admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-12-07 02:00:32 +00:00
parent 1dc6f7be2f
commit acc12e6590
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
15 changed files with 1110 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

81
2024/10xxx/CVE-2024-10046.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-10046",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The \u0627\u0641\u0632\u0648\u0646\u0647 \u067e\u06cc\u0627\u0645\u06a9 \u0648\u0648\u06a9\u0627\u0645\u0631\u0633 Persian WooCommerce SMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 7.0.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "persianscript",
"product": {
"product_data": [
{
"product_name": "\u0627\u0641\u0632\u0648\u0646\u0647 \u067e\u06cc\u0627\u0645\u06a9 \u0648\u0648\u06a9\u0627\u0645\u0631\u0633 Persian WooCommerce SMS",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "7.0.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/175a69da-c47a-40f3-98c7-7cfcdf98f9f6?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/175a69da-c47a-40f3-98c7-7cfcdf98f9f6?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/persian-woocommerce-sms/tags/7.0.3/src/SMS/Archive.php#L93",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/persian-woocommerce-sms/tags/7.0.3/src/SMS/Archive.php#L93"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3201912/",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/3201912/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Craig Smith"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
}
]
}

76
2024/11xxx/CVE-2024-11329.json
View File

@ -1,17 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11329",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Comfino Payment Gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.1.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "comfino",
"product": {
"product_data": [
{
"product_name": "Comfino Payment Gateway",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "4.1.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/006945a3-5f54-4bb8-9522-c832d59624a0?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/006945a3-5f54-4bb8-9522-c832d59624a0?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/comfino-payment-gateway/tags/4.1.0/views/admin/configuration.php#L39",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/comfino-payment-gateway/tags/4.1.0/views/admin/configuration.php#L39"
}
]
},
"credits": [
{
"lang": "en",
"value": "Dale Mavers"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
}
]
}

81
2024/11xxx/CVE-2024-11353.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11353",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The SMS for Lead Capture Forms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_message() function in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "clicksend",
"product": {
"product_data": [
{
"product_name": "SMS for Lead Capture Forms",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a0c68bb6-77a2-4232-923a-37f2c0327743?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a0c68bb6-77a2-4232-923a-37f2c0327743?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/clicksend-lead-capture-form/trunk/clicksend-SMS-form-settings.php#L54",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/clicksend-lead-capture-form/trunk/clicksend-SMS-form-settings.php#L54"
},
{
"url": "https://plugins.trac.wordpress.org/browser/clicksend-lead-capture-form/trunk/clicksend-SMS-form-settings.php#L63",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/clicksend-lead-capture-form/trunk/clicksend-SMS-form-settings.php#L63"
}
]
},
"credits": [
{
"lang": "en",
"value": "K\u00e9vin Mosbahi"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
}
]
}

76
2024/11xxx/CVE-2024-11436.json
View File

@ -1,17 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11436",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more! plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.4.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "genetechproducts",
"product": {
"product_data": [
{
"product_name": "Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more!",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.4.19"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/125a1d8d-8cd9-439c-b765-198ad369f987?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/125a1d8d-8cd9-439c-b765-198ad369f987?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3202800/",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/3202800/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Colin Xu"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
}
]
}

81
2024/11xxx/CVE-2024-11451.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11451",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Zooom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'zooom' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "harshitpeer",
"product": {
"product_data": [
{
"product_name": "Zooom",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6bd15878-a290-4613-83d9-011d60bb0233?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6bd15878-a290-4613-83d9-011d60bb0233?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/zooom/trunk/zooom.php",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/zooom/trunk/zooom.php"
},
{
"url": "https://wordpress.org/plugins/zooom/",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/zooom/"
}
]
},
"credits": [
{
"lang": "en",
"value": "zakaria"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
}
]
}

