admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-06 18:52:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-10-16T08:00:21.081387+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-10-16 08:03:22 +00:00
parent afe0d0b6b7
commit 210ea4e49d
53 changed files with 3105 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
CVE-2012/CVE-2012-100xx/CVE-2012-10018.json Normal file
View File

@ -0,0 +1,72 @@
{
"id": "CVE-2012-10018",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:03.920",
"lastModified": "2024-10-16T07:15:03.920",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Mapplic and Mapplic Lite plugins for WordPress are vulnerable to Server-Side Request Forgery in versions up to, and including 6.1, 1.0 respectively. This makes it possible for attackers to forgery requests coming from a vulnerable site's server and ultimately perform an XSS attack if requesting an SVG file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://packetstormsecurity.com/files/161919/",
"source": "security@wordfence.com"
},
{
"url": "https://packetstormsecurity.com/files/161920/",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2503447",
"source": "security@wordfence.com"
},
{
"url": "https://www.mapplic.com/docs/#changelog",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5aacabb5-94af-485a-af24-e84db3e3726f?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2016/CVE-2016-150xx/CVE-2016-15040.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2016-15040",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:04.447",
"lastModified": "2024-10-16T07:15:04.447",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Kento Post View Counter plugin for WordPress is vulnerable to SQL Injection via the 'kento_pvc_geo' parameter in versions up to, and including, 2.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/kento-post-view-counter/trunk/index.php#L216",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/525b466d-137a-467b-8b49-e51393a73866?source=cve",
"source": "security@wordfence.com"
}
]
}

68
CVE-2016/CVE-2016-150xx/CVE-2016-15041.json Normal file
View File

@ -0,0 +1,68 @@
{
"id": "CVE-2016-15041",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:04.747",
"lastModified": "2024-10-16T07:15:04.747",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The MainWP Dashboard \u2013 The Private WordPress Manager for Multiple Website Maintenance plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018mwp_setup_purchase_username\u2019 parameter in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://klikki.fi/adv/mainwp.html",
"source": "security@wordfence.com"
},
{
"url": "https://web.archive.org/web/20191101060009/https%3A//klikki.fi/adv/mainwp.html",
"source": "security@wordfence.com"
},
{
"url": "https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-mainwp-dashboard-cross-site-scripting-3-1-2/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a9b1445f-3b6b-40fa-9a12-f55d63668dda?source=cve",
"source": "security@wordfence.com"
}
]
}

64
CVE-2017/CVE-2017-201xx/CVE-2017-20192.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2017-20192",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:05.147",
"lastModified": "2024-10-16T07:15:05.147",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Formidable Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters submitted during form entries like 'after_html' in versions before 2.05.03 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://klikki.fi/adv/formidable.html",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/plugins/formidable/#developers",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/900fcaab-2424-4ae8-af18-95659db0dbe3?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2018/CVE-2018-251xx/CVE-2018-25105.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2018-25105",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:05.467",
"lastModified": "2024-10-16T07:15:05.467",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The File Manager plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the /inc/root.php file in versions up to, and including, 3.0. This makes it possible for unauthenticated attackers to download arbitrary files from the server and upload arbitrary files that can be used for remote code execution."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=1942390%40wp-file-manager&new=1942390%40wp-file-manager&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a56d5a2f-ae13-4523-bc4a-17bb2fb4c6f0?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2019/CVE-2019-252xx/CVE-2019-25213.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2019-25213",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:05.790",
"lastModified": "2024-10-16T07:15:05.790",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Advanced Access Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read in versions up to, and including, 5.9.8.1 due to insufficient validation on the aam-media parameter. This allows unauthenticated attackers to read any file on the server, including sensitive files such as wp-config.php"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/2098838/advanced-access-manager/trunk/application/Core/Media.php?old=2151316&old_path=advanced-access-manager%2Ftrunk%2Fapplication%2FCore%2FMedia.php",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/55e0f0df-7be2-4e18-988c-2cc558768eff?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2019/CVE-2019-252xx/CVE-2019-25214.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2019-25214",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:06.153",
"lastModified": "2024-10-16T07:15:06.153",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ShopWP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST API routes in versions up to, and including, 2.0.4. This makes it possible for unauthenticated attackers to call the endpoints and perform unauthorized actions such as updating the plugin's settings and injecting malicious scripts."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2132502%40wpshopify&new=2132502%40wpshopify&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d04f11b4-ee58-428b-aaa2-dc7d9f3e68e3?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2019/CVE-2019-252xx/CVE-2019-25215.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2019-25215",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:06.467",
"lastModified": "2024-10-16T07:15:06.467",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ARI-Adminer plugin for WordPress is vulnerable to authorization bypass due to a lack of file access controls in nearly every file of the plugin in versions up to, and including, 1.1.14. This makes it possible for unauthenticated attackers to call the files directly and perform a wide variety of unauthorized actions such as accessing a site's database and making changes."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2065317%40ari-adminer&new=2065317%40ari-adminer&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/67ad04d4-49ef-4bc4-b3b0-f2752566145e?source=cve",
"source": "security@wordfence.com"
}
]
}

68
CVE-2019/CVE-2019-252xx/CVE-2019-25216.json Normal file
View File

@ -0,0 +1,68 @@
{
"id": "CVE-2019-25216",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:06.727",
"lastModified": "2024-10-16T07:15:06.727",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Rich Review plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the POST body 'update' parameter in versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wordpress.org/support/topic/plugin-not-supported-open-to-malware-uninstall-now/",
"source": "security@wordfence.com"
},
{
"url": "https://wpscan.com/vulnerability/81bdc004-9b9c-49e2-b337-35a6d8395c5d",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/blog/2019/09/rich-reviews-plugin-vulnerability-exploited-in-the-wild/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/db701ad3-10fd-4a40-b239-139fbc95ab61?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2019/CVE-2019-252xx/CVE-2019-25217.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2019-25217",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:07.030",
"lastModified": "2024-10-16T07:15:07.030",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SiteGround Optimizer plugin for WordPress is vulnerable to authorization bypass leading to Remote Code Execution and Local File Inclusion in versions up to, and including, 5.0.12 due to incorrect use of an access control attribute on the switch_php function called via the /switch-php REST API route. This allows attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://blog.sucuri.net/2019/03/vulnerability-disclosure-siteground-optimizer-caldera-forms.html",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/657f3bd7-2cdc-4eb6-ba50-7c7fca468df0?source=cve",
"source": "security@wordfence.com"
}
]
}

68
CVE-2020/CVE-2020-368xx/CVE-2020-36831.json Normal file
View File

@ -0,0 +1,68 @@
{
"id": "CVE-2020-36831",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:07.280",
"lastModified": "2024-10-16T07:15:07.280",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on multiple user privilege/security functions provided in versions up to, and including 4.3.17. This makes it possible for low-privileged attackers, like subscribers, to perform restricted actions that would be otherwise locked to a administrative-level user."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://blog.sucuri.net/2020/09/insufficient-privilege-validation-in-nextscripts-social-networks-auto-poster.html",
"source": "security@wordfence.com"
},
{
"url": "https://wpscan.com/vulnerability/0641578b-16b9-4d79-af69-b4886840da36",
"source": "security@wordfence.com"
},
{
"url": "https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-nextscripts-social-networks-auto-poster-security-bypass-4-3-17/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3709465d-6d67-45bd-abb9-4875065b8129?source=cve",
"source": "security@wordfence.com"
}
]
}

64
CVE-2020/CVE-2020-368xx/CVE-2020-36832.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2020-36832",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:07.637",
"lastModified": "2024-10-16T07:15:07.637",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Ultimate Membership Pro plugin for WordPress is vulnerable to Authentication Bypass in versions between, and including, 7.3 to 8.6. This makes it possible for unauthenticated attackers to login as any user, including the site administrator with a default user ID of 1, via the username or user ID."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://codecanyon.net/item/ultimate-membership-pro-wordpress-plugin/12159253",
"source": "security@wordfence.com"
},
{
"url": "https://wpscan.com/vulnerability/9811025e-ab17-4255-aaaf-4f0306f5d281",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a5341bbd-55bd-41ad-b5d1-d6b56c141277?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2020/CVE-2020-368xx/CVE-2020-36833.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2020-36833",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:07.893",
"lastModified": "2024-10-16T07:15:07.893",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Indeed Membership Pro plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on various AJAX actions in versions 7.3 - 8.6. This makes it possible for authenticated attacker, with minimal permission, such as a subscriber, to perform a variety of actions such as modifying settings and viewing sensitive data."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/9811025e-ab17-4255-aaaf-4f0306f5d281",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ab1cc1ef-d0e0-491d-91a8-eaa0605fc1da?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2020/CVE-2020-368xx/CVE-2020-36834.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2020-36834",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:08.127",
"lastModified": "2024-10-16T07:15:08.127",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Discount Rules for WooCommerce plugin for WordPress is vulnerable to missing authorization via several AJAX actions in versions up to, and including, 2.0.2 due to missing capability checks on various functions. This makes it possible for subscriber-level attackers to execute various actions and perform a wide variety of actions such as modifying rules and saving configurations."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/articles/multiple-vulnerabilities-in-discount-rules-for-woocommerce-plugin/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/33cf27ba-a01b-4e34-9584-b1d3fc87af34?source=cve",
"source": "security@wordfence.com"
}
]
}

64
CVE-2020/CVE-2020-368xx/CVE-2020-36835.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2020-36835",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:08.387",
"lastModified": "2024-10-16T07:15:08.387",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Migration, Backup, Staging \u2013 WPvivid plugin for WordPress is vulnerable to sensitive information disclosure of a WordPress site's database due to missing capability checks on the wp_ajax_wpvivid_add_remote AJAX action that allows low-level authenticated attackers to send back-ups to a remote location of their choice for review. This affects versions up to, and including 0.9.35."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2261665%40wpvivid-backuprestore%2Ftrunk&old=2252870%40wpvivid-backuprestore%2Ftrunk&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://www.webarxsecurity.com/vulnerability-in-wpvivid-backup-plugin-can-lead-to-database-leak/?fbclid=IwAR3Ve74ZIvmx-aC0OssIWYwcWEjGq6yU16DcyVGHD1XUT3uYaZ3QyVu_Eos&utm_content=buffer4435b&utm_medium=social&utm_source=facebook.com&utm_campaign=buffer",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/90c3f8bc-fc41-4ba7-b9f2-8873203d5794?source=cve",
"source": "security@wordfence.com"
}
]
}

