admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 03:27:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-01-07T07:00:21.236145+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-01-07 07:03:46 +00:00
parent 04c10eb364
commit 27a325c7cf
75 changed files with 4454 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
CVE-2024/CVE-2024-101xx/CVE-2024-10102.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-10102",
"sourceIdentifier": "contact@wpscan.com",
"published": "2025-01-07T06:15:13.730",
"lastModified": "2025-01-07T06:15:13.730",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.22 does not sanitise and escape some of its Gallery settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks"
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/3b34d1ec-5370-40a8-964e-663f4f9f42f8/",
"source": "contact@wpscan.com"
}
]
}

60
CVE-2024/CVE-2024-105xx/CVE-2024-10527.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-10527",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T05:15:09.497",
"lastModified": "2025-01-07T05:15:09.497",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Spacer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the motech_spacer_callback() function in all versions up to, and including, 3.0.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view limited setting information."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 3.1,
"baseSeverity": "LOW",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/spacer/tags/3.0.7/index.php#L85",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/112ece28-27ac-4d3c-b302-7acab43390fb?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-105xx/CVE-2024-10536.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-10536",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T06:15:13.920",
"lastModified": "2025-01-07T06:15:13.920",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The FancyPost \u2013 Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the handle_block_shortcode_export() function in all versions up to, and including, 6.0.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to export shortcodes."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/post-block/trunk/custom-fields/options/admin-backup.php#L171",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e573648e-215f-4858-a4d3-a3e85119dbcf?source=cve",
"source": "security@wordfence.com"
}
]
}

21
CVE-2024/CVE-2024-105xx/CVE-2024-10562.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-10562",
"sourceIdentifier": "contact@wpscan.com",
"published": "2025-01-07T06:15:14.120",
"lastModified": "2025-01-07T06:15:14.120",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Form Maker by 10Web WordPress plugin before 1.15.31 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)."
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/317f6cb7-774f-4381-a855-858c051aa1d5/",
"source": "contact@wpscan.com"
}
]
}

60
CVE-2024/CVE-2024-112xx/CVE-2024-11290.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-11290",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T05:15:11.117",
"lastModified": "2025-01-07T05:15:11.117",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Member Access plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.6 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://wordpress.org/plugins/member-access/#developers",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a4c7c448-fe9d-496d-84f2-0da8d1e13d64?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-113xx/CVE-2024-11337.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-11337",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T05:15:11.320",
"lastModified": "2025-01-07T05:15:11.320",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Horoscope And Tarot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'divine_horoscope' shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wordpress.org/plugins/horoscope-and-tarot/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6d833338-a343-446f-a3f1-cb5e2cff6585?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-113xx/CVE-2024-11338.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-11338",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T05:15:11.520",
"lastModified": "2025-01-07T05:15:11.520",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The PIXNET Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gtm' and 'venue' parameters in all versions up to, and including, 2.9.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wordpress.org/plugins/pixnet/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/165bafd4-0cef-4936-af21-6a8ffcfccaef?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-113xx/CVE-2024-11363.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-11363",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T05:15:11.713",
"lastModified": "2025-01-07T05:15:11.713",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Same but Different \u2013 Related Posts by Taxonomy plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.16. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/same-but-different/tags/1.0.15/library/template-parts/tabs.php#L27",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7d262a3b-6205-45b3-8d8e-da541e07de46?source=cve",
"source": "security@wordfence.com"
}
]
}

72
CVE-2024/CVE-2024-113xx/CVE-2024-11369.json Normal file
View File

@ -0,0 +1,72 @@
{
"id": "CVE-2024-11369",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T06:15:14.233",
"lastModified": "2025-01-07T06:15:14.233",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Store credit / Gift cards for woocommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'coupon', 'start_date', and 'end_date' parameters in all versions up to, and including, 1.0.49.46 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/store-credit-for-woocommerce/tags/1.0.49.42/admin/report.php#L113",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/store-credit-for-woocommerce/tags/1.0.49.42/admin/report.php#L119",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/store-credit-for-woocommerce/tags/1.0.49.42/admin/report.php#L95",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3213698/store-credit-for-woocommerce/trunk/admin/report.php",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2e8527c0-a4b0-436d-901a-c07f93c7ec5e?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-113xx/CVE-2024-11375.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-11375",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T05:15:11.907",
"lastModified": "2025-01-07T05:15:11.907",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WC1C plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 0.23.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/wc1c-main/tags/0.23.0/views/promo/activation.php#L25",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/52293a10-4240-4a6b-a05b-33675a4ed6b6?source=cve",
"source": "security@wordfence.com"
}
]
}

