From f13e1be6f3a8f6378a66d65eb8fbb24bad5c1769 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 24 Jul 2024 03:00:35 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/6xxx/CVE-2024-6750.json | 76 ++++++++++++++++++++++++++++++++++-- 2024/6xxx/CVE-2024-6751.json | 76 ++++++++++++++++++++++++++++++++++-- 2024/6xxx/CVE-2024-6752.json | 76 ++++++++++++++++++++++++++++++++++-- 2024/6xxx/CVE-2024-6753.json | 76 ++++++++++++++++++++++++++++++++++-- 2024/6xxx/CVE-2024-6754.json | 76 ++++++++++++++++++++++++++++++++++-- 2024/6xxx/CVE-2024-6755.json | 76 ++++++++++++++++++++++++++++++++++-- 2024/6xxx/CVE-2024-6756.json | 76 ++++++++++++++++++++++++++++++++++-- 2024/7xxx/CVE-2024-7027.json | 76 ++++++++++++++++++++++++++++++++++-- 8 files changed, 576 insertions(+), 32 deletions(-) diff --git a/2024/6xxx/CVE-2024-6750.json b/2024/6xxx/CVE-2024-6750.json index 6e4008cd521..9c18c3a9983 100644 --- a/2024/6xxx/CVE-2024-6750.json +++ b/2024/6xxx/CVE-2024-6750.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-6750", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Social Auto Poster plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.3.14. This makes it possible for unauthenticated attackers to add, modify, or delete post meta and plugin options." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "WPWeb", + "product": { + "product_data": [ + { + "product_name": "Social Auto Poster", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "5.3.14" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/36b58a4f-0761-4775-9010-9c77d4019c44?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/36b58a4f-0761-4775-9010-9c77d4019c44?source=cve" + }, + { + "url": "https://codecanyon.net/item/social-auto-poster-wordpress-scheduler-marketing-plugin/5754169", + "refsource": "MISC", + "name": "https://codecanyon.net/item/social-auto-poster-wordpress-scheduler-marketing-plugin/5754169" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Istv\u00e1n M\u00e1rton" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH" } ] } diff --git a/2024/6xxx/CVE-2024-6751.json b/2024/6xxx/CVE-2024-6751.json index e18f549d464..9365a75b1e5 100644 --- a/2024/6xxx/CVE-2024-6751.json +++ b/2024/6xxx/CVE-2024-6751.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-6751", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Social Auto Poster plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.3.14. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to add, modify, or delete post meta and plugin options." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "WPWeb", + "product": { + "product_data": [ + { + "product_name": "Social Auto Poster", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "5.3.14" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d7aceccc-7004-42f2-b085-eade9c45141c?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d7aceccc-7004-42f2-b085-eade9c45141c?source=cve" + }, + { + "url": "https://codecanyon.net/item/social-auto-poster-wordpress-scheduler-marketing-plugin/5754169", + "refsource": "MISC", + "name": "https://codecanyon.net/item/social-auto-poster-wordpress-scheduler-marketing-plugin/5754169" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Istv\u00e1n M\u00e1rton" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/6xxx/CVE-2024-6752.json b/2024/6xxx/CVE-2024-6752.json index 02d8df33776..9596b10827a 100644 --- a/2024/6xxx/CVE-2024-6752.json +++ b/2024/6xxx/CVE-2024-6752.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-6752", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Social Auto Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018wp_name\u2019 parameter in the 'wpw_auto_poster_map_wordpress_post_type' AJAX function in all versions up to, and including, 5.3.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "WPWeb", + "product": { + "product_data": [ + { + "product_name": "Social Auto Poster", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "5.3.14" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/39b9e8a0-96bb-4b36-b4e8-ec9e3f137835?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/39b9e8a0-96bb-4b36-b4e8-ec9e3f137835?source=cve" + }, + { + "url": "https://codecanyon.net/item/social-auto-poster-wordpress-scheduler-marketing-plugin/5754169", + "refsource": "MISC", + "name": "https://codecanyon.net/item/social-auto-poster-wordpress-scheduler-marketing-plugin/5754169" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Istv\u00e1n M\u00e1rton" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/6xxx/CVE-2024-6753.json b/2024/6xxx/CVE-2024-6753.json index c5ba5d143e8..552bdc1aa43 100644 --- a/2024/6xxx/CVE-2024-6753.json +++ b/2024/6xxx/CVE-2024-6753.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-6753", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Social Auto Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018mapTypes\u2019 parameter in the 'wpw_auto_poster_map_wordpress_post_type' AJAX function in all versions up to, and including, 5.3.14 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "WPWeb", + "product": { + "product_data": [ + { + "product_name": "Social Auto Poster", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "5.3.14" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3c268a6d-dfb4-4a9d-802e-80e5c1c53ca2?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3c268a6d-dfb4-4a9d-802e-80e5c1c53ca2?source=cve" + }, + { + "url": "https://codecanyon.net/item/social-auto-poster-wordpress-scheduler-marketing-plugin/5754169", + "refsource": "MISC", + "name": "https://codecanyon.net/item/social-auto-poster-wordpress-scheduler-marketing-plugin/5754169" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Istv\u00e1n M\u00e1rton" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 7.2, + "baseSeverity": "HIGH" } ] } diff --git a/2024/6xxx/CVE-2024-6754.json b/2024/6xxx/CVE-2024-6754.json index fb3a0b054a6..ac221e363a5 100644 --- a/2024/6xxx/CVE-2024-6754.json +++ b/2024/6xxx/CVE-2024-6754.