64
CVE-2020/CVE-2020-368xx/CVE-2020-36836.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2020-36836",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:08.630",
"lastModified": "2024-10-16T07:15:08.630",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized arbitrary file deletion in versions up to, and including, 0.9.0.2 due to a lack of capability checking and insufficient path validation. This makes it possible for authenticated users with minimal permissions to delete arbitrary files from the server."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/2235160/wp-fastest-cache",
"source": "security@wordfence.com"
},
{
"url": "https://wearetradecraft.com/advisories/tc-2020-0001/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/82f80916-37ab-4c5a-9787-2544c620acac?source=cve",
"source": "security@wordfence.com"
}
]
}

68
CVE-2020/CVE-2020-368xx/CVE-2020-36837.json Normal file
View File

@ -0,0 +1,68 @@
{
"id": "CVE-2020-36837",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:08.927",
"lastModified": "2024-10-16T07:15:08.927",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ThemeGrill Demo Importer plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the reset_wizard_actions function in versions 1.3.4 through 1.6.1. This makes it possible for authenticated attackers to reset the WordPress database. After which, if there is a user named 'admin', the attacker will become automatically logged in as an administrator."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://raw.githubusercontent.com/themegrill/themegrill-demo-importer/master/CHANGELOG.txt",
"source": "security@wordfence.com"
},
{
"url": "https://www.openwall.com/lists/oss-security/2020/02/19/1",
"source": "security@wordfence.com"
},
{
"url": "https://www.webarxsecurity.com/critical-issue-in-themegrill-demo-importer/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8c0dc694-854e-4f96-8c2d-7251c41a3ee9?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2020/CVE-2020-368xx/CVE-2020-36838.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2020-36838",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:09.200",
"lastModified": "2024-10-16T07:15:09.200",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Facebook Chat Plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp_ajax_update_options function in versions up to, and including, 1.5. This flaw makes it possible for low-level authenticated attackers to connect their own Facebook Messenger account to any site running the vulnerable plugin and engage in chats with site visitors on affected sites."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.1,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://www.wordfence.com/blog/2020/08/the-official-facebook-chat-plugin-created-vector-for-social-engineering-attacks/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/36ae4183-5fa7-484c-b858-5df10ae3d3f2?source=cve",
"source": "security@wordfence.com"
}
]
}

64
CVE-2020/CVE-2020-368xx/CVE-2020-36839.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2020-36839",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:09.433",
"lastModified": "2024-10-16T07:15:09.433",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WP Lead Plus X plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.99. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to perform administrative actions, such as adding pages to the site and/or replacing site content with malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://wordpress.org/plugins/free-sales-funnel-squeeze-pages-landing-page-builder-templates-make/#developers",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/blog/2020/04/critical-vulnerabilities-in-the-wp-lead-plus-x-wordpress-plugin/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ddb97db0-cbf3-42be-a5c7-12fc2a2bc9e8?source=cve",
"source": "security@wordfence.com"
}
]
}

64
CVE-2021/CVE-2021-44xx/CVE-2021-4443.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2021-4443",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:09.713",
"lastModified": "2024-10-16T07:15:09.713",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WordPress Mega Menu plugin for WordPress is vulnerable to Arbitrary File Creation in versions up to, and including, 2.0.6 via the compiler_save AJAX action. This makes it possible for unauthenticated attackers to create arbitrary PHP files that can be used to execute malicious code."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://sh3llcon.org/la-debilidad-de-wordpress/",
"source": "security@wordfence.com"
},
{
"url": "https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-wordpress-mega-menu-quadmenu-remote-code-execution-2-0-6/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/04003542-fd62-4587-9834-70e7fe8f08ef?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2021/CVE-2021-44xx/CVE-2021-4444.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2021-4444",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:09.960",
"lastModified": "2024-10-16T07:15:09.960",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Product Filter by WooBeWoo plugin for WordPress is vulnerable to authorization bypass in versions up to, and including 1.4.9 due to missing authorization checks on various functions. This makes it possible for unauthenticated attackers to perform unauthorized actions such as creating new filters and injecting malicious javascript into a vulnerable site. This was actively exploited at the time of discovery."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2527958%40woo-product-filter&new=2527958%40woo-product-filter&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/30b6b0bf-e632-4e83-89ee-a424382534da?source=cve",
"source": "security@wordfence.com"
}
]
}

72
CVE-2021/CVE-2021-44xx/CVE-2021-4445.json Normal file
View File

@ -0,0 +1,72 @@
{
"id": "CVE-2021-4445",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:10.193",
"lastModified": "2024-10-16T07:15:10.193",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Premium Addons for Elementor plugin for WordPress is vulnerable to Arbitrary Option Updates in versions up to, and including, 4.5.1. This is due to missing capability and nonce checks in the pa_dismiss_admin_notice AJAX action. This makes it possible for authenticated subscriber+ attackers to change arbitrary options with a restricted value of 1 on vulnerable WordPress sites."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://ithemes.com/blog/wordpress-vulnerability-report-september-2021-part-2/#ib-toc-anchor-2",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2590819%40premium-addons-for-elementor&new=2590819%40premium-addons-for-elementor&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/plugins/premium-addons-for-elementor/",
"source": "security@wordfence.com"
},
{
"url": "https://wpscan.com/vulnerability/2e5b3608-1dfc-468f-b3ae-12ce7c25ee6c",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cffb26bc-3d3f-4593-bb36-d2abcd67861e?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2021/CVE-2021-44xx/CVE-2021-4446.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2021-4446",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:10.447",
"lastModified": "2024-10-16T07:15:10.447",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Essential Addons for Elementor plugin for WordPress is vulnerable to authorization bypass in versions up to and including 4.6.4 due to missing capability checks and nonce disclosure. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to perform many unauthorized actions such as changing settings and installing arbitrary plugins."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2526471%40essential-addons-for-elementor-lite&new=2526471%40essential-addons-for-elementor-lite&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/283fb581-8b61-4008-a5c4-2e1490fab33e?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2021/CVE-2021-44xx/CVE-2021-4447.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2021-4447",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:10.687",
"lastModified": "2024-10-16T07:15:10.687",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Essential Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in versions up to and including 4.6.4 due to a lack of restrictions on who can add a registration form and a custom registration role to an Elementor created page. This makes it possible for attackers with access to the Elementor page builder to create a new registration form that defaults to the user role being set to administrator and subsequently register as an administrative user."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2526471%40essential-addons-for-elementor-lite&new=2526471%40essential-addons-for-elementor-lite&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/be098ee9-b749-4908-85e8-e717d019609a?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2021/CVE-2021-44xx/CVE-2021-4448.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2021-4448",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:10.980",
"lastModified": "2024-10-16T07:15:10.980",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Kaswara Modern VC Addons plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 3.0.1 due to insufficient capability checking on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of unauthorized actions such as importing data, uploading arbitrary files, deleting arbitrary files, and more."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://codecanyon.net/item/kaswara-modern-visual-composer-addons/19341477",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3bf76527-9a11-4755-992c-02fbc1a79bae?source=cve",
"source": "security@wordfence.com"
}
]
}

76
CVE-2021/CVE-2021-44xx/CVE-2021-4449.json Normal file
View File

@ -0,0 +1,76 @@
{
"id": "CVE-2021-4449",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:11.243",
"lastModified": "2024-10-16T07:15:11.243",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ZoomSounds plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'savepng.php' file in versions up to, and including, 5.96. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://codecanyon.net/item/zoomsounds-wordpress-wave-audio-player-with-playlist/6181433",
"source": "security@wordfence.com"
},
{
"url": "https://github.com/0xAgun/Arbitrary-File-Upload-ZoomSounds",
"source": "security@wordfence.com"
},
{
"url": "https://ithemes.com/blog/wordpress-vulnerability-report-june-2021-part-5/#ib-toc-anchor-2",
"source": "security@wordfence.com"
},
{
"url": "https://sploitus.com/exploit?id=WPEX-ID:07259A61-8BA9-4DD0-8D52-CC1DF389C0AD",
"source": "security@wordfence.com"
},
{
"url": "https://wpscan.com/vulnerability/07259a61-8ba9-4dd0-8d52-cc1df389c0ad",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/262e3bb3-bc83-4d0b-8056-9f94ec141b8f?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2021/CVE-2021-44xx/CVE-2021-4450.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2021-4450",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:11.527",
"lastModified": "2024-10-16T07:15:11.527",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Post Grid plugin for WordPress is vulnerable to blind SQL Injection via post metadata in versions up to, and including, 2.1.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level permissions and above to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/2644269",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a321b112-ce37-4a0e-800f-f3feef6ac799?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2021/CVE-2021-44xx/CVE-2021-4451.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2021-4451",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:11.770",
"lastModified": "2024-10-16T07:15:11.770",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The NinjaFirewall plugin for WordPress is vulnerable to Authenticated PHAR Deserialization in versions up to, and including, 4.3.3. This allows authenticated attackers to perform phar deserialization on the server. This deserialization can allow other plugin or theme exploits if vulnerable software is present (WordPress, and NinjaFirewall)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.7,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/security-issue-fixed-in-ninjafirewall-wp-edition/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1a1fc6c9-50cd-40fd-a777-9eed98aab797?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2022/CVE-2022-49xx/CVE-2022-4971.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2022-4971",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:12.040",
"lastModified": "2024-10-16T07:15:12.040",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'urls' parameter called via the 'heateor_sss_sharing_count' AJAX action in versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/4631519b-2060-43a0-b69b-b3d7ed94c705/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/85277960-2bba-4cd7-9f4c-e04f6743b96c?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2022/CVE-2022-49xx/CVE-2022-4972.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2022-4972",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:12.257",
"lastModified": "2024-10-16T07:15:12.257",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Download Monitor plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST-API routes related to reporting in versions up to, and including, 4.7.51. This makes it possible for unauthenticated attackers to view user data and other sensitive information intended for administrators."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/2822758/download-monitor/trunk/src/Admin/Reports/class-dlm-reports.php?contextall=1&old=2821522&old_path=%2Fdownload-monitor%2Ftrunk%2Fsrc%2FAdmin%2FReports%2Fclass-dlm-reports.php",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a9000c52-fdd7-43e2-ae6a-9f127c4a9fcd?source=cve",
"source": "security@wordfence.com"
}
]
}