80
CVE-2024/CVE-2024-113xx/CVE-2024-11377.json Normal file
View File

@ -0,0 +1,80 @@
{
"id": "CVE-2024-11377",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T05:15:12.083",
"lastModified": "2025-01-07T05:15:12.083",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Automate Hub Free by Sperse.IO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/automate-hub-free-by-sperse-io/tags/1.7.0/apps/c/clickup/clickup.php#L92",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/automate-hub-free-by-sperse-io/tags/1.7.0/apps/e/encharge/encharge.php#L82",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/automate-hub-free-by-sperse-io/tags/1.7.0/apps/g/getgist/getgist.php#L85",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/automate-hub-free-by-sperse-io/tags/1.7.0/apps/g/googlecontact/googlecontact.php#L100",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/automate-hub-free-by-sperse-io/tags/1.7.0/apps/m/mailchimp/mailchimp.php#L179",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/automate-hub-free-by-sperse-io/tags/1.7.0/apps/t/teamwork/teamwork.php#L82",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a143eb71-d039-441b-871e-d1c5cefb0529?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-113xx/CVE-2024-11378.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-11378",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T05:15:12.270",
"lastModified": "2025-01-07T05:15:12.270",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Bizapp for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'error' parameter in all versions up to, and including, 2.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/bizapp-for-woocommerce/trunk/admin/class-bizapp-woocommerce-order.php#L599",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/45cf9e0e-3a8a-400a-b766-7b352e739b7c?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-113xx/CVE-2024-11382.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-11382",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T05:15:12.457",
"lastModified": "2025-01-07T05:15:12.457",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Common Ninja: Fully Customizable & Perfectly Responsive Free Widgets for WordPress Websites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'commonninja' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wordpress.org/plugins/common-ninja/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f1205432-4de0-4745-b8d5-e36aa8f3da49?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-113xx/CVE-2024-11383.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-11383",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T05:15:12.650",
"lastModified": "2025-01-07T05:15:12.650",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The CC Canadian Mortgage Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cc-mortgage-canada' shortcode in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3216591%40cc-canadian-mortgage-calculator&new=3216591%40cc-canadian-mortgage-calculator&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0654e3c9-106d-4d90-a4e4-9705c36f7564?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-114xx/CVE-2024-11434.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-11434",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T05:15:12.873",
"lastModified": "2025-01-07T05:15:12.873",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WP \u2013 Bulk SMS \u2013 by SMS.to plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/wp-bulk-sms/trunk/includes/admin/outbox/class-wpsmstobulk-outbox.php#L171",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/17acbf24-b0ae-42c8-af8f-17e82213507d?source=cve",
"source": "security@wordfence.com"
}
]
}

64
CVE-2024/CVE-2024-114xx/CVE-2024-11445.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-11445",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T05:15:13.077",
"lastModified": "2025-01-07T05:15:13.077",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Image Magnify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'image_magnify' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/image-magnify/trunk/image-magnify.php",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/plugins/image-magnify/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/55838de5-0795-429b-be87-a0d57b29e471?source=cve",
"source": "security@wordfence.com"
}
]
}

76
CVE-2024/CVE-2024-114xx/CVE-2024-11465.json Normal file
View File

@ -0,0 +1,76 @@
{
"id": "CVE-2024-11465",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T05:15:13.287",
"lastModified": "2025-01-07T05:15:13.287",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Custom Product Tabs for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.8.5 via deserialization of untrusted input in the 'yikes_woo_products_tabs' post meta parameter. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/yikes-inc-easy-custom-woocommerce-product-tabs/trunk/admin/class.yikes-woo-generate-html.php#L19",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/yikes-inc-easy-custom-woocommerce-product-tabs/trunk/admin/class.yikes-woo-saved-tabs.php#L222",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/yikes-inc-easy-custom-woocommerce-product-tabs/trunk/admin/class.yikes-woo-saved-tabs.php#L449",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/yikes-inc-easy-custom-woocommerce-product-tabs/trunk/public/class.yikes-woo-tabs-display.php#L47",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/yikes-inc-easy-custom-woocommerce-product-tabs/trunk/yikes-inc-easy-custom-woocommerce-product-tabs.php#L262",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1ad0d6eb-aafa-4f0b-bf1c-73d94e361087?source=cve",
"source": "security@wordfence.com"
}
]
}

64
CVE-2024/CVE-2024-114xx/CVE-2024-11496.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-11496",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T05:15:13.480",
"lastModified": "2025-01-07T05:15:13.480",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Infility Global plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the infility_global_ajax function in all versions up to, and including, 2.9.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update plugin options and potentially break the site."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/infility-global/trunk/include/class/action.class.php#L80",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/infility-global/trunk/infility_global.php#L121",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d0fd1c19-b752-4562-9365-165d709b91b2?source=cve",
"source": "security@wordfence.com"
}
]
}

21
CVE-2024/CVE-2024-116xx/CVE-2024-11606.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-11606",
"sourceIdentifier": "contact@wpscan.com",
"published": "2025-01-07T06:15:14.427",
"lastModified": "2025-01-07T06:15:14.427",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Tabs Shortcode WordPress plugin through 2.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks."
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/76ae8f5b-2d0e-4bf5-9ae3-f76cd52dea8d/",
"source": "contact@wpscan.com"
}
]
}

60
CVE-2024/CVE-2024-116xx/CVE-2024-11690.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-11690",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T05:15:13.677",
"lastModified": "2025-01-07T05:15:13.677",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Financial Stocks & Crypto Market Data Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'e' parameter in all versions up to, and including, 1.10.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wordpress.org/plugins/live-stock-prices-for-wordpress/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/210e9d94-ae2a-4dd9-a151-0bafbac68d18?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-117xx/CVE-2024-11749.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-11749",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T06:15:14.713",
"lastModified": "2025-01-07T06:15:14.713",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The App Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'appizy' shortcode in all versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3216285%40appizy-app-embed&new=3216285%40appizy-app-embed&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/111a0507-aa51-4e4e-a582-9007041c811b?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-117xx/CVE-2024-11756.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-11756",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T06:15:14.943",
"lastModified": "2025-01-07T06:15:14.943",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SweepWidget Contests, Giveaways, Photo Contests, Competitions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sweepwidget' shortcode in all versions up to, and including, 2.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/sweepwidget/trunk/sweepwidget.php#L936",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f1ec6957-28c0-4441-8801-80b226569df9?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-118xx/CVE-2024-11810.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-11810",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T05:15:13.883",
"lastModified": "2025-01-07T05:15:13.883",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The PayGreen Payment Gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message_id' parameter in all versions up to, and including, 1.0.26 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wordpress.org/plugins/paygreen-payment-gateway/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e5438f82-2428-44ba-a7c8-e34d80804063?source=cve",
"source": "security@wordfence.com"
}
]
}