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-6754", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Social Auto Poster plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the \u2018wpw_auto_poster_update_tweet_template\u2019 function in all versions up to, and including, 5.3.14. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary post metadata." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "WPWeb", + "product": { + "product_data": [ + { + "product_name": "Social Auto Poster", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "5.3.14" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/72934d2f-fd52-46d1-8cf9-9a20968899f7?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/72934d2f-fd52-46d1-8cf9-9a20968899f7?source=cve" + }, + { + "url": "https://codecanyon.net/item/social-auto-poster-wordpress-scheduler-marketing-plugin/5754169", + "refsource": "MISC", + "name": "https://codecanyon.net/item/social-auto-poster-wordpress-scheduler-marketing-plugin/5754169" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Istv\u00e1n M\u00e1rton" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/6xxx/CVE-2024-6755.json b/2024/6xxx/CVE-2024-6755.json index 217aa445004..1a5c3a27bc0 100644 --- a/2024/6xxx/CVE-2024-6755.json +++ b/2024/6xxx/CVE-2024-6755.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-6755", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Social Auto Poster plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the \u2018wpw_auto_poster_quick_delete_multiple\u2019 function in all versions up to, and including, 5.3.14. This makes it possible for unauthenticated attackers to delete arbitrary posts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "WPWeb", + "product": { + "product_data": [ + { + "product_name": "Social Auto Poster", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "5.3.14" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d9b1044d-6858-498f-9b89-352650061858?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d9b1044d-6858-498f-9b89-352650061858?source=cve" + }, + { + "url": "https://codecanyon.net/item/social-auto-poster-wordpress-scheduler-marketing-plugin/5754169", + "refsource": "MISC", + "name": "https://codecanyon.net/item/social-auto-poster-wordpress-scheduler-marketing-plugin/5754169" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Istv\u00e1n M\u00e1rton" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/6xxx/CVE-2024-6756.json b/2024/6xxx/CVE-2024-6756.json index e440c6979fb..3b9f9fe80fa 100644 --- a/2024/6xxx/CVE-2024-6756.json +++ b/2024/6xxx/CVE-2024-6756.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-6756", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Social Auto Poster plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpw_auto_poster_get_image_path' function in all versions up to, and including, 5.3.14. This makes it possible for authenticated attackers, with Contributor-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible. An attacker can use CVE-2024-6754 to exploit with subscriber-level access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload of File with Dangerous Type", + "cweId": "CWE-434" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "WPWeb", + "product": { + "product_data": [ + { + "product_name": "Social Auto Poster", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "5.3.14" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/24e00c0d-08ff-4c68-a1dd-77b513545efd?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/24e00c0d-08ff-4c68-a1dd-77b513545efd?source=cve" + }, + { + "url": "https://codecanyon.net/item/social-auto-poster-wordpress-scheduler-marketing-plugin/5754169", + "refsource": "MISC", + "name": "https://codecanyon.net/item/social-auto-poster-wordpress-scheduler-marketing-plugin/5754169" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Istv\u00e1n M\u00e1rton" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/7xxx/CVE-2024-7027.json b/2024/7xxx/CVE-2024-7027.json index 91b78e98506..60f80fb19e5 100644 --- a/2024/7xxx/CVE-2024-7027.json +++ b/2024/7xxx/CVE-2024-7027.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-7027", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WooCommerce - PDF Vouchers plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 4.9.3. This is due to insufficient verification on the user being supplied during a QR code login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing Voucher Vendor user on the site, if they have access to the user id." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-288 Authentication Bypass Using an Alternate Path or Channel", + "cweId": "CWE-288" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "WPWeb", + "product": { + "product_data": [ + { + "product_name": "WooCommerce - PDF Vouchers", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "4.9.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b6cf27d9-c0be-4cff-8867-19297f6d79d7?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b6cf27d9-c0be-4cff-8867-19297f6d79d7?source=cve" + }, + { + "url": "https://codecanyon.net/item/woocommerce-pdf-vouchers-ultimate-gift-cards-wordpress-plugin/7392046", + "refsource": "MISC", + "name": "https://codecanyon.net/item/woocommerce-pdf-vouchers-ultimate-gift-cards-wordpress-plugin/7392046" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Istv\u00e1n M\u00e1rton" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH" } ] }