From a2aad66be618704741a0db281cddf380aae26956 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 1 Mar 2025 05:00:37 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/13xxx/CVE-2024-13518.json | 76 +++++++++++++++++++++++++-- 2024/13xxx/CVE-2024-13559.json | 76 +++++++++++++++++++++++++-- 2024/13xxx/CVE-2024-13568.json | 76 +++++++++++++++++++++++++-- 2024/13xxx/CVE-2024-13746.json | 95 ++++++++++++++++++++++++++++++++-- 2024/13xxx/CVE-2024-13750.json | 76 +++++++++++++++++++++++++-- 2024/9xxx/CVE-2024-9212.json | 76 +++++++++++++++++++++++++-- 2024/9xxx/CVE-2024-9217.json | 76 +++++++++++++++++++++++++-- 2025/0xxx/CVE-2025-0820.json | 81 +++++++++++++++++++++++++++-- 8 files changed, 600 insertions(+), 32 deletions(-) diff --git a/2024/13xxx/CVE-2024-13518.json b/2024/13xxx/CVE-2024-13518.json index ef4179fa781..d8a9fa3476d 100644 --- a/2024/13xxx/CVE-2024-13518.json +++ b/2024/13xxx/CVE-2024-13518.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-13518", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Simple:Press Forum plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.10.11. This is due to missing or incorrect nonce validation on the 'sp_save_edited_post' function. This makes it possible for unauthenticated attackers to modify a forum post via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "simplepress", + "product": { + "product_data": [ + { + "product_name": "Simple:Press Forum", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "6.10.11" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4484fa86-5878-426d-92b9-8eb0751075e5?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4484fa86-5878-426d-92b9-8eb0751075e5?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/simplepress/trunk/forum/database/sp-db-management.php#L173", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/simplepress/trunk/forum/database/sp-db-management.php#L173" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Robert Subotic" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/13xxx/CVE-2024-13559.json b/2024/13xxx/CVE-2024-13559.json index 61f2fc75fb9..868d34bd9cc 100644 --- a/2024/13xxx/CVE-2024-13559.json +++ b/2024/13xxx/CVE-2024-13559.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-13559", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The TemplatesNext ToolKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tx_woo_wishlist_table' shortcode in all versions up to, and including, 3.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "marsian", + "product": { + "product_data": [ + { + "product_name": "TemplatesNext ToolKit", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "3.2.9" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/775b6034-617a-4d84-a8fe-773ffbd9742a?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/775b6034-617a-4d84-a8fe-773ffbd9742a?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/templatesnext-toolkit/trunk/inc/woo-compare-wishlist/includes/wishlist/shortcode.php#L13", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/templatesnext-toolkit/trunk/inc/woo-compare-wishlist/includes/wishlist/shortcode.php#L13" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Krzysztof Zaj\u0105c" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/13xxx/CVE-2024-13568.json b/2024/13xxx/CVE-2024-13568.json index 5f31f6ba62e..74b0eb42149 100644 --- a/2024/13xxx/CVE-2024-13568.json +++ b/2024/13xxx/CVE-2024-13568.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-13568", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Fluent Support \u2013 Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.5 via the 'fluent-support' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/fluent-support directory which can contain file attachments included in support tickets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "techjewel", + "product": { + "product_data": [ + { + "product_name": "Fluent Support \u2013 Helpdesk & Customer Support Ticket System", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.8.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/17f40832-8ae5-443a-aa98-f0e61d1152cc?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/17f40832-8ae5-443a-aa98-f0e61d1152cc?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/fluent-support/trunk/app/Services/Includes/FileSystem.php", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/fluent-support/trunk/app/Services/Includes/FileSystem.php" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Tim Coen" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH" } ] } diff --git a/2024/13xxx/CVE-2024-13746.json b/2024/13xxx/CVE-2024-13746.json index a94fccaa559..0bb7ff68cd7 100644 --- a/2024/13xxx/CVE-2024-13746.json +++ b/2024/13xxx/CVE-2024-13746.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-13746", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Booking Calendar and Notification plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to missing capability checks on the wpcb_all_bookings(), wpcb_update_booking_post(), and wpcb_delete_posts() functions in all versions up to, and including, 4.0.3. This makes it possible for unauthenticated attackers to extract data, create or update bookings, or delete arbitrary posts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "imznarf", + "product": { + "product_data": [ + { + "product_name": "Booking Calendar and Notification", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "4.0.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/422bb9a5-c848-4492-add7-bc65b1111565?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/422bb9a5-c848-4492-add7-bc65b1111565?