64
CVE-2024/CVE-2024-118xx/CVE-2024-11887.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-11887",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T06:15:15.147",
"lastModified": "2025-01-07T06:15:15.147",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Geo Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'geotargetlygeocontent' shortcode in all versions up to, and including, 6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/geo-targetly-geo-content/trunk/geotargetly-geo-content.php#L157",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/plugins/geo-targetly-geo-content/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c52cdb58-c97a-43a6-a3ff-be084ceee085?source=cve",
"source": "security@wordfence.com"
}
]
}

72
CVE-2024/CVE-2024-120xx/CVE-2024-12049.json Normal file
View File

@ -0,0 +1,72 @@
{
"id": "CVE-2024-12049",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T05:15:14.147",
"lastModified": "2025-01-07T05:15:14.147",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Woo Ukrposhta plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'order', 'post', and 'idd' parameters in all versions up to, and including, 1.17.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/woo-ukrposhta/trunk/admin/partials/edit-international.php#L71",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/woo-ukrposhta/trunk/admin/partials/edit.php#L43",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/woo-ukrposhta/trunk/admin/partials/morkvaup-plugin-invoices-page.php#L29",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/plugins/woo-ukrposhta/#developers",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0e549e4c-9f2e-40a4-9b07-7edb34bc0c9f?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-120xx/CVE-2024-12073.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-12073",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T06:15:15.367",
"lastModified": "2025-01-07T06:15:15.367",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Meteor Slides plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slide_url_value' parameter in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wordpress.org/plugins/meteor-slides/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/be913494-f4a7-4718-ac2b-da4baf2b0a21?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-121xx/CVE-2024-12124.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-12124",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T05:15:14.340",
"lastModified": "2025-01-07T05:15:14.340",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Role Includer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018user_id\u2019 parameter in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wordpress.org/plugins/role-includer/#developers",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/97b3399b-cda2-4ab1-8919-b1e4ba4a5dcf?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-121xx/CVE-2024-12126.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-12126",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T05:15:14.533",
"lastModified": "2025-01-07T05:15:14.533",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SEO Keywords plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018google_error\u2019 parameter in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wordpress.org/plugins/seo-keywords/#developers",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/325c2350-174b-4117-bacd-ae28bf3b16bc?source=cve",
"source": "security@wordfence.com"
}
]
}

64
CVE-2024/CVE-2024-121xx/CVE-2024-12140.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-12140",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T05:15:14.730",
"lastModified": "2025-01-07T05:15:14.730",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Elementor Addons AI Addons \u2013 70 Widgets, Premium Templates, Ultimate Elements plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.1 via the render function due to insufficient restrictions on which templates can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft templates that they should not have access to."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/ai-addons-for-elementor/tags/2.2.1/includes/widgets/accordion.php#L958",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ai-addons-for-elementor/tags/2.2.1/includes/widgets/tab.php#L905",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c00d83a7-dd7a-407d-b44e-7ee0a2a1492a?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-121xx/CVE-2024-12153.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-12153",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T05:15:14.927",
"lastModified": "2025-01-07T05:15:14.927",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The GDY Modular Content plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 0.9.91. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/gdy-modular-content/trunk/includes/elements.php#L16",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8f854737-e87b-4c50-a9fb-d3b129f9d9fc?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-121xx/CVE-2024-12157.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-12157",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T05:15:15.133",
"lastModified": "2025-01-07T05:15:15.133",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Popup \u2013 MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'upc_delete_db_record' AJAX action in all versions up to, and including, 3.2.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://wordpress.org/plugins/ultimate-popup-creator/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3e63ce97-40af-493d-9376-231a99d9bd58?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-121xx/CVE-2024-12158.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-12158",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T05:15:15.323",
"lastModified": "2025-01-07T05:15:15.323",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Popup \u2013 MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'upc_delete_db_data' AJAX action in all versions up to, and including, 3.2.6. This makes it possible for unauthenticated attackers to delete the DB data for the plugin."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://wordpress.org/plugins/ultimate-popup-creator/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/93a698df-fd68-4fbc-946e-a9b5a7f93b71?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-121xx/CVE-2024-12159.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-12159",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T05:15:15.527",
"lastModified": "2025-01-07T05:15:15.527",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Optimize Your Campaigns \u2013 Google Shopping \u2013 Google Ads \u2013 Google Adwords plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.1 due to the print_php_information.php being publicly accessible. This makes it possible for unauthenticated attackers to extract sensitive configuration data that can be leveraged in another attack."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/muzaara-adwords-optimize-dashboard/trunk/lib/muzaara/lib/google-ads-php/scripts/print_php_information.php",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cfeca343-c796-45d5-a71d-8211d8b38b3e?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-121xx/CVE-2024-12170.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-12170",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T05:15:15.713",
"lastModified": "2025-01-07T05:15:15.713",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ViewMedica 9 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.15. This is due to missing or incorrect nonce validation on the 'Viewmedica-Admin' page. This makes it possible for unauthenticated attackers to inject arbitrary SQL queries via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://wordpress.org/plugins/viewmedica/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/58209530-9e68-4d2c-a723-e6a164db7f46?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-121xx/CVE-2024-12176.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-12176",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T05:15:15.900",
"lastModified": "2025-01-07T05:15:15.900",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WordLift \u2013 AI powered SEO \u2013 Schema plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'wl_config_plugin' AJAX action in all versions up to, and including, 3.54.0. This makes it possible for unauthenticated attackers to update the plugin's settings."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://wordpress.org/plugins/wordlift/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ca6bdde6-f381-4ccb-8984-519cf9aca0b1?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-122xx/CVE-2024-12207.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-12207",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T05:15:16.080",
"lastModified": "2025-01-07T05:15:16.080",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Toggles Shortcode and Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018content\u2019 parameter in all versions up to, and including, 1.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/toggles-shortcode-and-widget/trunk/include/otw_components/otw_shortcode/shortcodes/otw_shortcode_content_toggle.class.php#L246",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/755c8863-33c2-47aa-880a-0ef8b2d594a3?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-122xx/CVE-2024-12208.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-12208",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T05:15:16.270",
"lastModified": "2025-01-07T05:15:16.270",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Backup and Restore WordPress \u2013 Backup Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.50. This is due to missing or incorrect nonce validation on the ajax_queue_manual_backup() function. This makes it possible for unauthenticated attackers to trigger backups via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://wordpress.org/plugins/wp-backitup/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e461a04b-6456-4930-b3e7-0f808825aa6b?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-122xx/CVE-2024-12214.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-12214",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T05:15:16.470",
"lastModified": "2025-01-07T05:15:16.470",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WooCommerce HSS Extension for Streaming Video plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018videolink\u2019 parameter in all versions up to, and including, 3.31 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wordpress.org/plugins/woocommerce-hss-extension-for-streaming-video/#developers",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1d633f71-3b2b-4fe3-80f1-4c2dcc86313c?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-122xx/CVE-2024-12252.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-12252",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T05:15:16.660",
"lastModified": "2025-01-07T05:15:16.660",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SEO LAT Auto Post plugin for WordPress is vulnerable to file overwrite due to a missing capability check on the remote_update AJAX action in all versions up to, and including, 2.2.1. This makes it possible for unauthenticated attackers to overwrite the seo-beginner-auto-post.php file which can be leveraged to achieve remote code execution."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://wordpress.org/plugins/seo-beginner-auto-post/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/67df10cc-ce3c-4157-9860-7e367062f710?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-122xx/CVE-2024-12256.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-12256",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T05:15:16.857",
"lastModified": "2025-01-07T05:15:16.857",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Simple Video Management System plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'analytics_video' parameter in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wordpress.org/plugins/simple-video-management-system/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cdaa6b7c-bf38-44b5-9d83-2918cbedc683?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-122xx/CVE-2024-12261.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-12261",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T06:15:15.593",
"lastModified": "2025-01-07T06:15:15.593",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SmartEmailing.cz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'se-lists-updated' parameter in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wordpress.org/plugins/smartemailing/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7332c21a-3501-4066-b7b7-34914a228d8f?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-122xx/CVE-2024-12264.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-12264",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T05:15:17.047",
"lastModified": "2025-01-07T05:15:17.047",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The PayU CommercePro Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.8.3. This is due to /wp-json/payu/v1/generate-user-token and /wp-json/payu/v1/get-shipping-cost REST API endpoints not properly verifying a user's identity prior to setting the users ID and auth cookies. This makes it possible for unauthenticated attackers to create new administrative user accounts."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/payu-india/tags/3.8.3/includes/class-payu-shipping-tax-api-calculation.php#L187",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bf037e4a-2dd7-4296-b86b-635901d2d68f?source=cve",
"source": "security@wordfence.com"
}
]
}

