admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-30 18:04:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-08-30 10:00:35 +00:00
parent dc44f67fc1
commit adac583e70
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
5 changed files with 345 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
2023/7xxx/CVE-2023-7164.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "The BackWPup WordPress plugin before 4.0.4 does not prevent visitors from leaking key information about ongoing backups, allowing unauthenticated attackers to download backups of a site's database."
"value": "The BackWPup WordPress plugin before 4.0.4 does not prevent Directory Listing in its temporary backup folder, allowing unauthenticated attackers to download backups of a site's database."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
"value": "CWE-548 Exposure of Information Through Directory Listing"
}
]
}

111
2024/7xxx/CVE-2024-7122.json
View File

@ -1,17 +1,120 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-7122",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.13.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "webtechstreet",
"product": {
"product_data": [
{
"product_name": "Elementor Addon Elements",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.13.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/668621b0-67ef-44fc-a126-e8c4e372666e?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/668621b0-67ef-44fc-a126-e8c4e372666e?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/trunk/assets/js/eae.js#L568",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/trunk/assets/js/eae.js#L568"
},
{
"url": "https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/trunk/modules/text-separator/widgets/text-separator.php#L570",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/trunk/modules/text-separator/widgets/text-separator.php#L570"
},
{
"url": "https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/trunk/modules/animated-gradient/module.php#L160",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/trunk/modules/animated-gradient/module.php#L160"
},
{
"url": "https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/trunk/modules/image-compare/widgets/image-compare.php#L537",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/trunk/modules/image-compare/widgets/image-compare.php#L537"
},
{
"url": "https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/trunk/modules/dual-button/widgets/dual-button.php#L1045",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/trunk/modules/dual-button/widgets/dual-button.php#L1045"
},
{
"url": "https://wordpress.org/plugins/addon-elements-for-elementor-page-builder/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/addon-elements-for-elementor-page-builder/#developers"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3143440/",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/3143440/"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3143444/",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/3143444/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Craig Smith"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
}
]
}

81
2024/7xxx/CVE-2024-7858.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-7858",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Media Library Folders plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several AJAX functions in the media-library-plus.php file in all versions up to, and including, 8.2.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several actions related to managing media files and folder along with controlling settings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "maxfoundry",
"product": {
"product_data": [
{
"product_name": "Media Library Folders",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "8.2.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fcc0fc00-b7d6-429c-9ab3-f08971c48777?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fcc0fc00-b7d6-429c-9ab3-f08971c48777?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/media-library-plus/trunk/media-library-plus.php",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/media-library-plus/trunk/media-library-plus.php"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3143036%40media-library-plus&new=3143036%40media-library-plus&sfp_email=&sfph_mail=",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3143036%40media-library-plus&new=3143036%40media-library-plus&sfp_email=&sfph_mail="
}
]
},
"credits": [
{
"lang": "en",
"value": "Lucio S\u00e1"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
}
]
}

86
2024/8xxx/CVE-2024-8252.json
View File

@ -1,17 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8252",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Clean Login plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.14.5 via the 'template' attribute of the clean-login-register shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')",
"cweId": "CWE-98"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "hornero",
"product": {
"product_data": [
{
"product_name": "Clean Login",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.14.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b9f99b51-e1b1-4cd3-a9f7-24e4b59811a7?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b9f99b51-e1b1-4cd3-a9f7-24e4b59811a7?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/clean-login/tags/1.14.5/include/shortcodes.php#L146",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/clean-login/tags/1.14.5/include/shortcodes.php#L146"
},
{
"url": "https://plugins.trac.wordpress.org/browser/clean-login/tags/1.14.5/include/frontend.php#L20",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/clean-login/tags/1.14.5/include/frontend.php#L20"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3143241%40clean-login&new=3143241%40clean-login&sfp_email=&sfph_mail=",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3143241%40clean-login&new=3143241%40clean-login&sfp_email=&sfph_mail="
}
]
},
"credits": [
{
"lang": "en",
"value": "wesley"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}

81
2024/8xxx/CVE-2024-8274.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8274",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The WP Booking Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters from 'timeline_obj' in all versions up to, and including, 10.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "wpdevelop",
"product": {
"product_data": [
{
"product_name": "WP Booking Calendar",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "10.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/83804c2a-2c4a-4f69-b833-dcd53ddab94d?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/83804c2a-2c4a-4f69-b833-dcd53ddab94d?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/booking/tags/10.4/core/timeline/v2/wpbc-class-timeline_v2.php#L520",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/booking/tags/10.4/core/timeline/v2/wpbc-class-timeline_v2.php#L520"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3143364/booking/trunk/core/timeline/v2/wpbc-class-timeline_v2.php?old=3139443&old_path=booking%2Ftrunk%2Fcore%2Ftimeline%2Fv2%2Fwpbc-class-timeline_v2.php",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/3143364/booking/trunk/core/timeline/v2/wpbc-class-timeline_v2.php?old=3139443&old_path=booking%2Ftrunk%2Fcore%2Ftimeline%2Fv2%2Fwpbc-class-timeline_v2.php"
}
]
},
"credits": [
{
"lang": "en",
"value": "David Gallagher"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
}
]
}