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/booking-calendar-and-notification/tags/4.0.3/lib/includes/function.php", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/booking-calendar-and-notification/tags/4.0.3/lib/includes/function.php" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/booking-calendar-and-notification/trunk/lib/classes/api.php#L270", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/booking-calendar-and-notification/trunk/lib/classes/api.php#L270" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/booking-calendar-and-notification/trunk/lib/classes/api.php#L134", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/booking-calendar-and-notification/trunk/lib/classes/api.php#L134" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/booking-calendar-and-notification/trunk/lib/classes/api.php#L188", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/booking-calendar-and-notification/trunk/lib/classes/api.php#L188" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Pham Van Tam" + }, + { + "lang": "en", + "value": "Hoang Phuc Vo" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/13xxx/CVE-2024-13750.json b/2024/13xxx/CVE-2024-13750.json index 5753f1e9dbd..6ec770240d4 100644 --- a/2024/13xxx/CVE-2024-13750.json +++ b/2024/13xxx/CVE-2024-13750.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-13750", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Multilevel Referral Affiliate Plugin for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.27 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "prismitsystems", + "product": { + "product_data": [ + { + "product_name": "Multilevel Referral Affiliate Plugin for WooCommerce", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "2.27" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4389ddc9-de69-4316-9bfa-ff3bd3346c69?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4389ddc9-de69-4316-9bfa-ff3bd3346c69?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/multilevel-referral-plugin-for-woocommerce/tags/2.27/classes/referral-program.php#L310", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/multilevel-referral-plugin-for-woocommerce/tags/2.27/classes/referral-program.php#L310" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Tamir Tsegaye" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/9xxx/CVE-2024-9212.json b/2024/9xxx/CVE-2024-9212.json index 8652a889d4d..315a9bdc6f6 100644 --- a/2024/9xxx/CVE-2024-9212.json +++ b/2024/9xxx/CVE-2024-9212.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-9212", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The SKU Generator for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.6.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "wpwham", + "product": { + "product_data": [ + { + "product_name": "SKU Generator for WooCommerce", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.6.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f59ccb78-722b-490b-874e-7026afc3511b?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f59ccb78-722b-490b-874e-7026afc3511b?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/sku-for-woocommerce/tags/1.6.2/includes/settings/class-wc-sku-tools-regenerator.php#L43", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/sku-for-woocommerce/tags/1.6.2/includes/settings/class-wc-sku-tools-regenerator.php#L43" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Dale Mavers" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/9xxx/CVE-2024-9217.json b/2024/9xxx/CVE-2024-9217.json index f01b1bd0f95..f46f30e2e41 100644 --- a/2024/9xxx/CVE-2024-9217.json +++ b/2024/9xxx/CVE-2024-9217.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-9217", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Currency Switcher for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.16.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "wpwham", + "product": { + "product_data": [ + { + "product_name": "Currency Switcher for WooCommerce", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "2.16.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3357892e-c047-406b-8914-018ea966e799?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3357892e-c047-406b-8914-018ea966e799?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/currency-switcher-woocommerce/trunk/includes/functions/alg-switcher-selector-functions.php#L139", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/currency-switcher-woocommerce/trunk/includes/functions/alg-switcher-selector-functions.php#L139" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Colin Xu" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" } ] } diff --git a/2025/0xxx/CVE-2025-0820.json b/2025/0xxx/CVE-2025-0820.json index ff0326832cf..d46db8b5bdd 100644 --- a/2025/0xxx/CVE-2025-0820.json +++ b/2025/0xxx/CVE-2025-0820.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-0820", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Clicface Trombi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018nom\u2019 parameter in all versions up to, and including, 2.08 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "clicface", + "product": { + "product_data": [ + { + "product_name": "Clicface Trombi", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "2.08" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1d9ff834-8a11-4ec7-9371-15d56bc84106?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1d9ff834-8a11-4ec7-9371-15d56bc84106?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/clicface-trombi/trunk/clicface-trombi.php#L80", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/clicface-trombi/trunk/clicface-trombi.php#L80" + }, + { + "url": "https://wordpress.org/plugins/clicface-trombi/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/clicface-trombi/#developers" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "SOPROBRO" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" } ] }