64
CVE-2024/CVE-2024-122xx/CVE-2024-12288.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-12288",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T05:15:17.243",
"lastModified": "2025-01-07T05:15:17.243",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Simple add pages or posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.0. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/simple-add-pages-or-posts/tags/2.0.0/form.php#L243",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/plugins/simple-add-pages-or-posts/#developers",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/506f101c-ffec-415d-92dc-99cb7384af95?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-122xx/CVE-2024-12290.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-12290",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T05:15:17.440",
"lastModified": "2025-01-07T05:15:17.440",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Infility Global plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018set_type\u2019 parameter in all versions up to, and including, 2.9.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wordpress.org/plugins/infility-global/#developers",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6127576b-5ce2-4a3e-95de-8a2b3d90d3a0?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-122xx/CVE-2024-12291.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-12291",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T05:15:17.633",
"lastModified": "2025-01-07T05:15:17.633",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ViewMedica 9 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.15. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://wordpress.org/plugins/viewmedica/#developers",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/646ba700-28d5-455f-88de-2864ef8f202c?source=cve",
"source": "security@wordfence.com"
}
]
}

72
CVE-2024/CVE-2024-123xx/CVE-2024-12313.json Normal file
View File

@ -0,0 +1,72 @@
{
"id": "CVE-2024-12313",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T05:15:17.853",
"lastModified": "2025-01-07T05:15:17.853",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Compare Products for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.1 via deserialization of untrusted input from the 'woo_compare_list' cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/woocommerce-compare-products/trunk/classes/class-wc-compare-functions.php#L219",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/woocommerce-compare-products/trunk/classes/class-wc-compare-functions.php#L237",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/woocommerce-compare-products/trunk/classes/class-wc-compare-functions.php#L256",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/woocommerce-compare-products/trunk/classes/class-wc-compare-functions.php#L275",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/638e8e67-38b3-4fc4-bd77-8f268030a93a?source=cve",
"source": "security@wordfence.com"
}
]
}