76
2024/11xxx/CVE-2024-11904.json
View File

@ -1,17 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11904",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The \ucf54\ub4dc\uc5e0\uc0f5 \uc18c\uc15c\ud1a1 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'msntt_add_plus_talk' shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "codemstory",
"product": {
"product_data": [
{
"product_name": "\ucf54\ub4dc\uc5e0\uc0f5 \uc18c\uc15c\ud1a1",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.2.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8e501b31-a7f4-4d0d-bf83-af7b6c023a6b?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8e501b31-a7f4-4d0d-bf83-af7b6c023a6b?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3202813/",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/3202813/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Peter Thaleikis"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
}
]
}

86
2024/11xxx/CVE-2024-11943.json
View File

@ -1,17 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11943",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The \uc6cc\ub4dc\ud504\ub808\uc2a4 \uacb0\uc81c \uc2ec\ud50c\ud398\uc774 \u2013 \uc6b0\ucee4\uba38\uc2a4 \uacb0\uc81c \ud50c\ub7ec\uadf8\uc778 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.2.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "codemstory",
"product": {
"product_data": [
{
"product_name": "\uc6cc\ub4dc\ud504\ub808\uc2a4 \uacb0\uc81c \uc2ec\ud50c\ud398\uc774 \u2013 \uc6b0\ucee4\uba38\uc2a4 \uacb0\uc81c \ud50c\ub7ec\uadf8\uc778",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "5.2.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3d85d609-781b-4f82-af57-124767f9d333?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3d85d609-781b-4f82-af57-124767f9d333?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/pgall-for-woocommerce/trunk/includes/admin/class-pafw-admin-notice.php#L81",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/pgall-for-woocommerce/trunk/includes/admin/class-pafw-admin-notice.php#L81"
},
{
"url": "https://wordpress.org/plugins/pgall-for-woocommerce/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/pgall-for-woocommerce/#developers"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3202085/",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/3202085/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Peter Thaleikis"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
}
]
}

76
2024/12xxx/CVE-2024-12026.json
View File

@ -1,17 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12026",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Message Filter for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveFilter() function in all versions up to, and including, 1.6.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create new filters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "kofimokome",
"product": {
"product_data": [
{
"product_name": "Message Filter for Contact Form 7",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.6.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7e7044aa-a1e7-4b1d-9f50-5e250426c6b0?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7e7044aa-a1e7-4b1d-9f50-5e250426c6b0?source=cve"
},
{
"url": "https://wordpress.org/plugins/cf7-message-filter/",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/cf7-message-filter/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Tieu Pham Trong Nhan"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
}
]
}

76
2024/12xxx/CVE-2024-12115.json
View File

@ -1,17 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12115",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Poll Maker \u2013 Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.5.4. This is due to missing or incorrect nonce validation on the duplicate_poll() function. This makes it possible for unauthenticated attackers to duplicate polls via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ays-pro",
"product": {
"product_data": [
{
"product_name": "Poll Maker \u2013 Versus Polls, Anonymous Polls, Image Polls",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "5.5.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e76447ec-2815-4758-ae2c-67a938a739d9?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e76447ec-2815-4758-ae2c-67a938a739d9?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3202972/poll-maker/tags/5.5.5/includes/lists/class-poll-maker-polls-list-table.php?old=3202972&old_path=poll-maker%2Ftags%2F5.5.4%2Fincludes%2Flists%2Fclass-poll-maker-polls-list-table.php",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/3202972/poll-maker/tags/5.5.5/includes/lists/class-poll-maker-polls-list-table.php?old=3202972&old_path=poll-maker%2Ftags%2F5.5.4%2Fincludes%2Flists%2Fclass-poll-maker-polls-list-table.php"
}
]
},
"credits": [
{
"lang": "en",
"value": "Noah Stead"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
}
]
}

76
2024/12xxx/CVE-2024-12165.json
View File

@ -1,17 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12165",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Mollie for Contact Form 7 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 5.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "tsjippy",
"product": {
"product_data": [
{
"product_name": "Mollie for Contact Form 7",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "5.0.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a5a21b3a-a60f-4083-a474-ec9fedd9b8cb?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a5a21b3a-a60f-4083-a474-ec9fedd9b8cb?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/cf7-mollie/trunk/includes/php/admin_menu.php#L164",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/cf7-mollie/trunk/includes/php/admin_menu.php#L164"
}
]
},
"credits": [
{
"lang": "en",
"value": "Colin Xu"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
}
]
}