68
CVE-2022/CVE-2022-49xx/CVE-2022-4973.json Normal file
View File

@ -0,0 +1,68 @@
{
"id": "CVE-2022-4973",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:12.497",
"lastModified": "2024-10-16T07:15:12.497",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WordPress Core, in versions up to 6.0.2, is vulnerable to Authenticated Stored Cross-Site Scripting that can be exploited by users with access to the WordPress post and page editor, typically consisting of Authors, Contributors, and Editors making it possible to inject arbitrary web scripts into posts and pages that execute if the the_meta(); function is called on that page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://core.trac.wordpress.org/changeset/53961",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/news/2022/08/wordpress-6-0-2-security-and-maintenance-release/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/blog/2022/08/wordpress-core-6-0-2-security-maintenance-release-what-you-need-to-know/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b5582e89-83e6-4898-b9fe-09eddeb5f7ae?source=cve",
"source": "security@wordfence.com"
}
]
}

76
CVE-2022/CVE-2022-49xx/CVE-2022-4974.json Normal file
View File

@ -0,0 +1,76 @@
{
"id": "CVE-2022-4974",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:12.760",
"lastModified": "2024-10-16T07:15:12.760",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://freemius.com/blog/managing-security-issues-open-source-freemius-sdk-security-disclosure/",
"source": "security@wordfence.com"
},
{
"url": "https://web.archive.org/web/20220225174410/https%3A//www.pluginvulnerabilities.com/2022/02/25/our-security-review-of-wordpress-plugin-found-freemius-library-still-contained-vulnerabilities-3-years-after-major-security-incident/",
"source": "security@wordfence.com"
},
{
"url": "https://wpdirectory.net/search/01FWPVWA7BC5DYGZHNSZQ9QMN5",
"source": "security@wordfence.com"
},
{
"url": "https://wpdirectory.net/search/01G02RSGMFS1TPT63FS16RWEYR",
"source": "security@wordfence.com"
},
{
"url": "https://wpscan.com/vulnerability/6dae6dca-7474-4008-9fe5-4c62b9f12d0a",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=cve",
"source": "security@wordfence.com"
}
]
}

64
CVE-2023/CVE-2023-72xx/CVE-2023-7286.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2023-7286",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:13.223",
"lastModified": "2024-10-16T07:15:13.223",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The plugin ACF Quick Edit Fields for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.2.2. This makes it possible for attackers without the edit_users capability to access metadata of other users, this includes contributor-level users and above."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?new=2828750%40acf-quickedit-fields&old=2816195%40acf-quickedit-fields#file89",
"source": "security@wordfence.com"
},
{
"url": "https://wpscan.com/vulnerability/3538e80e-c2c5-4e7b-97c3-b7debad7a136",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5954bdc0-09e9-4691-95ff-02f7304514c9?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2023/CVE-2023-72xx/CVE-2023-7287.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2023-7287",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:13.507",
"lastModified": "2024-10-16T07:15:13.507",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized subscription cancellation due to a missing capability check on the pt_cancel_subscription function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to cancel a subscription to the plugin."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2853869%40paytium%2Ftrunk&old=2824314%40paytium%2Ftrunk&sfp_email=&sfph_mail=#file0",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/060f31ab-cfa4-4ca8-846a-de76848b28fb?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2023/CVE-2023-72xx/CVE-2023-7288.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2023-7288",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:13.743",
"lastModified": "2024-10-16T07:15:13.743",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the update_profile_preference function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to change plugin settings."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2853869%40paytium%2Ftrunk&old=2824314%40paytium%2Ftrunk&sfp_email=&sfph_mail=#file0",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2e9bee86-f491-4f68-b10b-051e0fb1a67b?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2023/CVE-2023-72xx/CVE-2023-7289.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2023-7289",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:14.000",
"lastModified": "2024-10-16T07:15:14.000",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized API key update due to a missing capability check on the paytium_sw_save_api_keys function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to change plugin API keys."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2853869%40paytium%2Ftrunk&old=2824314%40paytium%2Ftrunk&sfp_email=&sfph_mail=#file0",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a92beff1-3bc6-459e-aeca-5cbdf2152388?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2023/CVE-2023-72xx/CVE-2023-7290.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2023-7290",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:14.243",
"lastModified": "2024-10-16T07:15:14.243",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the check_for_verified_profiles function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to check profile statuses."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2853869%40paytium%2Ftrunk&old=2824314%40paytium%2Ftrunk&sfp_email=&sfph_mail=#file0",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/af55c470-b94d-49ee-8b72-44652dcccd73?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2023/CVE-2023-72xx/CVE-2023-7291.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2023-7291",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:14.503",
"lastModified": "2024-10-16T07:15:14.503",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create_mollie_account function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to set up a mollie account."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2853869%40paytium%2Ftrunk&old=2824314%40paytium%2Ftrunk&sfp_email=&sfph_mail=#file0",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d4491b89-2120-4edb-a396-e45ba09b3b99?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2023/CVE-2023-72xx/CVE-2023-7292.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2023-7292",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:14.737",
"lastModified": "2024-10-16T07:15:14.737",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized notification dismissal due to a missing capability check on the paytium_notice_dismiss function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to dismiss admin notices."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2853869%40paytium%2Ftrunk&old=2824314%40paytium%2Ftrunk&sfp_email=&sfph_mail=#file0",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/eb6642c0-9011-419b-bef6-5aa594993c01?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2023/CVE-2023-72xx/CVE-2023-7293.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2023-7293",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:14.970",
"lastModified": "2024-10-16T07:15:14.970",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the check_mollie_account_details function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to verify the existence of a mollie account."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2853869%40paytium%2Ftrunk&old=2824314%40paytium%2Ftrunk&sfp_email=&sfph_mail=#file0",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f065648a-436a-459c-8ab1-c948c78b43c9?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2023/CVE-2023-72xx/CVE-2023-7294.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2023-7294",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:15.277",
"lastModified": "2024-10-16T07:15:15.277",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the create_mollie_profile function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to create a mollie payment profile."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2853869%40paytium%2Ftrunk&old=2824314%40paytium%2Ftrunk&sfp_email=&sfph_mail=#file0",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fbbd3209-7ed6-4409-a24e-9f6225cf10f5?source=cve",
"source": "security@wordfence.com"
}
]
}

6
CVE-2024/CVE-2024-37xx/CVE-2024-3727.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-3727",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-05-14T15:42:07.060",
"lastModified": "2024-10-03T13:15:14.953",
"lastModified": "2024-10-16T07:15:15.583",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -112,6 +112,10 @@
"url": "https://access.redhat.com/errata/RHSA-2024:7187",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:7922",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-3727",
"source": "secalert@redhat.com"

6
CVE-2024/CVE-2024-65xx/CVE-2024-6508.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-6508",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-08-21T06:15:08.120",
"lastModified": "2024-08-21T12:30:33.697",
"lastModified": "2024-10-16T07:15:16.027",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -52,6 +52,10 @@
}
],
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2024:7922",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-6508",
"source": "secalert@redhat.com"

4
CVE-2024/CVE-2024-74xx/CVE-2024-7489.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-7489",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-12T06:15:02.337",
"lastModified": "2024-10-15T12:57:46.880",
"lastModified": "2024-10-16T07:15:16.160",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Forms for Mailchimp by Optin Cat \u2013 Grow Your MailChimp List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form color parameters in all versions up to, and including, 2.5.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."
"value": "The Forms for Mailchimp by Optin Cat \u2013 Grow Your MailChimp List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form color parameters in all versions up to, and including, 2.5.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",

60
CVE-2024/CVE-2024-85xx/CVE-2024-8507.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-8507",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:16.277",
"lastModified": "2024-10-16T07:15:16.277",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The File Manager Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.3.9. This is due to missing or incorrect nonce validation on the 'mk_file_folder_manager' ajax action. This makes it possible for unauthenticated attackers to upload arbitrary files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://filemanagerpro.io/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/db70b37c-707a-47b8-a3a2-5a2b7d30de89?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-87xx/CVE-2024-8746.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-8746",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:16.537",
"lastModified": "2024-10-16T07:15:16.537",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The File Manager Pro plugin for WordPress is vulnerable to arbitrary backup file downloads and uploads due to missing file type validation via the 'mk_file_folder_manager_shortcode' ajax action in all versions up to, and including, 8.3.9. This makes it possible for unauthenticated attackers, if granted access to the File Manager by an administrator, to download and upload arbitrary backup files on the affected site's server which may make remote code execution possible."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://filemanagerpro.io/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/88f1eb9a-f3bb-4b62-975f-a6cb95850966?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-89xx/CVE-2024-8918.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-8918",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:16.777",
"lastModified": "2024-10-16T07:15:16.777",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The File Manager Pro plugin for WordPress is vulnerable to Limited JavaScript File Upload in all versions up to, and including, 8.3.9. This is due to a lack of proper checks on allowed file types. This makes it possible for unauthenticated attackers, with permissions granted by an administrator, to upload .css and .js files, which could lead to Stored Cross-Site Scripting."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://filemanagerpro.io/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/01ef62c8-e862-422c-948d-6d376d021c82?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-95xx/CVE-2024-9582.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-9582",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T07:15:17.033",
"lastModified": "2024-10-16T07:15:17.033",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Accordion Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018html\u2019 attribute of an accordion slider in all versions up to, and including, 1.9.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: Successful exploitation by Contributor-level users requires an Administrator-level user to provide access to the plugin's admin area via the `Access` plugin setting, which is restricted to administrators by default."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3166480/accordion-slider",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/94f19f56-0667-443e-8545-a17fbe9c3ddb?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-98xx/CVE-2024-9873.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-9873",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T06:15:02.527",
"lastModified": "2024-10-16T06:15:02.527",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Community by PeepSo \u2013 Social Network, Membership, Registration, User Profiles, Premium \u2013 Mobile App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via URLs in posts, comments, and profiles when Markdown support is enabled in all versions up to, and including, 6.4.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3168989/peepso-core/tags/6.4.6.2/peepso.php?old=3157925&old_path=peepso-core%2Ftags%2F6.4.6.1%2Fpeepso.php",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/33585791-be40-438c-bebc-8852e7cf8ae5?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-98xx/CVE-2024-9888.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-9888",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T06:15:03.650",
"lastModified": "2024-10-16T06:15:03.650",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's contact form widget redirect URL in all versions up to, and including, 1.2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3168782/elementinvader-addons-for-elementor/trunk/modules/forms/ajax-handler.php",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ba9d12c5-fe3a-4958-8d35-c63bb05b6d5a?source=cve",
"source": "security@wordfence.com"
}
]
}