72
CVE-2024/CVE-2024-123xx/CVE-2024-12322.json Normal file
View File

@ -0,0 +1,72 @@
{
"id": "CVE-2024-12322",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T05:15:18.063",
"lastModified": "2025-01-07T05:15:18.063",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ThePerfectWedding.nl Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8. This is due to missing or incorrect nonce validation on the 'update_option' function. This makes it possible for unauthenticated attackers to update the 'tpwKey' option with stored cross-site scripting via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/theperfectweddingnl-widget/trunk/admin/tpwAdminPanelTemplate.php#L28",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/theperfectweddingnl-widget/trunk/admin/tpwAdminPanelTemplate.php#L4",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/theperfectweddingnl-widget/trunk/admin/tpwAdminPanelTemplate.php#L48",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/theperfectweddingnl-widget/trunk/admin/tpwAdminPanelTemplate.php#L5",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e996f71a-f0b9-4e10-873e-a0299a099dce?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-123xx/CVE-2024-12324.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-12324",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T05:15:18.267",
"lastModified": "2025-01-07T05:15:18.267",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Unilevel MLM Plan plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018page\u2019 parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/unilevel-mlm-plan/trunk/includes/admin/settings/view/ump-epins-list.php#L81",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fe71e2b9-ddd7-4d6d-97e5-5fad41f8f35c?source=cve",
"source": "security@wordfence.com"
}
]
}

64
CVE-2024/CVE-2024-123xx/CVE-2024-12327.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-12327",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T05:15:18.470",
"lastModified": "2025-01-07T05:15:18.470",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The LazyLoad Background Images plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pblzbg_save_settings() function in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's settings."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/lazyload-background-images/trunk/admin/plugin-functions.php#L152",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/lazyload-background-images/trunk/admin/plugin-functions.php#L153",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d57fa9f3-b1c0-4601-96d9-178d0dba1332?source=cve",
"source": "security@wordfence.com"
}
]
}

68
CVE-2024/CVE-2024-123xx/CVE-2024-12332.json Normal file
View File

@ -0,0 +1,68 @@
{
"id": "CVE-2024-12332",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T05:15:18.687",
"lastModified": "2025-01-07T05:15:18.687",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The School Management System \u2013 WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'cid' parameter in all versions up to, and including, 2.2.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Student/Parent-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/wpschoolpress/trunk/pages/wpsp-teacher.php#L49",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpschoolpress/trunk/pages/wpsp-teacher.php#L72",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpschoolpress/trunk/pages/wpsp-teacher.php#L73",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c0248af2-f9f3-4652-bf6d-b46aa91b66f3?source=cve",
"source": "security@wordfence.com"
}
]
}

68
CVE-2024/CVE-2024-123xx/CVE-2024-12383.json Normal file
View File

@ -0,0 +1,68 @@
{
"id": "CVE-2024-12383",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T06:15:15.790",
"lastModified": "2025-01-07T06:15:15.790",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Binary MLM Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0. This is due to missing or incorrect nonce validation on the 'bmw_display_pv_set_page' function and insufficient input sanitization and output escaping of the 'product_points' parameter. This makes it possible for unauthenticated attackers to inject arbitrary web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/woo-binary-mlm/trunk/includes/admin/point_setting.php#L7",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/woo-binary-mlm/trunk/includes/admin/point_setting.php#L92",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/woo-binary-mlm/trunk/includes/admin/point_setting.php#L96",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b061fbf2-4bb3-4ccc-ba90-1e947365435e?source=cve",
"source": "security@wordfence.com"
}
]
}

68
CVE-2024/CVE-2024-123xx/CVE-2024-12384.json Normal file
View File

@ -0,0 +1,68 @@
{
"id": "CVE-2024-12384",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T06:15:15.983",
"lastModified": "2025-01-07T06:15:15.983",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Binary MLM Woocommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page\u2019 parameter in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/woo-binary-mlm/trunk/includes/admin/payout/payout-report.php#L121",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/woo-binary-mlm/trunk/includes/admin/payout/payout-report.php#L44",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/woo-binary-mlm/trunk/includes/admin/register-first-user.php#L82",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fdf6b2ea-5a6a-481b-9431-650c895f54ef?source=cve",
"source": "security@wordfence.com"
}
]
}

64
CVE-2024/CVE-2024-124xx/CVE-2024-12435.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-12435",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T05:15:18.887",
"lastModified": "2025-01-07T05:15:18.887",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Compare Products for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018s_feature\u2019 parameter in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/woocommerce-compare-products/trunk/admin/classes/class-wc-compare-fields.php#L392",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/woocommerce-compare-products/trunk/admin/classes/class-wc-compare-fields.php#L397",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f74c419a-56de-4190-925d-876d32f712e1?source=cve",
"source": "security@wordfence.com"
}
]
}

80
CVE-2024/CVE-2024-124xx/CVE-2024-12438.json Normal file
View File

@ -0,0 +1,80 @@
{
"id": "CVE-2024-12438",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T06:15:16.183",
"lastModified": "2025-01-07T06:15:16.183",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WooCommerce Digital Content Delivery (incl. DRM) \u2013 FlickRocket plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'start_date\u2019 and 'end_date' parameters in all versions up to, and including, 4.74 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/woocommerce-digital-content-delivery-with-drm-flickrocket/trunk/woocommerce-flickrocket.php#L613",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/woocommerce-digital-content-delivery-with-drm-flickrocket/trunk/woocommerce-flickrocket.php#L614",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/woocommerce-digital-content-delivery-with-drm-flickrocket/trunk/woocommerce-flickrocket.php#L629",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/woocommerce-digital-content-delivery-with-drm-flickrocket/trunk/woocommerce-flickrocket.php#L632",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/woocommerce-digital-content-delivery-with-drm-flickrocket/trunk/woocommerce-flickrocket.php#L655",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/woocommerce-digital-content-delivery-with-drm-flickrocket/trunk/woocommerce-flickrocket.php#L658",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/aa3909f6-fd2f-44e7-83b5-51c8cda4b20f?source=cve",
"source": "security@wordfence.com"
}
]
}

