From bd2fd080589a253279970590117d5d121185aeb8 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 19 Sep 2024 04:00:36 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/4xxx/CVE-2022-4533.json | 76 +++++++++++++++++++++++++++++-- 2024/39xxx/CVE-2024-39758.json | 18 ++++++++ 2024/41xxx/CVE-2024-41919.json | 18 ++++++++ 2024/42xxx/CVE-2024-42221.json | 18 ++++++++ 2024/43xxx/CVE-2024-43420.json | 18 ++++++++ 2024/45xxx/CVE-2024-45332.json | 18 ++++++++ 2024/45xxx/CVE-2024-45371.json | 18 ++++++++ 2024/45xxx/CVE-2024-45680.json | 18 ++++++++ 2024/45xxx/CVE-2024-45683.json | 18 ++++++++ 2024/46xxx/CVE-2024-46895.json | 18 ++++++++ 2024/47xxx/CVE-2024-47006.json | 18 ++++++++ 2024/47xxx/CVE-2024-47148.json | 18 ++++++++ 2024/47xxx/CVE-2024-47149.json | 18 ++++++++ 2024/47xxx/CVE-2024-47150.json | 18 ++++++++ 2024/47xxx/CVE-2024-47151.json | 18 ++++++++ 2024/47xxx/CVE-2024-47152.json | 18 ++++++++ 2024/47xxx/CVE-2024-47153.json | 18 ++++++++ 2024/47xxx/CVE-2024-47154.json | 18 ++++++++ 2024/47xxx/CVE-2024-47155.json | 18 ++++++++ 2024/47xxx/CVE-2024-47156.json | 18 ++++++++ 2024/47xxx/CVE-2024-47157.json | 18 ++++++++ 2024/8xxx/CVE-2024-8364.json | 81 ++++++++++++++++++++++++++++++++-- 2024/8xxx/CVE-2024-8850.json | 81 ++++++++++++++++++++++++++++++++-- 2024/8xxx/CVE-2024-8992.json | 18 ++++++++ 2024/8xxx/CVE-2024-8993.json | 18 ++++++++ 2024/8xxx/CVE-2024-8994.json | 18 ++++++++ 26 files changed, 640 insertions(+), 12 deletions(-) create mode 100644 2024/39xxx/CVE-2024-39758.json create mode 100644 2024/41xxx/CVE-2024-41919.json create mode 100644 2024/42xxx/CVE-2024-42221.json create mode 100644 2024/43xxx/CVE-2024-43420.json create mode 100644 2024/45xxx/CVE-2024-45332.json create mode 100644 2024/45xxx/CVE-2024-45371.json create mode 100644 2024/45xxx/CVE-2024-45680.json create mode 100644 2024/45xxx/CVE-2024-45683.json create mode 100644 2024/46xxx/CVE-2024-46895.json create mode 100644 2024/47xxx/CVE-2024-47006.json create mode 100644 2024/47xxx/CVE-2024-47148.json create mode 100644 2024/47xxx/CVE-2024-47149.json create mode 100644 2024/47xxx/CVE-2024-47150.json create mode 100644 2024/47xxx/CVE-2024-47151.json create mode 100644 2024/47xxx/CVE-2024-47152.json create mode 100644 2024/47xxx/CVE-2024-47153.json create mode 100644 2024/47xxx/CVE-2024-47154.json create mode 100644 2024/47xxx/CVE-2024-47155.json create mode 100644 2024/47xxx/CVE-2024-47156.json create mode 100644 2024/47xxx/CVE-2024-47157.json create mode 100644 2024/8xxx/CVE-2024-8992.json create mode 100644 2024/8xxx/CVE-2024-8993.json create mode 100644 2024/8xxx/CVE-2024-8994.json diff --git a/2022/4xxx/CVE-2022-4533.json b/2022/4xxx/CVE-2022-4533.json index 6634c9e6df8..f2c8c128fd6 100644 --- a/2022/4xxx/CVE-2022-4533.json +++ b/2022/4xxx/CVE-2022-4533.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4533", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Limit Login Attempts Plus plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 1.1.0. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the X-Forwarded-For header with with a different IP Address that will be logged and can be used to bypass settings that may have blocked out an IP address or country from logging in." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-348 Use of Less Trusted Source", + "cweId": "CWE-348" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "devfelixmoira", + "product": { + "product_data": [ + { + "product_name": "Limit Login Attempts Plus \u2013 WordPress Limit Login Attempts By Felix", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/aec7b59f-1c8a-4403-b33b-c119bd96ad9d?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/aec7b59f-1c8a-4403-b33b-c119bd96ad9d?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/limit-login-attempts-plus/trunk/core/LimitLoginAttempts.php#L1043", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/limit-login-attempts-plus/trunk/core/LimitLoginAttempts.php#L1043" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Mohammadreza Rashidi" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/39xxx/CVE-2024-39758.json b/2024/39xxx/CVE-2024-39758.json new file mode 100644 index 00000000000..5f92469054d --- /dev/null +++ b/2024/39xxx/CVE-2024-39758.