64
CVE-2024/CVE-2024-99xx/CVE-2024-9937.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-9937",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-16T06:15:04.177",
"lastModified": "2024-10-16T06:15:04.177",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Woo Manage Fraud Orders plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 6.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/woo-manage-fraud-orders/trunk/includes/admin/class-wmfo-fraud-attempts-table.php#L108",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/woo-manage-fraud-orders/trunk/includes/admin/class-wmfo-logs-table.php#L108",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fc8b0944-f669-40d3-899b-d7f91b1a1fea?source=cve",
"source": "security@wordfence.com"
}
]
}

39
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-10-16T06:00:21.324318+00:00
2024-10-16T08:00:21.081387+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-10-16T05:15:14.297000+00:00
2024-10-16T07:15:17.033000+00:00
```
### Last Data Feed Release
@ -33,20 +33,47 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
265739
265787
```
### CVEs added in the last Commit
Recently added CVEs: `0`
Recently added CVEs: `48`
- [CVE-2021-4447](CVE-2021/CVE-2021-44xx/CVE-2021-4447.json) (`2024-10-16T07:15:10.687`)
- [CVE-2021-4448](CVE-2021/CVE-2021-44xx/CVE-2021-4448.json) (`2024-10-16T07:15:10.980`)
- [CVE-2021-4449](CVE-2021/CVE-2021-44xx/CVE-2021-4449.json) (`2024-10-16T07:15:11.243`)
- [CVE-2021-4450](CVE-2021/CVE-2021-44xx/CVE-2021-4450.json) (`2024-10-16T07:15:11.527`)
- [CVE-2021-4451](CVE-2021/CVE-2021-44xx/CVE-2021-4451.json) (`2024-10-16T07:15:11.770`)
- [CVE-2022-4971](CVE-2022/CVE-2022-49xx/CVE-2022-4971.json) (`2024-10-16T07:15:12.040`)
- [CVE-2022-4972](CVE-2022/CVE-2022-49xx/CVE-2022-4972.json) (`2024-10-16T07:15:12.257`)
- [CVE-2022-4973](CVE-2022/CVE-2022-49xx/CVE-2022-4973.json) (`2024-10-16T07:15:12.497`)
- [CVE-2022-4974](CVE-2022/CVE-2022-49xx/CVE-2022-4974.json) (`2024-10-16T07:15:12.760`)
- [CVE-2023-7286](CVE-2023/CVE-2023-72xx/CVE-2023-7286.json) (`2024-10-16T07:15:13.223`)
- [CVE-2023-7287](CVE-2023/CVE-2023-72xx/CVE-2023-7287.json) (`2024-10-16T07:15:13.507`)
- [CVE-2023-7288](CVE-2023/CVE-2023-72xx/CVE-2023-7288.json) (`2024-10-16T07:15:13.743`)
- [CVE-2023-7289](CVE-2023/CVE-2023-72xx/CVE-2023-7289.json) (`2024-10-16T07:15:14.000`)
- [CVE-2023-7290](CVE-2023/CVE-2023-72xx/CVE-2023-7290.json) (`2024-10-16T07:15:14.243`)
- [CVE-2023-7291](CVE-2023/CVE-2023-72xx/CVE-2023-7291.json) (`2024-10-16T07:15:14.503`)
- [CVE-2023-7292](CVE-2023/CVE-2023-72xx/CVE-2023-7292.json) (`2024-10-16T07:15:14.737`)
- [CVE-2023-7293](CVE-2023/CVE-2023-72xx/CVE-2023-7293.json) (`2024-10-16T07:15:14.970`)
- [CVE-2023-7294](CVE-2023/CVE-2023-72xx/CVE-2023-7294.json) (`2024-10-16T07:15:15.277`)
- [CVE-2024-8507](CVE-2024/CVE-2024-85xx/CVE-2024-8507.json) (`2024-10-16T07:15:16.277`)
- [CVE-2024-8746](CVE-2024/CVE-2024-87xx/CVE-2024-8746.json) (`2024-10-16T07:15:16.537`)
- [CVE-2024-8918](CVE-2024/CVE-2024-89xx/CVE-2024-8918.json) (`2024-10-16T07:15:16.777`)
- [CVE-2024-9582](CVE-2024/CVE-2024-95xx/CVE-2024-9582.json) (`2024-10-16T07:15:17.033`)
- [CVE-2024-9873](CVE-2024/CVE-2024-98xx/CVE-2024-9873.json) (`2024-10-16T06:15:02.527`)
- [CVE-2024-9888](CVE-2024/CVE-2024-98xx/CVE-2024-9888.json) (`2024-10-16T06:15:03.650`)
- [CVE-2024-9937](CVE-2024/CVE-2024-99xx/CVE-2024-9937.json) (`2024-10-16T06:15:04.177`)
### CVEs modified in the last Commit
Recently modified CVEs: `1`
Recently modified CVEs: `3`
- [CVE-2024-3056](CVE-2024/CVE-2024-30xx/CVE-2024-3056.json) (`2024-10-16T05:15:14.297`)
- [CVE-2024-3727](CVE-2024/CVE-2024-37xx/CVE-2024-3727.json) (`2024-10-16T07:15:15.583`)
- [CVE-2024-6508](CVE-2024/CVE-2024-65xx/CVE-2024-6508.json) (`2024-10-16T07:15:16.027`)
- [CVE-2024-7489](CVE-2024/CVE-2024-74xx/CVE-2024-7489.json) (`2024-10-16T07:15:16.160`)
## Download and Usage

