7-4b07-9b10-15e579973474?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5f8f8d46-d7e7-4b07-9b10-15e579973474?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/auto-refresh-single-page/trunk/auto-refresh-single-page.php#L42",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/auto-refresh-single-page/trunk/auto-refresh-single-page.php#L42"
}
]
},
"credits": [
{
"lang": "en",
"value": "Francesco Carlucci"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}

75
2024/1xxx/CVE-2024-1769.json
View File

@ -1,17 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-1769",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The JM Twitter Cards plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 12 via the meta description data. This makes it possible for unauthenticated attackers to view password protected post content when viewing the page source."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "jmlapam",
"product": {
"product_data": [
{
"product_name": "JM Twitter Cards",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "12"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b48e5973-6923-47cc-a660-ecc989f540f8?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b48e5973-6923-47cc-a660-ecc989f540f8?source=cve"
},
{
"url": "https://wordpress.org/plugins/jm-twitter-cards/",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/jm-twitter-cards/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Krzysztof Zaj\u0105c"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
]
}

79
2024/1xxx/CVE-2024-1782.json
View File

@ -1,17 +1,88 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-1782",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Blue Triad EZAnalytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'bt_webid' parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "jbahlquist",
"product": {
"product_data": [
{
"product_name": "Blue Triad EZAnalytics",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0cae2bb8-33e7-47b0-861d-b976a67660ae?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0cae2bb8-33e7-47b0-861d-b976a67660ae?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/blue-triad-ezanalytics/trunk/blue-triad-ezanalytics.php",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/blue-triad-ezanalytics/trunk/blue-triad-ezanalytics.php"
}
]
},
"credits": [
{
"lang": "en",
"value": "Nathaniel Oh"
},
{
"lang": "en",
"value": "Briana Campbell"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
}
]
}

2
2024/1xxx/CVE-2024-1885.json
View File

@ -36,7 +36,7 @@
"product": {
"product_data": [
{
"product_name": "LG Signage TV",
"product_name": "LG Signage",
"version": {
"version_data": [
{

2
2024/1xxx/CVE-2024-1886.json
View File

@ -36,7 +36,7 @@
"product": {
"product_data": [
{
"product_name": "LG Signage TV",
"product_name": "LG Signage",
"version": {
"version_data": [
{

66
2024/22xxx/CVE-2024-22188.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-22188",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-22188",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TYPO3 before 13.0.1 allows an authenticated admin user (with system maintainer privileges) to execute arbitrary shell commands (with the privileges of the web server) via a command injection vulnerability in form fields of the Install Tool. The fixed versions are 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, and 13.0.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://typo3.org/help/security-advisories",
"refsource": "MISC",
"name": "https://typo3.org/help/security-advisories"
},
{
"refsource": "MISC",
"name": "https://typo3.org/security/advisory/typo3-core-sa-2024-002",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2024-002"
},
{
"refsource": "MISC",
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-5w2h-59j3-8x5w",
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-5w2h-59j3-8x5w"
}
]
}

7
2024/24xxx/CVE-2024-24213.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Supabase PostgreSQL v15.1 was discovered to contain a SQL injection vulnerability via the component /pg_meta/default/query."
"value": "** DISPUTED ** Supabase PostgreSQL v15.1 was discovered to contain a SQL injection vulnerability via the component /pg_meta/default/query. NOTE: the vendor's position is that this is an intended feature; also, it exists in the Supabase dashboard product, not the Supabase PostgreSQL product. Specifically, /pg_meta/default/query is for SQL queries that are entered in an intended UI by an authorized user. Nothing is injected."
}
]
},
@ -71,6 +71,11 @@
"refsource": "MISC",
"name": "https://github.com/940198871/Vulnerability-details/blob/main/CVE-2024-24213",
"url": "https://github.com/940198871/Vulnerability-details/blob/main/CVE-2024-24213"
},
{
"refsource": "MISC",
"name": "https://supabase.com/docs/guides/database/overview#the-sql-editor",
"url": "https://supabase.com/docs/guides/database/overview#the-sql-editor"
}
]
}