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-39758", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/41xxx/CVE-2024-41919.json b/2024/41xxx/CVE-2024-41919.json new file mode 100644 index 00000000000..97bdbe13fb5 --- /dev/null +++ b/2024/41xxx/CVE-2024-41919.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-41919", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/42xxx/CVE-2024-42221.json b/2024/42xxx/CVE-2024-42221.json new file mode 100644 index 00000000000..0d6111bf158 --- /dev/null +++ b/2024/42xxx/CVE-2024-42221.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-42221", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/43xxx/CVE-2024-43420.json b/2024/43xxx/CVE-2024-43420.json new file mode 100644 index 00000000000..4607e95df85 --- /dev/null +++ b/2024/43xxx/CVE-2024-43420.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-43420", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/45xxx/CVE-2024-45332.json b/2024/45xxx/CVE-2024-45332.json new file mode 100644 index 00000000000..68d573c43bd --- /dev/null +++ b/2024/45xxx/CVE-2024-45332.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-45332", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/45xxx/CVE-2024-45371.json b/2024/45xxx/CVE-2024-45371.json new file mode 100644 index 00000000000..80de8f7580c --- /dev/null +++ b/2024/45xxx/CVE-2024-45371.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-45371", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/45xxx/CVE-2024-45680.json b/2024/45xxx/CVE-2024-45680.json new file mode 100644 index 00000000000..82ce1a58fdd --- /dev/null +++ b/2024/45xxx/CVE-2024-45680.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-45680", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/45xxx/CVE-2024-45683.json b/2024/45xxx/CVE-2024-45683.json new file mode 100644 index 00000000000..621c01a7db7 --- /dev/null +++ b/2024/45xxx/CVE-2024-45683.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-45683", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/46xxx/CVE-2024-46895.json b/2024/46xxx/CVE-2024-46895.json new file mode 100644 index 00000000000..0a94c4ed12e --- /dev/null +++ b/2024/46xxx/CVE-2024-46895.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-46895", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47006.json b/2024/47xxx/CVE-2024-47006.json new file mode 100644 index 00000000000..3f1712870ec --- /dev/null +++ b/2024/47xxx/CVE-2024-47006.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47006", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47148.json b/2024/47xxx/CVE-2024-47148.json new file mode 100644 index 00000000000..43f19bb4133 --- /dev/null +++ b/2024/47xxx/CVE-2024-47148.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47148", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47149.json b/2024/47xxx/CVE-2024-47149.json new file mode 100644 index 00000000000..6bb189d291f --- /dev/null +++ b/2024/47xxx/CVE-2024-47149.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47149", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47150.json b/2024/47xxx/CVE-2024-47150.json new file mode 100644 index 00000000000..51e34c95a5f --- /dev/null +++ b/2024/47xxx/CVE-2024-47150.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47150", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47151.json b/2024/47xxx/CVE-2024-47151.json new file mode 100644 index 00000000000..d517732e494 --- /dev/null +++ b/2024/47xxx/CVE-2024-47151.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47151", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47152.json b/2024/47xxx/CVE-2024-47152.json new file mode 100644 index 00000000000..c450b0d29d6 --- /dev/null +++ b/2024/47xxx/CVE-2024-47152.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47152", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47153.json b/2024/47xxx/CVE-2024-47153.json new file mode 100644 index 00000000000..6c47a5701de --- /dev/null +++ b/2024/47xxx/CVE-2024-47153.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47153", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47154.json b/2024/47xxx/CVE-2024-47154.json new file mode 100644 index 00000000000..85458e6522e --- /dev/null +++ b/2024/47xxx/CVE-2024-47154.