56
_state.csv
View File

@ -52765,6 +52765,7 @@ CVE-2012-10014,0,0,0bc69fb07d4c2883d1c737af748ae0ee649ea44bdeb6cd1d92e7f604cb18a
CVE-2012-10015,0,0,24891fb06d64dcdbe29bc3d68dc58660842ac01174efff223a8a3dc4d809d347,2024-05-17T00:51:46.743000
CVE-2012-10016,0,0,50b0be84a632fcfd63c5683132c72829cfbba19e76fa7d1e8b2308b8e62659b3,2024-05-17T00:51:46.860000
CVE-2012-10017,0,0,cd8d899c12955d758ae3dba50c52117997a0233c9fcc21f11c8e13713fa40567,2024-05-17T00:51:46.963000
CVE-2012-10018,1,1,8aee2edfba1d9679fb581c38f537675cf31a15e2b05654163060d58ff4081d62,2024-10-16T07:15:03.920000
CVE-2012-1002,0,0,510ae0fa015c89254219ee968a42064a352242d7e82a140cbbb23a59f8009f93,2017-12-07T02:29:10.350000
CVE-2012-1003,0,0,8b64c365043997636a4a30596e670f2397029fa9c3a8b88f62aea985930dc202,2017-08-29T01:31:08.943000
CVE-2012-1004,0,0,d8a090792d926eb721787b604fedfde9d2238b34407308a190cfed04a1fe6687,2012-02-08T05:00:00
@ -84904,6 +84905,8 @@ CVE-2016-15037,0,0,a24c928d873db9adb04c4c2c7f23b1fdee0c14c814adb63b3935f236dd622
CVE-2016-15038,0,0,ab9fe34bbf83cb3f6b12fd6674fbfd88d9bfe6f780bf258a0a29ef7f754a8620,2024-05-17T01:08:11.777000
CVE-2016-15039,0,0,dca63ef7677d0bcc98685acf0fdce6ae1800f0ccf649b6f8a11c0d2609e41789,2024-07-11T13:05:54.930000
CVE-2016-1504,0,0,9db9ed3c963d84221d49c5bfc988ac2e31a3ff3b1eb26252d985e8597b526dda,2017-09-10T01:29:11.687000
CVE-2016-15040,1,1,c916a382cb9299e288a40f3ceeea939f3e8a02d3230790a73299a7a875d7463a,2024-10-16T07:15:04.447000
CVE-2016-15041,1,1,d1cfb96fd4f467118e4a31cab33ff9b459712b47abad854ec90bd7985ff03456,2024-10-16T07:15:04.747000
CVE-2016-1505,0,0,18ada53cb306192ec9e2ab168c2465cf1d7127037b49b7b97c57ba57c38e5938,2016-11-28T19:59:55.070000
CVE-2016-1513,0,0,93511c8c58249078a9702f9c8cf540abf2733d280d18db4cf47b7cbd079e24db,2017-09-01T01:29:04.507000
CVE-2016-1514,0,0,b7fef097b48e8e79c45cbf0778b00b6a0da537c685d5ef916a10faf8cfdae6e7,2023-11-07T02:29:56.923000
@ -102524,6 +102527,7 @@ CVE-2017-20189,0,0,dce97d2fac31f8ad5a1ef7790c7ca57d8c8e31ae0f291f1158d33fc1a1e4d
CVE-2017-2019,0,0,0503760b9e3a588a1928b34508ca8410ada27b38d1650c235dca432cc0f673d6,2023-11-07T02:43:30.710000
CVE-2017-20190,0,0,9dd2663b528e5bc8494bcc080744aaaef7094b4400daff7d3432981a0f57ec16,2024-08-12T13:38:08.423000
CVE-2017-20191,0,0,c82081004c307230c99856cdb3a9bea1dbe477fc9056adce103f7b0450353360,2024-05-17T01:17:27.427000
CVE-2017-20192,1,1,5f665d38e248db098cabad57aad78333c2b0e4b73af03bdd2b5bc507bd7f9d02,2024-10-16T07:15:05.147000
CVE-2017-2020,0,0,0176f89e76e77d17aff44beb265bbd6290607491912cdad54f562216e17fef40,2023-11-07T02:43:30.943000
CVE-2017-2021,0,0,76f10f5cd36e75a57c68367deb797f3f6432a879d0c98ef2f911f8615c163241,2023-11-07T02:43:31.170000
CVE-2017-2022,0,0,9f249157715bb01a33c6885e22f286efa78b6a3306959a78f30cb9dd84a9f46c,2023-11-07T02:43:31.413000
@ -121389,6 +121393,7 @@ CVE-2018-25099,0,0,22c87c7789711d5cc0070c0c244e3b7eff042bf6e9bfc44eac77be6b7d7fb
CVE-2018-25100,0,0,d942384485e6477ac02d774d7915e3145ff5d011228e897d01068d424d5fde66,2024-08-01T13:41:42.160000
CVE-2018-25101,0,0,f5cb23a560b5f7e2ed0bc287e9dbbe48d218ed9a2d3fbe094521b3e09b217300,2024-06-04T19:16:57.060000
CVE-2018-25103,0,0,e59105c00442742ab1ecc8faba8dbf0d67b37225837a23e9578526d5287d5f7e,2024-07-09T16:15:02.787000
CVE-2018-25105,1,1,d835c3fa94757eebc66cde069811098b280fcd7d949b4852ed44631ae5059025,2024-10-16T07:15:05.467000
CVE-2018-2515,0,0,5409b099d6b1ad12de2273669dad1cdf61ce6e1c2e305b93396a548635b48aa4,2023-11-07T02:57:57.887000
CVE-2018-2560,0,0,abeb87aebf654213323bee155595996aacb66704cd990a641203ef8ccfeaa82a,2020-08-24T17:37:01.140000
CVE-2018-2561,0,0,6c44c7f29655175e898d7e0c8e9efa3daa6d95623035a440e858ef0262739964,2018-01-25T13:53:15.120000
@ -138394,6 +138399,11 @@ CVE-2019-2521,0,0,557cd7afc62b8b0d5545a61da2b67008378b171f216bd58bad5399af268228
CVE-2019-25210,0,0,266aa4bd7522d806fa5da076db229c2449a919075778b85ff023cb6f7676cfb1,2024-09-04T18:35:00.600000
CVE-2019-25211,0,0,469c1561e074b807caf6701e40210358657a37dbe70bde81f85c8d68a4456e96,2024-08-01T13:41:57.540000
CVE-2019-25212,0,0,2a7e2cc8de54fa224ded29f3182e12267199b33c4461fd66ffca600627e7e093,2024-09-26T13:36:48.280000
CVE-2019-25213,1,1,c9021488850cf96cd67d0684c1e0ad93a17221fc65907f98197bbaa2ed0caf12,2024-10-16T07:15:05.790000
CVE-2019-25214,1,1,2cea621255963c0ef83dd541252554e0249b2b5f247e6fcffc56f1c8c5ae1600,2024-10-16T07:15:06.153000
CVE-2019-25215,1,1,417fa4dce61b30bceec93c3c72f9ccc884d93346fa9cb67c3b3aef971ba8f6e9,2024-10-16T07:15:06.467000
CVE-2019-25216,1,1,f7850eb53854ebb9e8b70ecf13789cc8b7ce6c80126159b35f204ce2cfe1ed77,2024-10-16T07:15:06.727000
CVE-2019-25217,1,1,796f0407440dc50dd1b6e2388d8c012d4093c3e220e0818a1f9800b29f3b68c3,2024-10-16T07:15:07.030000
CVE-2019-2522,0,0,438e5228ba492857a388b8016b2219394ce3508b8a36f1f8aede8ea3eeec2072,2020-08-24T17:37:01.140000
CVE-2019-2523,0,0,4a0e4915f05e6fa4b1849fafb208e6fb024214d6840b1c8202b1873b064ed383,2020-08-24T17:37:01.140000
CVE-2019-2524,0,0,bee2c79f8df3b71e86ab52db9d5dee51c63979ccd70534be30c64d8fa54a9384,2020-08-24T17:37:01.140000
@ -159318,6 +159328,15 @@ CVE-2020-36827,0,0,8898188aa97819ee831b61208ffecb850d1c02e65600a28bd33473d687839
CVE-2020-36828,0,0,a1b676217510ef46edc1fede0a4eb0bea0bc2e564c4e02f200c27ced72100dc7,2024-05-17T01:48:58.900000
CVE-2020-36829,0,0,fa56184e79fbe280b2933bbbe602a49d53f63fd12f0982a754bc29d86839a810,2024-08-26T20:35:00.633000
CVE-2020-36830,0,0,61dd7852409cfb39cad21ae3791ff5d5afc0cc5bb4ea791702b1fbd3ac62fda4,2024-09-05T21:47:09.243000
CVE-2020-36831,1,1,5fc5cbeb06aff1dd998ede353ed8f966cc530045c726d6eb55c92d2290765540,2024-10-16T07:15:07.280000
CVE-2020-36832,1,1,44885128af038984319b548ef6a4d515a25729a50971755951aee68cb8de19bb,2024-10-16T07:15:07.637000
CVE-2020-36833,1,1,9fcaa73e236ed40db62c0a0432e9c13fb6ed1cdd3ec075c57506cb1032e701ac,2024-10-16T07:15:07.893000
CVE-2020-36834,1,1,a607ba32c4ca47a22b767d2c8eb5f243dfa4318bcd7738688868c71a75188a44,2024-10-16T07:15:08.127000
CVE-2020-36835,1,1,9358173c5ae21ccca395ad39a077e5c172f859c65ae5894831f472a69eac5806,2024-10-16T07:15:08.387000
CVE-2020-36836,1,1,e7c5aff927b78c5a37750445b50aa86c2ffc36a8b918852e2c11921c4bec6991,2024-10-16T07:15:08.630000
CVE-2020-36837,1,1,eb54ab20bbd666451de9a2acf06cac05ca4a8ae756eb124d501330f7edcca6bc,2024-10-16T07:15:08.927000
CVE-2020-36838,1,1,3a7d865bc4e5d457aefd7a125a83f9e76c208c4baafa85f9e322ba36857e54dd,2024-10-16T07:15:09.200000
CVE-2020-36839,1,1,baa988307e623b23446b2949272b20cbda74bdb8e8bd2f74d8dcfc84a33c3f98,2024-10-16T07:15:09.433000
CVE-2020-3684,0,0,44aa34ae599eab5a673c5cc3034025c1f764a98b61a69b113aa70c68c71a7c49,2020-11-06T16:29:14.480000
CVE-2020-3685,0,0,01cf0158d1e280265cb87314ab78bb48a4960098d5e1ed486f7d5066d87b5a92,2021-01-29T23:46:03.037000
CVE-2020-3686,0,0,236df0d6a9e5b4a5d3130dbb24dece9578efd8fc6235301a045f147575f94cf1,2021-01-30T00:10:19.887000