64
CVE-2024/CVE-2024-124xx/CVE-2024-12439.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-12439",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T06:15:16.430",
"lastModified": "2025-01-07T06:15:16.430",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Marketplace Items plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'marketplace' shortcode in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/marketplace-items/trunk/marketplace-items.php",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/plugins/marketplace-items/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/602ae805-a6a6-48bd-bd2a-00fafadfdce4?source=cve",
"source": "security@wordfence.com"
}
]
}

64
CVE-2024/CVE-2024-124xx/CVE-2024-12440.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-12440",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T06:15:16.630",
"lastModified": "2025-01-07T06:15:16.630",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Candifly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'candifly' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/candifly/trunk/candifly.php",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/plugins/candifly/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bf173ccd-23bc-49ec-92e0-032feae0fa4a?source=cve",
"source": "security@wordfence.com"
}
]
}

64
CVE-2024/CVE-2024-124xx/CVE-2024-12445.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-12445",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T05:15:19.083",
"lastModified": "2025-01-07T05:15:19.083",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The RightMessage WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rm_area' shortcode in all versions up to, and including, 0.9.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/rightmessage/trunk/includes/class-rightmessage.php#L45",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/plugins/rightmessage",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/efbbb33d-28ed-47f4-a8dd-2fc7564d9df2?source=cve",
"source": "security@wordfence.com"
}
]
}

64
CVE-2024/CVE-2024-124xx/CVE-2024-12453.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-12453",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T05:15:19.260",
"lastModified": "2025-01-07T05:15:19.260",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Uptodown APK Download Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'utd-widget' shortcode in all versions up to, and including, 0.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/uptodown-apk-download-widget/trunk/uptodown_wp_widget.php#L47",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/plugins/uptodown-apk-download-widget",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/78c2d5fc-240a-4fed-92ae-b9f84de3e119?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-124xx/CVE-2024-12457.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-12457",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T05:15:19.453",
"lastModified": "2025-01-07T05:15:19.453",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Chat Support for Viber \u2013 Chat Bubble and Chat Button for Gutenberg, Elementor and Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vchat' shortcode in all versions up to, and including, 1.7.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/chat-viber/tags/1.7.2/inc/class-custom-buttons-templates.php#L51",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7834c0be-3051-4d97-928e-cf5295c93463?source=cve",
"source": "security@wordfence.com"
}
]
}

64
CVE-2024/CVE-2024-124xx/CVE-2024-12462.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-12462",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T05:15:19.640",
"lastModified": "2025-01-07T05:15:19.640",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The YOGO Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'yogo-calendar' shortcode in all versions up to, and including, 1.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/yogo-booking/trunk/src/shortcodes.php#L13",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/plugins/yogo-booking",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/151b0aa9-c5c9-48ab-8b73-22ee42666824?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-124xx/CVE-2024-12464.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-12464",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T06:15:16.823",
"lastModified": "2025-01-07T06:15:16.823",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Chatroll Live Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'chatroll' shortcode in all versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/chatroll-live-chat/tags/2.5.0/chatroll.php#L62",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/87fdadcd-b776-471a-9756-708e384de4f0?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-124xx/CVE-2024-12470.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-12470",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T05:15:19.823",
"lastModified": "2025-01-07T05:15:19.823",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The School Management System \u2013 SakolaWP plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.8. This is due to the registration function not properly limiting what roles a user can register as. This makes it possible for unauthenticated attackers to register as an administrative user."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-266"
}
]
}
],
"references": [
{
"url": "https://wordpress.org/plugins/sakolawp-lite/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/db1c581b-5cc9-46c0-ba5d-605642697729?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-124xx/CVE-2024-12471.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-12471",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T06:15:17.027",
"lastModified": "2025-01-07T06:15:17.027",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Post Saint: ChatGPT, GPT4, DALL-E, Stable Diffusion, Pexels, Dezgo AI Text & Image Generator plugin for WordPress is vulnerable to arbitrary files uploads due to a missing capability check and file type validation on the add_image_to_library AJAX action function in all versions up to, and including, 1.3.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files that make remote code execution possible."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://wordpress.org/plugins/post-saint/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bc17284e-65ea-4e67-aba9-3475f0174657?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-125xx/CVE-2024-12535.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-12535",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T06:15:17.220",
"lastModified": "2025-01-07T06:15:17.220",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Host PHP Info plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the 'phpinfo' function in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to read configuration settings and predefined variables on the site's server. The plugin does not need to be activated for the vulnerability to be exploited."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/host-php-info/trunk/info.php#L2",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/88d27385-9b92-419c-9e03-687d7192bbb5?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-126xx/CVE-2024-12633.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-12633",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T06:15:17.417",
"lastModified": "2025-01-07T06:15:17.417",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The JoomSport \u2013 for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018page parameter in all versions up to, and including, 5.6.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3209054/joomsport-sports-league-results-management",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b4503e2c-0d0d-45de-a597-baace44a98a7?source=cve",
"source": "security@wordfence.com"
}
]
}

68
CVE-2024/CVE-2024-128xx/CVE-2024-12849.json Normal file
View File

@ -0,0 +1,68 @@
{
"id": "CVE-2024-12849",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T06:15:17.607",
"lastModified": "2025-01-07T06:15:17.607",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Error Log Viewer By WP Guru plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1.3 via the wp_ajax_nopriv_elvwp_log_download AJAX action. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/error-log-viewer-wp/tags/1.0.1.3/error-log-viewer-wp.php#L295",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/error-log-viewer-wp/tags/1.0.1.3/error-log-viewer-wp.php#L479",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3215563%40error-log-viewer-wp&new=3215563%40error-log-viewer-wp&sfp_email=&sfph_mail=#file10",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/57888e36-3a61-4452-b4ea-9db9e422dc2d?source=cve",
"source": "security@wordfence.com"
}
]
}