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47154", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47155.json b/2024/47xxx/CVE-2024-47155.json new file mode 100644 index 00000000000..55887fe35f9 --- /dev/null +++ b/2024/47xxx/CVE-2024-47155.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47155", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47156.json b/2024/47xxx/CVE-2024-47156.json new file mode 100644 index 00000000000..7bd28302ffd --- /dev/null +++ b/2024/47xxx/CVE-2024-47156.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47156", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47157.json b/2024/47xxx/CVE-2024-47157.json new file mode 100644 index 00000000000..03ccb649afe --- /dev/null +++ b/2024/47xxx/CVE-2024-47157.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47157", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/8xxx/CVE-2024-8364.json b/2024/8xxx/CVE-2024-8364.json index 2f71e761d31..cf5443bcc77 100644 --- a/2024/8xxx/CVE-2024-8364.json +++ b/2024/8xxx/CVE-2024-8364.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-8364", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WP Custom Fields Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcfs-preset shortcode in all versions up to, and including, 1.2.35 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "dondon-benjamincouk", + "product": { + "product_data": [ + { + "product_name": "WP Custom Fields Search", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.2.35" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ef36a2a1-b3be-4270-8890-76705817b4b5?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ef36a2a1-b3be-4270-8890-76705817b4b5?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/wp-custom-fields-search/trunk/plugin.php#L53", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/wp-custom-fields-search/trunk/plugin.php#L53" + }, + { + "url": "https://wordpress.org/plugins/wp-custom-fields-search/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/wp-custom-fields-search/#developers" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Krzysztof Zaj\u0105c" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/8xxx/CVE-2024-8850.json b/2024/8xxx/CVE-2024-8850.json index 156fbe16cf1..a67a89a6892 100644 --- a/2024/8xxx/CVE-2024-8850.json +++ b/2024/8xxx/CVE-2024-8850.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-8850", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email' parameter when a placeholder such as {email} is used for the field in versions 4.9.9 to 4.9.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "dvankooten", + "product": { + "product_data": [ + { + "product_name": "MC4WP: Mailchimp for WordPress", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "4.9.9", + "version_value": "4.9.16" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1d2ba8ea-a75f-4069-b67d-f832acb1deef?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1d2ba8ea-a75f-4069-b67d-f832acb1deef?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/mailchimp-for-wp/tags/4.9.16/config/default-form-content.php#L8", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/mailchimp-for-wp/tags/4.9.16/config/default-form-content.php#L8" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3153075%40mailchimp-for-wp&new=3153075%40mailchimp-for-wp&sfp_email=&sfph_mail=", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3153075%40mailchimp-for-wp&new=3153075%40mailchimp-for-wp&sfp_email=&sfph_mail=" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "kauenavarro" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/8xxx/CVE-2024-8992.json b/2024/8xxx/CVE-2024-8992.json new file mode 100644 index 00000000000..6e99e4561c8 --- /dev/null +++ b/2024/8xxx/CVE-2024-8992.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-8992", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/8xxx/CVE-2024-8993.json b/2024/8xxx/CVE-2024-8993.json new file mode 100644 index 00000000000..621ceaaf389 --- /dev/null +++ b/2024/8xxx/CVE-2024-8993.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-8993", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/8xxx/CVE-2024-8994.json b/2024/8xxx/CVE-2024-8994.json new file mode 100644 index 00000000000..ad950f32e2d --- /dev/null +++ b/2024/8xxx/CVE-2024-8994.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-8994", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file