@ -185213,6 +185232,7 @@ CVE-2021-44426,0,0,bf6b57725b013a6044de8b7642b1205398baadbe68b7f716f0f53e02dbfef
CVE-2021-44427,0,0,783ab76fe28ccce570d29d8c66a408b8ca0bb34f5bf6e84813ccbe2199231d12,2021-11-30T13:41:10.420000
CVE-2021-44428,0,0,76724755f2a122986a95c51d3dcc12a0fa10b92686c51c7b4749bd11c22fc8fd,2021-11-30T13:37:17.570000
CVE-2021-44429,0,0,587dd6f9b5247698d13ef87c63be2d5aa09d646473aaea92c43d5a7308e07779,2021-11-30T13:36:20.317000
CVE-2021-4443,1,1,3ace1904df87cc92e689437799a87cfd007adb259b0cc15e4988a058bd49107a,2024-10-16T07:15:09.713000
CVE-2021-44430,0,0,3ccff7839f65b11012b2019e299a651a1a17f2885eedffa9b9ec86da31611366,2021-12-14T19:21:12.880000
CVE-2021-44431,0,0,2e91f2763edc27376940aa47a9d7ab53556daddc2ad1a88e7ef2f6781fce4591,2021-12-14T17:47:20.180000
CVE-2021-44432,0,0,cd0a316a7386777a874880c1121c3553a3950ff2e437c34667d62e28d050422c,2021-12-14T17:53:03.413000
@ -185223,6 +185243,7 @@ CVE-2021-44436,0,0,048c6caebfcf7ab113da66a41bb26b2e0e70f5b8984a7c1a06881d2739d02
CVE-2021-44437,0,0,8a90d342aeb0cad87d32332c31581acd0f43c4a26aa09ef1140c37671bf5f20b,2021-12-14T19:13:02.280000
CVE-2021-44438,0,0,f9c77e7d144a7d50606e49c0f020b58e9e86bc0d05d5051b4ae94f067cdfe7b7,2021-12-14T19:13:48.997000
CVE-2021-44439,0,0,2aec4cc9f5f9a164a5548cc985fffb27b760329eb4143a8dcf9cc767d6fba58e,2021-12-14T19:13:27.520000
CVE-2021-4444,1,1,11465f71823e867d0991718317b3c621418f5cacbb65ad9b37515c018e9d1f87,2024-10-16T07:15:09.960000
CVE-2021-44440,0,0,ef5b4a328b3ec30165d26a37452b2792e7c38d4a44aaadf6785ec52f7882ffa1,2021-12-14T19:03:15.087000
CVE-2021-44441,0,0,022e3584046d89a11fa3be90acd6668a02a2a92ca85fe3c62a731255fe77064b,2021-12-14T19:11:58.420000
CVE-2021-44442,0,0,b6cffb64f2da0ca8a4ec309d90afdac29f72df45be3daf155c6544991fcde95c,2021-12-14T19:12:44.137000
@ -185233,12 +185254,14 @@ CVE-2021-44446,0,0,675abf2c9d1ddbbbfb7eede0bc3602140400072bc0b231ff5a10a1676baeb
CVE-2021-44447,0,0,93ef1e3910fa7102abd2f9702876c40b3e58e9d0ed8f3d3538e8bd3261689298,2021-12-14T19:17:47.723000
CVE-2021-44448,0,0,b01d9542808ee630f6aefba5237f5068238285fa517e68fb8f9e00d5878be7cb,2021-12-14T19:18:17.553000
CVE-2021-44449,0,0,c405e6578ea25a9896061f4ed02c4a77707a77d09ddf2691e57e0aedcb094da6,2021-12-14T19:18:57.800000
CVE-2021-4445,1,1,2b12b88721aae8bbf3bc61b7fb0361751a30fa52d7d43a69870400fda1c9dcb7,2024-10-16T07:15:10.193000
CVE-2021-44450,0,0,d5a43b418b439f4f8014f1828747af423a8377d6775795e6603d47519342268f,2021-12-14T17:24:55.260000
CVE-2021-44451,0,0,64e256f598449eb16a9a352e1f50cc92084a6a20874366d23dca4c7763685e20,2022-02-05T02:06:44.807000
CVE-2021-44453,0,0,04e583c25b1f2414923ac33503e872a613a811300a0da768cdaadd532f88e20f,2022-01-05T19:03:39.660000
CVE-2021-44454,0,0,72264a6cead2b9958d8f2b0e48dfdb458a983d383bcf8105200dae54fdf2a17f,2022-02-16T14:34:19.853000
CVE-2021-44457,0,0,c8432866d17694d2e8559b1902d29956d945569a8d05aa7b9afb0be1ff50de3d,2024-05-17T02:02:17.200000
CVE-2021-44458,0,0,91539b14cf8e9d7a6d40bf519e12077ba54b4d46db9df621c0914a80c10792ea,2022-08-09T00:51:42.403000
CVE-2021-4446,1,1,9dbd8a1aef156af69285a89e8e7602256f1cae0553a0bfe33bdd59fc6f2fac25,2024-10-16T07:15:10.447000
CVE-2021-44460,0,0,91b42a7a3efb9da8dec18db1d14c6cefea2b38c03b66d30e24112a66fe273a06,2024-07-15T02:15:03.363000
CVE-2021-44461,0,0,7dc941f5a6643886eaebd18adbe4501e760fbb54d562083a44ffba8dcb1ba015,2024-07-15T02:15:03.457000
CVE-2021-44462,0,0,28c37d96a23a332e4387295f29ae0af534ae561a8321e12cf19712bf4778f18e,2022-04-04T15:38:59.057000
@ -185247,12 +185270,14 @@ CVE-2021-44464,0,0,ee767844e25ca947b4eaba9073fe808069921fbe5c56b123e7252d8d65655
CVE-2021-44465,0,0,14f6bf0c1d10be913fa0fb8873231995b4e1af285efdb408357af10f77cba4b4,2024-07-15T02:15:03.533000
CVE-2021-44466,0,0,a1a2cb3cba7adf6029dbf608607b8d21b39603b1ba2c4dff1356169abf0ac25b,2022-07-12T17:42:04.277000
CVE-2021-44467,0,0,af2ebaaccfd6798ad3cbe410ec38c4b5d82f125ea8c7851703ed78c73d7a4dd8,2024-09-30T15:15:04.563000
CVE-2021-4447,1,1,4dc6b573d477cf51bda4169a22d676f14f1b956afe7c3ed2b2e7cbf827e4c916,2024-10-16T07:15:10.687000
CVE-2021-44470,0,0,bf65356876fadd1e4bbcdca9a11a5da49fc1164e8405c0765b86a57037d02fed,2022-08-19T18:34:58.277000
CVE-2021-44471,0,0,e9bb470313aa03110af56de4588b2a051a21c5b54cc2f1053c5abc56bb7075e5,2021-12-28T14:46:12.543000
CVE-2021-44476,0,0,398362e6030dea7ee9aefc21638361a67f4ab579aa9d4980350cb25266bbdf29,2024-07-15T02:15:03.617000
CVE-2021-44477,0,0,8059f08690d70d464f9a6a49458bee5cc6ff0a947abf25f59957ab405e2daf7b,2022-04-04T14:30:52.257000
CVE-2021-44478,0,0,c89e69a0e964419c068765deaec3ff1e239e6f118958dbe52e02236674e17c7e,2022-07-28T18:12:36.160000
CVE-2021-44479,0,0,8cea3450cf8bac0a6e4a6300cc359f9a7c00b5b6bea31be6f8e8b19c33781aca,2021-12-16T18:17:26.373000
CVE-2021-4448,1,1,17710524d0b4575dd834a6a96d8f4c877991197f85fd68775acf487a43de1bfa,2024-10-16T07:15:10.980000
CVE-2021-44480,0,0,ddea244291b0724396d82dc4281cc3c83442a2fc58c58c2e60bc63edd247b296,2022-07-12T17:42:04.277000
CVE-2021-44481,0,0,dbcfe1893eb2f7985aefe165b81e9828ea61d702498caab8e3bd89688cb1d9bc,2022-04-22T17:20:15.950000
CVE-2021-44482,0,0,fd07f92c02617685f2f0d51129d25a98428904018ae992cb5341865e68692d10,2022-04-22T17:20:33.857000
@ -185263,6 +185288,7 @@ CVE-2021-44486,0,0,27651a6cdbc22fd811c396815fcd58c7e9df9e9f02efddd164029d4bd79fd
CVE-2021-44487,0,0,ce0f49aeeb21b12eb994e31f9dc8ea4fe493e2fe9799304f6f5aad363af30a48,2022-04-22T18:01:28.737000
CVE-2021-44488,0,0,bc8fc47b2dc1fbdd2ff6796c164eebb69dd5e7769c2abff2f3b40703b1585918,2023-08-08T14:21:49.707000
CVE-2021-44489,0,0,fc081116b281e7438a800f81bf67993d6eaa9a04d13c5b0ce5603c38a8798416,2022-04-22T18:07:30.377000
CVE-2021-4449,1,1,cafc795192522c5eda50913bfabcb0ed6b016dad21948f9f80806f768449507c,2024-10-16T07:15:11.243000
CVE-2021-44490,0,0,51f6af39f7e9972b590a3dbba460e49e28124b6ab2ac9cafcc1c5568b297a218,2022-04-22T18:09:36.837000
CVE-2021-44491,0,0,724834766a658e6af5246aa62e8b332579badff28d2a1ca2e55cfbfb4cacb43d,2022-04-22T18:10:27.727000
CVE-2021-44492,0,0,a173c7c4257b833737dbbd312753d696476e51ef65f5326b2a29e920081a90a5,2022-04-22T17:35:22.267000
@ -185273,6 +185299,7 @@ CVE-2021-44496,0,0,a07c07b6904c144bd70645c1900f72e0a5308f16f5c8420754481bf17edd8
CVE-2021-44497,0,0,948a4f8a98e6d117d49b08d1c2fa9965216be8b16c34304f2be2dfe99b7b45a6,2022-04-22T15:57:06.907000
CVE-2021-44498,0,0,c81b74e5f1199a3a2e4776dfaa85d0faa4c68db76a10423d7a5f2d91f494dcf5,2022-04-22T15:58:01.770000
CVE-2021-44499,0,0,8c6047bfb74db5465d98b5344cfe14293befc2375500f0f94b07a920dcf8b7b4,2022-04-22T16:10:34.870000
CVE-2021-4450,1,1,4370356082b20811b7627b73474e264d06eed946d644db3c645463a1064affc2,2024-10-16T07:15:11.527000
CVE-2021-44500,0,0,025bfd6caf5a2b7ad2796c2ed667f9f1b2ed0b57a8e1158094e8cd856a2925a8,2022-04-22T16:11:19.893000
