From 64bc359b00763d3d0d95f7af6a94caeaa3402838 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 7 Jan 2025 10:01:02 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/12xxx/CVE-2024-12152.json | 81 ++++++++++++++++++++++++++++++++-- 2024/12xxx/CVE-2024-12569.json | 2 +- 2024/12xxx/CVE-2024-12699.json | 81 ++++++++++++++++++++++++++++++++-- 2024/12xxx/CVE-2024-12719.json | 81 ++++++++++++++++++++++++++++++++-- 2024/13xxx/CVE-2024-13176.json | 18 ++++++++ 2025/22xxx/CVE-2025-22491.json | 18 ++++++++ 2025/22xxx/CVE-2025-22492.json | 18 ++++++++ 2025/22xxx/CVE-2025-22493.json | 18 ++++++++ 2025/22xxx/CVE-2025-22494.json | 18 ++++++++ 2025/22xxx/CVE-2025-22495.json | 18 ++++++++ 10 files changed, 340 insertions(+), 13 deletions(-) create mode 100644 2024/13xxx/CVE-2024-13176.json create mode 100644 2025/22xxx/CVE-2025-22491.json create mode 100644 2025/22xxx/CVE-2025-22492.json create mode 100644 2025/22xxx/CVE-2025-22493.json create mode 100644 2025/22xxx/CVE-2025-22494.json create mode 100644 2025/22xxx/CVE-2025-22495.json diff --git a/2024/12xxx/CVE-2024-12152.json b/2024/12xxx/CVE-2024-12152.json index 269a70f1426..d5618fd95a0 100644 --- a/2024/12xxx/CVE-2024-12152.json +++ b/2024/12xxx/CVE-2024-12152.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-12152", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The MIPL WC Multisite Sync plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.5 via the 'mipl_wc_sync_download_log' action. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "mulika", + "product": { + "product_data": [ + { + "product_name": "MIPL WC Multisite Sync \u2013 Synchronize WC Products, Orders, Customers & Coupons across multiple sites", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.1.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/575d1e24-d23d-4589-bb71-f52efec1ac58?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/575d1e24-d23d-4589-bb71-f52efec1ac58?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3216574%40mipl-wc-multisite-sync&new=3216574%40mipl-wc-multisite-sync&sfp_email=&sfph_mail=", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3216574%40mipl-wc-multisite-sync&new=3216574%40mipl-wc-multisite-sync&sfp_email=&sfph_mail=" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3215735%40mipl-wc-multisite-sync&new=3215735%40mipl-wc-multisite-sync&sfp_email=&sfph_mail=", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3215735%40mipl-wc-multisite-sync&new=3215735%40mipl-wc-multisite-sync&sfp_email=&sfph_mail=" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Thien Ngo" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH" } ] } diff --git a/2024/12xxx/CVE-2024-12569.json b/2024/12xxx/CVE-2024-12569.json index 139d7812446..fba845daaad 100644 --- a/2024/12xxx/CVE-2024-12569.json +++ b/2024/12xxx/CVE-2024-12569.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Disclosure of sensitive information in HikVision camera driver's log file in XProtect Device Pack allows an attacker to read camera credentials stored in the Recording Server under specific conditions." + "value": "Disclosure\nof sensitive information in a Milestone XProtect Device Pack driver\u2019s log file for third-party cameras, allows an attacker to read camera\ncredentials stored in the Recording Server under specific conditions." } ] }, diff --git a/2024/12xxx/CVE-2024-12699.json b/2024/12xxx/CVE-2024-12699.json index fe64401a872..a536627af04 100644 --- a/2024/12xxx/CVE-2024-12699.json +++ b/2024/12xxx/CVE-2024-12699.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-12699", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Service Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "themepoints", + "product": { + "product_data": [ + { + "product_name": "Service Box", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.9" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e6a65630-0852-4ffc-8c23-295be95bd7f0?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e6a65630-0852-4ffc-8c23-295be95bd7f0?source=cve" + }, + { + "url": "https://wordpress.org/plugins/service-boxs/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/service-boxs/#developers" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3216752%40service-boxs&new=3216752%40service-boxs&sfp_email=&sfph_mail=", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3216752%40service-boxs&new=3216752%40service-boxs&sfp_email=&sfph_mail=" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "SOPROBRO" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/12xxx/CVE-2024-12719.json b/2024/12xxx/CVE-2024-12719.json index c9c7ffbffaf..5c07658a3cf 100644 --- a/2024/12xxx/CVE-2024-12719.json +++ b/2024/12xxx/CVE-2024-12719.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-12719", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WordPress File Upload plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wfu_ajax_action_read_subfolders' function in all versions up to, and including, 4.24.15. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform limited path traversal to view directories and subdirectories in WordPress. Files cannot be viewed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "nickboss", + "product": { + "product_data": [ + { + "product_name": "WordPress File Upload", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "4.24.15" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/314ae0f5-8a4e-4bf3-9fc9-49f5b036b99e?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/314ae0f5-8a4e-4bf3-9fc9-49f5b036b99e?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/wp-file-upload/trunk/lib/wfu_ajaxactions.php#L849", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/wp-file-upload/trunk/lib/wfu_ajaxactions.php#L849" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3217005/", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/3217005/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Lucio S\u00e1" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/13xxx/CVE-2024-13176.json b/2024/13xxx/CVE-2024-13176.json new file mode 100644 index 00000000000..8e345cea5cc --- /dev/null +++ b/2024/13xxx/CVE-2024-13176.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-13176", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/22xxx/CVE-2025-22491.json b/2025/22xxx/CVE-2025-22491.json new file mode 100644 index 00000000000..6cf8b76bb39 --- /dev/null +++ b/2025/22xxx/CVE-2025-22491.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-22491", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/22xxx/CVE-2025-22492.json b/2025/22xxx/CVE-2025-22492.json new file mode 100644 index 00000000000..b7babc54c57 --- /dev/null +++ b/2025/22xxx/CVE-2025-22492.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-22492", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/22xxx/CVE-2025-22493.json b/2025/22xxx/CVE-2025-22493.json new file mode 100644 index 00000000000..532f9d94f56 --- /dev/null +++ b/2025/22xxx/CVE-2025-22493.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-22493", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/22xxx/CVE-2025-22494.json b/2025/22xxx/CVE-2025-22494.json new file mode 100644 index 00000000000..82788e7f0c3 --- /dev/null +++ b/2025/22xxx/CVE-2025-22494.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-22494", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/22xxx/CVE-2025-22495.json b/2025/22xxx/CVE-2025-22495.json new file mode 100644 index 00000000000..9cd6fbc93b2 --- /dev/null +++ b/2025/22xxx/CVE-2025-22495.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-22495", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file