diff --git a/2024/10xxx/CVE-2024-10471.json b/2024/10xxx/CVE-2024-10471.json index 5e07b9665ff..9d9cbd15192 100644 --- a/2024/10xxx/CVE-2024-10471.json +++ b/2024/10xxx/CVE-2024-10471.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-10471", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Everest Forms WordPress plugin before 3.0.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Everest Forms", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "3.0.4.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/85d590c9-c96d-40c9-aa59-48302ba3d63c/", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/85d590c9-c96d-40c9-aa59-48302ba3d63c/" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Dmitrii Ignatyev" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2024/10xxx/CVE-2024-10857.json b/2024/10xxx/CVE-2024-10857.json index 08d0950bb24..5764226a9a8 100644 --- a/2024/10xxx/CVE-2024-10857.json +++ b/2024/10xxx/CVE-2024-10857.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-10857", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.9 via the handle_downloads() function due to insufficient file path validation/sanitization. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-35 Path Traversal: '.../...//'", + "cweId": "CWE-35" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "tychesoftwares", + "product": { + "product_data": [ + { + "product_name": "Product Input Fields for WooCommerce", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.9" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e45207af-3886-4d95-9cd8-5ecdc683dc58?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e45207af-3886-4d95-9cd8-5ecdc683dc58?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3195423/product-input-fields-for-woocommerce/trunk?contextall=1&old=3173573&old_path=%2Fproduct-input-fields-for-woocommerce%2Ftrunk", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/3195423/product-input-fields-for-woocommerce/trunk?contextall=1&old=3173573&old_path=%2Fproduct-input-fields-for-woocommerce%2Ftrunk" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "AmrAwad" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/11xxx/CVE-2024-11002.json b/2024/11xxx/CVE-2024-11002.json index 0f43aa07d7e..eece5a5a398 100644 --- a/2024/11xxx/CVE-2024-11002.json +++ b/2024/11xxx/CVE-2024-11002.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-11002", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The The InPost Gallery plugin for WordPress is vulnerable to arbitrary shortcode execution via the inpost_gallery_get_shortcode_template AJAX action in all versions up to, and including, 2.1.4.2. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-94 Improper Control of Generation of Code ('Code Injection')", + "cweId": "CWE-94" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "realmag777", + "product": { + "product_data": [ + { + "product_name": "InPost Gallery", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "2.1.4.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5fbb2dcf-38b8-4ef1-bfea-bf5872cc7e37?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5fbb2dcf-38b8-4ef1-bfea-bf5872cc7e37?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/inpost-gallery/trunk/index.php#L323", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/inpost-gallery/trunk/index.php#L323" + }, + { + "url": "https://wordpress.org/plugins/inpost-gallery/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/inpost-gallery/#developers" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3192113/", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/3192113/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Arkadiusz Hydzik" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" } ] }