CVE-2021-44501,0,0,8865bba6dd75ef7675fb9be6a3ca0476f574dcc24bb3fbedb17e1dd48b2e17e1,2022-04-22T17:32:13.303000
CVE-2021-44502,0,0,81821cd79b4d30f62969daad02d568ded97c95de61241e894ca7a3b889192d79,2022-04-22T16:13:14.973000
@ -185283,6 +185310,7 @@ CVE-2021-44506,0,0,58aea1c6e9a257ce746f10c108c19ad7fec6cb4b1c3efb015f5efff33d4ea
CVE-2021-44507,0,0,aebde9357e585eff7a908d0de741a5e2985f463655b48ff7bcf113e5f679573e,2022-04-22T17:33:03.377000
CVE-2021-44508,0,0,c6792eaf6eb2a60c5e6ecdad5a800d632bb5b7ce863a54c68f8e7ac2a06ffd14,2022-04-22T15:16:26.873000
CVE-2021-44509,0,0,f649a3c99dfb2035d5f2555476d3723c6b7a288e6f77c9ccc7c73904b306808f,2022-04-22T15:24:17.437000
CVE-2021-4451,1,1,b358e155ee8534204ca81ba9155df685e8a41db3914ed87ff845cb56387fec64,2024-10-16T07:15:11.770000
CVE-2021-44510,0,0,dfa3f0eec83167d212f23d0e1521038a3d1d2b98db47c6c7c2dc0e3c17256d77,2022-04-22T15:30:29.873000
CVE-2021-44512,0,0,9ea723d5afac9658d5da6130a4b16112f4aad592a684696723d489c785f3a5b6,2022-05-03T16:04:40.443000
CVE-2021-44513,0,0,1652b513dfbea72dbecb281e6d0e273723050582e745fe46b7e47813c9a3bc54,2021-12-08T14:27:43.643000
@ -212594,6 +212622,10 @@ CVE-2022-4966,0,0,d7772092edb1c4f6ea77758ef1a2b38cc5d3bd7ded1e7c81a0173f7456d0da
CVE-2022-4967,0,0,acbcdcd64f9485d059508255d49aabf4f78227f1537ec6f5aeb5af6241be26cb,2024-06-14T13:15:49.633000
CVE-2022-4968,0,0,e0fb0f21bd0757ce18bf39146f9d80fa921c9791f06b9f657a0acbeb470dddd2,2024-06-27T22:15:10.033000
CVE-2022-4969,0,0,6da77d75911b6f9f4d4eed5e8e9a02ef51bdb2636c0fddb313d49f06fb600e32,2024-06-06T16:15:10.250000
CVE-2022-4971,1,1,ba68a66890cd2489331f782a9f3d14687fb64709c4084be2263fdfb9d006e43f,2024-10-16T07:15:12.040000
CVE-2022-4972,1,1,8766b8c9ef7f8198234b3fdbcef1d352638b90e67611351ed50be5c078fa203e,2024-10-16T07:15:12.257000
CVE-2022-4973,1,1,a01e901900f241608c4733092a96e8e51faff4f3fbaeaa96a4efb5e034e13c66,2024-10-16T07:15:12.497000
CVE-2022-4974,1,1,b23fa8d9e7f67244e89725af4bc1b87ed53c84fe972309e895baf9a33ec42c52,2024-10-16T07:15:12.760000
CVE-2023-0001,0,0,89cc7c25326dd5727e94c3abe5ce2365a868c05aa8d47b4c236024303b20e03e,2024-01-12T22:10:50.817000
CVE-2023-0002,0,0,85151726e26db3dd412b666129cc1146d77d486c542304fa6aa1433f4f16452f,2023-11-07T03:59:26.433000
CVE-2023-0003,0,0,0f4cd63b6620e63a4c26b7158c334115eb4a14a033fde970e1fda8144d0dfe5d,2024-02-16T17:04:22.737000
@ -241255,6 +241287,15 @@ CVE-2023-7273,0,0,774cfced0b2ee4833f367ba7f35fc76f033b87073fddd91ce6539024f87d7d
CVE-2023-7279,0,0,f98ffb9aa7111762ac351724f18f9d9ee505a1023f26a13d8e9efc5698c9c712,2024-09-05T21:59:17.957000
CVE-2023-7281,0,0,0790d4bfb469f439660a23ce8eab8f87d3be095fc643fdfe8eec46cdbb17ca3a,2024-09-26T13:32:55.343000
CVE-2023-7282,0,0,f4fc1de03735b00b3526c9c4836a11bcc7904328f1e64bbcb0646541be7349bd,2024-09-26T13:32:55.343000
CVE-2023-7286,1,1,f8c5ecb1a96ceefb733f652ca7d2ac290a293dd6476bd4cb3e1b9ac6bf41c551,2024-10-16T07:15:13.223000
CVE-2023-7287,1,1,a5f45e98ba672295fe732ed480c7c3adff2570375965aa5b0c14e8368887aade,2024-10-16T07:15:13.507000
CVE-2023-7288,1,1,f8570d17517116b7ca85153cc7ef91db8295791fe1557b9d53e570a0f2e1bb49,2024-10-16T07:15:13.743000
CVE-2023-7289,1,1,0945637520f108d05c0727db0b1b22decd89ebf9c98f2b72c43ee7aa8cd37169,2024-10-16T07:15:14
CVE-2023-7290,1,1,1e4d8363d283f5afd307bf62ea4b56c99c4c216c9d280b35c2fb724f60ff7977,2024-10-16T07:15:14.243000
CVE-2023-7291,1,1,ef9826823269a63449c680b1fd36f980392c8c03638d8541a289f67e25afefbc,2024-10-16T07:15:14.503000
CVE-2023-7292,1,1,7a8fe156abe76013973de0181b135aba33babcf286649d4a9c9a86373c6a9d8f,2024-10-16T07:15:14.737000
CVE-2023-7293,1,1,673f003595e117fb5e010a499c08e675f325e27ef80171be3f6d6becd71daa1e,2024-10-16T07:15:14.970000
CVE-2023-7294,1,1,8f7a0b4dcaedad6035ae3a7fa1755e6699ca8385c85027fe80bbc613dc0fefda,2024-10-16T07:15:15.277000
CVE-2024-0001,0,0,ddc97ec95f63469ba72943e3a1a3c2055a0f787a376d00af08b9e1c9de1e66b0,2024-09-27T14:08:57.327000
CVE-2024-0002,0,0,8eba00d67fa29dcfc182e2e2367ab4a3c005649f9c2970e7f365907a3a42b06a,2024-09-27T14:13:24.427000
CVE-2024-0003,0,0,46c85e4a496f19260982bccddc0ca5126276fd9fc3f3c6d4be9e905c5a7e34b8,2024-09-27T14:23:58.243000
@ -250844,7 +250885,7 @@ CVE-2024-30556,0,0,e69233496d05a5aabce18d433e9ca2e5223239355a0fa678f93d89e5f2275
CVE-2024-30557,0,0,7d175e1542d96c0a09750c55f6339c21eedf49d306c5f65cdc0e1b0224f24694,2024-04-01T01:12:59.077000
CVE-2024-30558,0,0,2fd7f40103c9e6c9a5c23a9c51b6730af182169ea1b29c57e5612e917c42a577,2024-04-01T01:12:59.077000
CVE-2024-30559,0,0,7bb411cba178991a1e753b9b344d96e6c257adaaf46f6d70bda139a8b3d1fbcb,2024-04-01T01:12:59.077000
CVE-2024-3056,0,1,6e01bf28c7681ebf938a8d7d6fd31a7aadaa23476debdc3223ec0c1650f2eb08,2024-10-16T05:15:14.297000
CVE-2024-3056,0,0,6e01bf28c7681ebf938a8d7d6fd31a7aadaa23476debdc3223ec0c1650f2eb08,2024-10-16T05:15:14.297000
CVE-2024-30560,0,0,29358f4cfba46b880efc18b382f49655b8da1f57de09ea2f3b221ee017e11a93,2024-05-14T15:23:17.730000
CVE-2024-30561,0,0,317571b22962e8d6e5d0cb62ac3952d7d76cb14c6191157ad5ef89ba7149e860,2024-04-01T01:12:59.077000
CVE-2024-30564,0,0,5b72a00e1c04b6fa93ffaa761b95fbd264190bcd29898850fc62b4910b45e5e3,2024-08-22T16:35:01.923000
@ -255581,7 +255622,7 @@ CVE-2024-37265,0,0,15f68b41e4db6ae6ccda7f80b0a70abe19004015dbcf0d1246d37335388c5
CVE-2024-37266,0,0,44943b1bec747c3c4ecddbc943aaff365210584d2dac21ff41065ed54e40dcb1,2024-08-29T18:59:40.057000
CVE-2024-37267,0,0,0d692f1d5fdd2443078b17f2b54167a732ba33e5479382e14b7e2bd4b6ec49a8,2024-07-25T13:47:43.833000
CVE-2024-37268,0,0,32108042cd6042edb5d9a980c4bc9e7e171800cf8a42366d53d95c0b76a50314,2024-08-29T18:56:01.267000
CVE-2024-3727,0,0,48bca9045cad80f14911a8b8f5c5b80f4598f353999b02f0ba08ae113eb9a6d0,2024-10-03T13:15:14.953000
CVE-2024-3727,0,1,ed44f253572252eb15ee966703d1a76f4efe48b3e89b2596353950937d8c7ded,2024-10-16T07:15:15.583000
CVE-2024-37270,0,0,09adf8729d6feae3191994dc6f2b286449a8e4d910f8c343a3a9496ea050a29f,2024-07-11T13:05:54.930000
CVE-2024-37271,0,0,82adde283ff9dacc0f77be200c055ea2f2c58a80387c070880c7d1f2c1068d32,2024-07-25T13:46:39.273000
CVE-2024-37273,0,0,2a85b1da0ca6e483bcfb6dea755537146c70a6967cba53f16b02bbb377a77813,2024-08-15T14:35:03.053000
@ -263475,7 +263516,7 @@ CVE-2024-6504,0,0,6666bb3ba2314d1147da34b1413146555668de024ce515e1e34c91b1fe3247
CVE-2024-6505,0,0,2472b280b959c45a84076dc8298b1f0ea15132bfdd2f045bf3ab100aab446db1,2024-09-19T06:15:03.463000
CVE-2024-6506,0,0,58310ca3e68e3dacb16dafd9b32db187bdf111a88d3da008267c8c84bbec48d6,2024-07-05T12:55:51.367000
CVE-2024-6507,0,0,4e3b24fd61e25de66a6840473e4d19109a713188592b0f05efa1cbb9de33936e,2024-07-08T14:19:21.610000
CVE-2024-6508,0,0,5773cbe3ab2c4eb69c1efc3c03d7ae03bdf5d1ca7c49c5fd875f2b2bd8e08dcb,2024-08-21T12:30:33.697000
CVE-2024-6508,0,1,d23055a39e1df773d98780577d434c72bc67df9f2fd0b90538a160cf45e32579,2024-10-16T07:15:16.027000