56
CVE-2024/CVE-2024-76xx/CVE-2024-7696.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-7696",
"sourceIdentifier": "product-security@axis.com",
"published": "2025-01-07T06:15:17.827",
"lastModified": "2025-01-07T06:15:17.827",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Seth Fogie, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for an authenticated malicious client to tamper with audit log creation in AXIS Camera Station, or perform a Denial-of-Service attack on the AXIS Camera Station server using maliciously crafted audit log entries. \nAxis has released a patched version for the highlighted flaw. Please \nrefer to the Axis security advisory for more information and solution."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "product-security@axis.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "product-security@axis.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-117"
}
]
}
],
"references": [
{
"url": "https://www.axis.com/dam/public/b3/53/03/cve-2024-7696-en-US-459552.pdf",
"source": "product-security@axis.com"
}
]
}

21
CVE-2024/CVE-2024-88xx/CVE-2024-8855.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-8855",
"sourceIdentifier": "contact@wpscan.com",
"published": "2025-01-07T06:15:17.977",
"lastModified": "2025-01-07T06:15:17.977",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WordPress Auction Plugin WordPress plugin through 3.7 does not sanitize and escape a parameter before using it in a SQL statement, allowing editors and above to perform SQL injection attacks"
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/04084f2a-45b8-4249-a472-f156fad0c90a/",
"source": "contact@wpscan.com"
}
]
}

21
CVE-2024/CVE-2024-88xx/CVE-2024-8857.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-8857",
"sourceIdentifier": "contact@wpscan.com",
"published": "2025-01-07T06:15:18.100",
"lastModified": "2025-01-07T06:15:18.100",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WordPress Auction Plugin WordPress plugin through 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Stored Cross-Site Scripting attacks."
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/08ca6daa-09f4-4604-ac9e-15a1b33d599d/",
"source": "contact@wpscan.com"
}
]
}

60
CVE-2024/CVE-2024-92xx/CVE-2024-9208.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-9208",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T05:15:20.790",
"lastModified": "2025-01-07T05:15:20.790",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Enable Accessibility plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.4.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/enable-accessibility/tags/1.4.1/includes/accessibility-attachments-alt.php#L62",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/da125e31-4747-46b7-8a46-a234388035c0?source=cve",
"source": "security@wordfence.com"
}
]
}

21
CVE-2024/CVE-2024-96xx/CVE-2024-9638.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-9638",
"sourceIdentifier": "contact@wpscan.com",
"published": "2025-01-07T06:15:18.217",
"lastModified": "2025-01-07T06:15:18.217",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Category Posts Widget WordPress plugin before 4.9.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)."
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/119d5249-48e4-429e-8a1d-ad112e0c966d/",
"source": "contact@wpscan.com"
}
]
}

68
CVE-2024/CVE-2024-96xx/CVE-2024-9697.json Normal file
View File

@ -0,0 +1,68 @@
{
"id": "CVE-2024-9697",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T06:15:18.330",
"lastModified": "2025-01-07T06:15:18.330",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Social Rocket \u2013 Social Sharing Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tweet_settings_save() and tweet_settings_update() functions in all versions up to, and including, 1.3.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's settings."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/social-rocket/trunk/admin/includes/class-social-rocket-admin.php#L39",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/social-rocket/trunk/admin/includes/class-social-rocket-admin.php#L5501",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/social-rocket/trunk/admin/includes/class-social-rocket-admin.php#L5531",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/168dd2d4-bffb-4187-afc7-02fef8cb51a7?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-97xx/CVE-2024-9702.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-9702",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-07T06:15:18.597",
"lastModified": "2025-01-07T06:15:18.597",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Social Rocket \u2013 Social Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'socialrocket-floating' shortcode in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wordpress.org/plugins/social-rocket/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8d4d948e-359e-4514-9c8f-dbd8198ef4fe?source=cve",
"source": "security@wordfence.com"
}
]
}

