"-Synchronized-Data."

2025-08-04 08:44:25 +00:00 · 2024-05-23 15:00:33 +00:00 · 2024-05-23 15:00:33 +00:00 · d56c4cd916
commit d56c4cd916
parent 5ace7686ee
4 changed files with 188 additions and 8 deletions
--- a/2024/5xxx/CVE-2024-5084.json
+++ b/2024/5xxx/CVE-2024-5084.json
@ -1,17 +1,89 @@
 {
+    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2024-5084",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "security@wordfence.com",
+        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "The Hash Form \u2013 Drag & Drop Form Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'file_upload_action' function in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
+                    }
+                ]
+            }
+        ]
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "hashthemes",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Hash Form \u2013 Drag & Drop Form Builder",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "<=",
+                                            "version_name": "*",
+                                            "version_value": "1.1.0"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/eef9e2fa-d8f0-42bf-95ac-ee4cafff0b14?source=cve",
+                "refsource": "MISC",
+                "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/eef9e2fa-d8f0-42bf-95ac-ee4cafff0b14?source=cve"
+            },
+            {
+                "url": "https://plugins.trac.wordpress.org/browser/hash-form/trunk/admin/classes/HashFormBuilder.php#L764",
+                "refsource": "MISC",
+                "name": "https://plugins.trac.wordpress.org/browser/hash-form/trunk/admin/classes/HashFormBuilder.php#L764"
+            },
+            {
+                "url": "https://plugins.trac.wordpress.org/changeset/3090341/",
+                "refsource": "MISC",
+                "name": "https://plugins.trac.wordpress.org/changeset/3090341/"
+            }
+        ]
+    },
+    "credits": [
+        {
+            "lang": "en",
+            "value": "Francesco Carlucci"
+        }
+    ],
+    "impact": {
+        "cvss": [
+            {
+                "version": "3.1",
+                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+                "baseScore": 9.8,
+                "baseSeverity": "CRITICAL"
            }
        ]
    }
--- a/2024/5xxx/CVE-2024-5085.json
+++ b/2024/5xxx/CVE-2024-5085.json
@ -1,17 +1,89 @@
 {
+    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2024-5085",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "security@wordfence.com",
+        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "The Hash Form \u2013 Drag & Drop Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.0 via deserialization of untrusted input in the 'process_entry' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-502 Deserialization of Untrusted Data"
+                    }
+                ]
+            }
+        ]
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "hashthemes",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Hash Form \u2013 Drag & Drop Form Builder",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "<=",
+                                            "version_name": "*",
+                                            "version_value": "1.1.0"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0166a2b2-24e2-4dd6-8842-d3e8dd7bb0dc?source=cve",
+                "refsource": "MISC",
+                "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0166a2b2-24e2-4dd6-8842-d3e8dd7bb0dc?source=cve"
+            },
+            {
+                "url": "https://plugins.trac.wordpress.org/browser/hash-form/trunk/admin/classes/HashFormEntry.php#L353",
+                "refsource": "MISC",
+                "name": "https://plugins.trac.wordpress.org/browser/hash-form/trunk/admin/classes/HashFormEntry.php#L353"
+            },
+            {
+                "url": "https://plugins.trac.wordpress.org/changeset/3090341/",
+                "refsource": "MISC",
+                "name": "https://plugins.trac.wordpress.org/changeset/3090341/"
+            }
+        ]
+    },
+    "credits": [
+        {
+            "lang": "en",
+            "value": "Francesco Carlucci"
+        }
+    ],
+    "impact": {
+        "cvss": [
+            {
+                "version": "3.1",
+                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
+                "baseScore": 8.1,
+                "baseSeverity": "HIGH"
            }
        ]
    }
--- a/2024/5xxx/CVE-2024-5271.json
+++ b/2024/5xxx/CVE-2024-5271.json
@ -0,0 +1,18 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2024-5271",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "RESERVED"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            }
+        ]
+    }
+}
--- a/2024/5xxx/CVE-2024-5272.json
+++ b/2024/5xxx/CVE-2024-5272.json
@ -0,0 +1,18 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2024-5272",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "RESERVED"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            }
+        ]
+    }
+}