CVE-2024-6509,0,0,7eb4fc03788f01fd646b7975c190061926ae41b355a82f9aed0c1fc50ccfb715,2024-09-10T12:09:50.377000
CVE-2024-6510,0,0,5e8ec1aef4696d364d1cf0507192e6236a7f19c30decdfeea7966d96cda0feda,2024-10-02T17:17:46.450000
CVE-2024-6511,0,0,053f3089b06a0cd915df79eb3301836b5db5c9fe4d3ed571ee6923d36f4d1832,2024-07-05T12:55:51.367000
@ -264253,7 +264294,7 @@ CVE-2024-7481,0,0,029caf1b5321966d6fff7b258f5edb21656af3703408123f2c0a2bb28c2a7f
CVE-2024-7484,0,0,922e65f90a754867bdae2807b60c4750519990bf6adcc62fb148334df21e54c7,2024-08-06T16:30:24.547000
CVE-2024-7485,0,0,0b34fc91c3d825ea4087a792a0e5c6d839cf66a581a05d0c60df64b0af48f97e,2024-08-06T16:30:24.547000
CVE-2024-7486,0,0,e2579b82a31704160b51da6f8b3285ef5bff1d765f5e0369c7378c4f856658fb,2024-08-08T13:04:18.753000
CVE-2024-7489,0,0,341a29664669d2f318513ff8b093c515b394889e69e4fbd9e07e0e906b70ff29,2024-10-15T12:57:46.880000
CVE-2024-7489,0,1,a911c458f8c85ecb33feabe2fee5828bb307bd0fdaa5447d2dc32acdf03946c2,2024-10-16T07:15:16.160000
CVE-2024-7490,0,0,2dbd6717a12bca522d1065ac017f63874351831b0b05b9f6e750116d667cf962,2024-08-12T15:22:20.267000
CVE-2024-7491,0,0,d689a374fb3537e15633f4540eb868e4dc80670c3ee0d8274c63d44d12227824,2024-09-26T13:32:02.803000
CVE-2024-7492,0,0,6476a74ce2975ad097c7a45c1f2f905cc77480bec2260de48447ae3a8b41df62,2024-08-08T13:04:18.753000
@ -265012,6 +265053,7 @@ CVE-2024-8499,0,0,a066f12eb0db45b577c1044e88855b3e531b0d4e8e1575f5845b6487effebb
CVE-2024-8503,0,0,9f803200a857fcdb413b5557fdfb30066c33963fff9f6132df8887c5f7ded0b9,2024-09-11T16:26:11.920000
CVE-2024-8504,0,0,8357da8291f04353fac31874868f2eb40b31e26be1555ef771437bf9554e80e3,2024-09-12T14:35:23.173000
CVE-2024-8505,0,0,1c04e90354babae2df3035dc354852183330b8445c04d1f2331a89a32b3e4a48,2024-10-07T19:26:53
CVE-2024-8507,1,1,92659dc14de63bdd971bb2b8cd9dcbd96ec45d659353901efc35a70fd03146d9,2024-10-16T07:15:16.277000
CVE-2024-8508,0,0,095cff01fb00165e2108ed0a6b3f940edeffb7916515f1cc0f2ea48f2031a7c8,2024-10-04T13:50:43.727000
CVE-2024-8509,0,0,72b678ade46a23d1db65e1dfb65526568e7875d83752ef0a47b4a7edfeaf5ddf,2024-09-09T19:15:14.837000
CVE-2024-8513,0,0,910ae7d47a27f3be55b8ebbee4133c06edee61ebde300e418feb96105acdd2ce,2024-10-15T13:33:14.333000
@ -265168,6 +265210,7 @@ CVE-2024-8738,0,0,8d7254f4f1af2919bab9c4b9c8e7ac85cdc1b41f46ed454e2ea854234d64d1
CVE-2024-8741,0,0,b4e1d7f7dfc20b3d40ed40689f6d2a74196871e98895f038c49cf39f3f685863,2024-10-02T16:37:16.407000
CVE-2024-8742,0,0,22ad08a64cc55234113e83ee811bd639e6d0a7f5c2878d141833012213ce6335,2024-09-27T16:28:07.827000
CVE-2024-8743,0,0,65920323e1d664fd8f354bc76b73276103c2d19a537eecec01fa5cc8c5638d58,2024-10-07T17:48:28.117000
CVE-2024-8746,1,1,2adbd9e55fcc7075a1cff31cd1a1b9830f00a38e64a33dd240261d3beed9461f,2024-10-16T07:15:16.537000
CVE-2024-8747,0,0,c8071dd8d89406610db13dc6a04dbbb98461ebd7257641ae31a11de6b1ad5c9f,2024-09-26T19:23:12.477000
CVE-2024-8749,0,0,dc7dd50ec6adedb45c385a82f706a7ab45f55e506e70a64a626b0d8f521f6289,2024-09-18T18:53:54.860000
CVE-2024-8750,0,0,6aa000b45a0c694359dda91e7e992492dcd4e93d6e7b8c131ee0a86fa36b5620,2024-09-18T20:38:42.123000
@ -265253,6 +265296,7 @@ CVE-2024-8913,0,0,fca416d77c5623788a9db07f1a3764802595b9fed9406445b458bbb4d1cd4d
CVE-2024-8914,0,0,c67ce2c8d24044b482c9bbb33384856203ff5bb870309850d7df3d6267c1b679,2024-09-26T13:32:02.803000
CVE-2024-8915,0,0,80988e61f2deb23ce0d3db6a9db0275f7f6c7eec9c9b53e27317ff9faa29da01,2024-10-15T12:57:46.880000
CVE-2024-8917,0,0,32a69b030ac61cd4e144a233fc55362cc6115ccb6ecca5ec236644320a2aecf1,2024-09-30T14:30:38.687000
CVE-2024-8918,1,1,084bd8c5ed92875e6f88d442f38453599e3b598184441c66b1a4885b965a4813,2024-10-16T07:15:16.777000
CVE-2024-8919,0,0,e01b61fd584c4fffdfd8e5db7a09e1be1033f5c7df5b5418d10948726a2bc540,2024-09-30T15:08:14.077000
CVE-2024-8922,0,0,8e0e34187cf2453e3fbc920fc9b2ec5c27a6978605c90cb2daa5d0ef90213fbe,2024-10-04T19:11:47.217000
CVE-2024-8925,0,0,573fa9fc5dcadaf344ac622d80d126966b00ab4fb4c5a5f790f844b7bfe8b0ca,2024-10-10T12:57:21.987000
@ -265600,6 +265644,7 @@ CVE-2024-9574,0,0,a60670a65a4470a80e62c618e77fec3e5e5071e32e3c874874eb23f89671df
CVE-2024-9575,0,0,902a179ba291c73f1ff19f974c0569ed05c8dbb3d8914c4f7409455feb2bd5d7,2024-10-14T08:15:02.970000
CVE-2024-9576,0,0,7a96a155cd09492144b259aa00c523497a7aeb66fdb84ed492d68f7654aa3880,2024-10-07T17:47:48.410000
CVE-2024-9581,0,0,fb1d34fab9f94525003a0f26c830b830dcb7b4bdc92dd8a95590c26db891e7c3,2024-10-15T14:28:35.283000
CVE-2024-9582,1,1,6f9edfac65352910eb4469af0c7a4c3dab761a8e62e31b1b92c75db9096c1974,2024-10-16T07:15:17.033000
CVE-2024-9586,0,0,a482a25f032ea940edbd74f8dc11272d0d4fecf517c5613466c04b8bd798dc3e,2024-10-15T12:58:51.050000
CVE-2024-9587,0,0,081ae6ebdba381265a40b327141c3458d6ec1c5b94d7fb86236bf633a93923d3,2024-10-15T12:58:51.050000
CVE-2024-9592,0,0,6f7f83fab1eebba9a1f954ec84a1bbaa3c51a5f9b9c0e4a02c7010d63a53fba8,2024-10-15T12:57:46.880000
@ -265679,6 +265724,8 @@ CVE-2024-9856,0,0,531963d8959dcaa0b68edaa5a63ce972541a941d9ad2303b1c288946d989ee
CVE-2024-9859,0,0,144046db89cc7a1614c278bf90f5b4cc56b3ffdbde195acab46c61c2bc1b4092,2024-10-15T19:35:46.273000
CVE-2024-9860,0,0,5146b7a0224d680f933516d3f319e5a1a7abd782ae32358fb855e1c62c4df555,2024-10-15T12:57:46.880000
CVE-2024-9869,0,0,2195387ef9aab560e210893ad1e9f3295c5808c9d50c0ada4fa1d17778d3d1ae,2024-10-11T15:15:06.500000
CVE-2024-9873,1,1,cd4ff22f11313acb0d82df82e47be4f4940aecb8b45f90ef5f3e186f0e33c740,2024-10-16T06:15:02.527000
CVE-2024-9888,1,1,68fc5031c0a52291fb2b329f8fc062d33bbb29cbbfbe4c31c17b0360603a1eae,2024-10-16T06:15:03.650000
CVE-2024-9891,0,0,4c8a9a58887e98726942bc0a2fd35c0c88241c217c7fd52663f3ef69115d2406,2024-10-16T02:15:08.333000
CVE-2024-9894,0,0,14c1a187244ef98f70dad85c66b4e9e50b1523e45b13c684f05d8920a1d43b87,2024-10-15T12:57:46.880000
CVE-2024-9895,0,0,1804aadc601cefc0a637c4245324ad03665b7298686ff057930daf35aa0b9bfa,2024-10-15T12:57:46.880000
@ -265704,6 +265751,7 @@ CVE-2024-9923,0,0,1744d806aab87c1cbef5524d43cf9cad10cdae75dc6a2cfd8b34f2d3877dca
CVE-2024-9924,0,0,4d0aa49bc1047e2e0a23ab80e176dbdf70a0af5e82bea53f63a116cd5905286e,2024-10-15T12:57:46.880000
CVE-2024-9925,0,0,40ec06885e2cf941cc3fd6c1effc99e4018421341691aa45ec80f48176ade482,2024-10-15T12:57:46.880000
CVE-2024-9936,0,0,9b9410743fe1ca2f5a844c24ad20043ec989ced54414fa626e93bdc74b6425ff,2024-10-15T12:57:46.880000
CVE-2024-9937,1,1,fc21cd16c574ce1a245aba103e1615576201cab8b5d108df1842ab1a89488a60,2024-10-16T06:15:04.177000
CVE-2024-9944,0,0,0105315be1482473acf9cccf2807cd53dd651f41a7a3739bca8c3d692de03102,2024-10-15T12:57:46.880000
CVE-2024-9952,0,0,75bf1164383c64f84aaae3ebb54926536c4d8cc1bc9810fac6b8f11ba1e426eb,2024-10-15T12:57:46.880000
CVE-2024-9953,0,0,d4420057cd6ff540e58057e827a120bd402b45b9e9ab6580a72e462bb02065ee,2024-10-15T15:15:13.660000

Can't render this file because it is too large.