76
2024/12xxx/CVE-2024-12166.json
View File

@ -1,17 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12166",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Shortcodes Blocks Creator Ultimate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "cmorillas1",
"product": {
"product_data": [
{
"product_name": "Shortcodes Blocks Creator Ultimate",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "2.2.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6ece9b6d-6802-44b9-9ead-1563286f4ff3?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6ece9b6d-6802-44b9-9ead-1563286f4ff3?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ultimate-shortcodes-creator/trunk/admin/class-shortcode-list-table.php#L83",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/ultimate-shortcodes-creator/trunk/admin/class-shortcode-list-table.php#L83"
}
]
},
"credits": [
{
"lang": "en",
"value": "Colin Xu"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
}
]
}

76
2024/12xxx/CVE-2024-12167.json
View File

@ -1,17 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12167",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Shortcodes Blocks Creator Ultimate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the '_wpnonce' parameter in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "cmorillas1",
"product": {
"product_data": [
{
"product_name": "Shortcodes Blocks Creator Ultimate",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "2.2.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/db6ccadb-5e90-4234-88cc-28241846acea?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/db6ccadb-5e90-4234-88cc-28241846acea?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ultimate-shortcodes-creator/trunk/admin/class-admin.php#L111",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/ultimate-shortcodes-creator/trunk/admin/class-admin.php#L111"
}
]
},
"credits": [
{
"lang": "en",
"value": "Dale Mavers"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
}
]
}

76
2024/12xxx/CVE-2024-12257.json
View File

@ -1,17 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12257",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The CardGate Payments for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "cardgate",
"product": {
"product_data": [
{
"product_name": "CardGate Payments for WooCommerce",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "3.2.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9f8de5a9-2279-4b84-b1f6-fdb293aa6017?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9f8de5a9-2279-4b84-b1f6-fdb293aa6017?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3203585/",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/3203585/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Colin Xu"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
}
]
}

81
2024/7xxx/CVE-2024-7894.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-7894",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The If Menu plugin for WordPress is vulnerable to unauthorized modification of the plugin's license key due to a missing capability check on the 'actions' function in versions up to, and including, 0.19.1. This makes it possible for unauthenticated attackers to modify delete or modify the license key."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "andreiigna",
"product": {
"product_data": [
{
"product_name": "If Menu \u2013 Visibility control for Menus",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "0.19.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ff6ebf45-4617-44dd-94d8-28aa8bc1609b?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ff6ebf45-4617-44dd-94d8-28aa8bc1609b?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/if-menu/trunk/src/Admin.php#L16",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/if-menu/trunk/src/Admin.php#L16"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3203054%40if-menu&new=3203054%40if-menu&sfp_email=&sfph_mail=",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3203054%40if-menu&new=3203054%40if-menu&sfp_email=&sfph_mail="
}
]
},
"credits": [
{
"lang": "en",
"value": "Marco Wotschka"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
]
}

76
2024/8xxx/CVE-2024-8679.json
View File

@ -1,17 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8679",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Library Management System \u2013 Manage e-Digital Books Library plugin for WordPress is vulnerable to SQL Injection via the \u2018value' parameter of the owt_lib_handler AJAX action in all versions up to, and including, 3.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "owthub",
"product": {
"product_data": [
{
"product_name": "Library Management System \u2013 Manage e-Digital Books Library",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "3.0.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ee792903-3b55-4f1d-bba1-59ea3f1826a1?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ee792903-3b55-4f1d-bba1-59ea3f1826a1?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/library-management-system/trunk/admin/class-library-management-system-admin.php#L2092",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/library-management-system/trunk/admin/class-library-management-system-admin.php#L2092"
}
]
},
"credits": [
{
"lang": "en",
"value": "Eduardo Bido"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
}
]
}