51
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2025-01-07T05:00:19.408614+00:00
2025-01-07T07:00:21.236145+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2025-01-07T04:15:09.783000+00:00
2025-01-07T06:15:18.597000+00:00
```
### Last Data Feed Release
@ -33,31 +33,38 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
275873
275946
```
### CVEs added in the last Commit
Recently added CVEs: `18`
Recently added CVEs: `73`
- [CVE-2024-11437](CVE-2024/CVE-2024-114xx/CVE-2024-11437.json) (`2025-01-07T04:15:06.150`)
- [CVE-2024-11777](CVE-2024/CVE-2024-117xx/CVE-2024-11777.json) (`2025-01-07T04:15:07.200`)
- [CVE-2024-11899](CVE-2024/CVE-2024-118xx/CVE-2024-11899.json) (`2025-01-07T04:15:07.350`)
- [CVE-2024-11934](CVE-2024/CVE-2024-119xx/CVE-2024-11934.json) (`2025-01-07T04:15:07.520`)
- [CVE-2024-12022](CVE-2024/CVE-2024-120xx/CVE-2024-12022.json) (`2025-01-07T04:15:07.677`)
- [CVE-2024-12098](CVE-2024/CVE-2024-120xx/CVE-2024-12098.json) (`2025-01-07T04:15:07.837`)
- [CVE-2024-12402](CVE-2024/CVE-2024-124xx/CVE-2024-12402.json) (`2025-01-07T04:15:07.990`)
- [CVE-2024-12416](CVE-2024/CVE-2024-124xx/CVE-2024-12416.json) (`2025-01-07T04:15:08.143`)
- [CVE-2024-12419](CVE-2024/CVE-2024-124xx/CVE-2024-12419.json) (`2025-01-07T04:15:08.337`)
- [CVE-2024-12528](CVE-2024/CVE-2024-125xx/CVE-2024-12528.json) (`2025-01-07T04:15:08.543`)
- [CVE-2024-12538](CVE-2024/CVE-2024-125xx/CVE-2024-12538.json) (`2025-01-07T04:15:08.720`)
- [CVE-2024-12540](CVE-2024/CVE-2024-125xx/CVE-2024-12540.json) (`2025-01-07T04:15:08.917`)
- [CVE-2024-12541](CVE-2024/CVE-2024-125xx/CVE-2024-12541.json) (`2025-01-07T04:15:09.083`)
- [CVE-2024-12557](CVE-2024/CVE-2024-125xx/CVE-2024-12557.json) (`2025-01-07T04:15:09.260`)
- [CVE-2024-12559](CVE-2024/CVE-2024-125xx/CVE-2024-12559.json) (`2025-01-07T04:15:09.433`)
- [CVE-2024-12590](CVE-2024/CVE-2024-125xx/CVE-2024-12590.json) (`2025-01-07T04:15:09.607`)
- [CVE-2024-12592](CVE-2024/CVE-2024-125xx/CVE-2024-12592.json) (`2025-01-07T04:15:09.783`)
- [CVE-2025-22395](CVE-2025/CVE-2025-223xx/CVE-2025-22395.json) (`2025-01-07T03:15:06.047`)
- [CVE-2024-12327](CVE-2024/CVE-2024-123xx/CVE-2024-12327.json) (`2025-01-07T05:15:18.470`)
- [CVE-2024-12332](CVE-2024/CVE-2024-123xx/CVE-2024-12332.json) (`2025-01-07T05:15:18.687`)
- [CVE-2024-12383](CVE-2024/CVE-2024-123xx/CVE-2024-12383.json) (`2025-01-07T06:15:15.790`)
- [CVE-2024-12384](CVE-2024/CVE-2024-123xx/CVE-2024-12384.json) (`2025-01-07T06:15:15.983`)
- [CVE-2024-12435](CVE-2024/CVE-2024-124xx/CVE-2024-12435.json) (`2025-01-07T05:15:18.887`)
- [CVE-2024-12438](CVE-2024/CVE-2024-124xx/CVE-2024-12438.json) (`2025-01-07T06:15:16.183`)
- [CVE-2024-12439](CVE-2024/CVE-2024-124xx/CVE-2024-12439.json) (`2025-01-07T06:15:16.430`)
- [CVE-2024-12440](CVE-2024/CVE-2024-124xx/CVE-2024-12440.json) (`2025-01-07T06:15:16.630`)
- [CVE-2024-12445](CVE-2024/CVE-2024-124xx/CVE-2024-12445.json) (`2025-01-07T05:15:19.083`)
- [CVE-2024-12453](CVE-2024/CVE-2024-124xx/CVE-2024-12453.json) (`2025-01-07T05:15:19.260`)
- [CVE-2024-12457](CVE-2024/CVE-2024-124xx/CVE-2024-12457.json) (`2025-01-07T05:15:19.453`)
- [CVE-2024-12462](CVE-2024/CVE-2024-124xx/CVE-2024-12462.json) (`2025-01-07T05:15:19.640`)
- [CVE-2024-12464](CVE-2024/CVE-2024-124xx/CVE-2024-12464.json) (`2025-01-07T06:15:16.823`)
- [CVE-2024-12470](CVE-2024/CVE-2024-124xx/CVE-2024-12470.json) (`2025-01-07T05:15:19.823`)
- [CVE-2024-12471](CVE-2024/CVE-2024-124xx/CVE-2024-12471.json) (`2025-01-07T06:15:17.027`)
- [CVE-2024-12535](CVE-2024/CVE-2024-125xx/CVE-2024-12535.json) (`2025-01-07T06:15:17.220`)
- [CVE-2024-12633](CVE-2024/CVE-2024-126xx/CVE-2024-12633.json) (`2025-01-07T06:15:17.417`)
- [CVE-2024-12849](CVE-2024/CVE-2024-128xx/CVE-2024-12849.json) (`2025-01-07T06:15:17.607`)
- [CVE-2024-7696](CVE-2024/CVE-2024-76xx/CVE-2024-7696.json) (`2025-01-07T06:15:17.827`)
- [CVE-2024-8855](CVE-2024/CVE-2024-88xx/CVE-2024-8855.json) (`2025-01-07T06:15:17.977`)
- [CVE-2024-8857](CVE-2024/CVE-2024-88xx/CVE-2024-8857.json) (`2025-01-07T06:15:18.100`)
- [CVE-2024-9208](CVE-2024/CVE-2024-92xx/CVE-2024-9208.json) (`2025-01-07T05:15:20.790`)
- [CVE-2024-9638](CVE-2024/CVE-2024-96xx/CVE-2024-9638.json) (`2025-01-07T06:15:18.217`)
- [CVE-2024-9697](CVE-2024/CVE-2024-96xx/CVE-2024-9697.json) (`2025-01-07T06:15:18.330`)
- [CVE-2024-9702](CVE-2024/CVE-2024-97xx/CVE-2024-9702.json) (`2025-01-07T06:15:18.597`)
### CVEs modified in the last Commit

109
_state.csv
View File

@ -243252,6 +243252,7 @@ CVE-2024-10099,0,0,ff238a91e24fcb0a85fcb34f700c80404c8e345e8e0c333898778e0f4a6cf
CVE-2024-1010,0,0,b760c6839f8ba4fc102d84ec8eb422be6a7986ee41491a18032e2ca8b34ccde5,2024-11-21T08:49:35.243000
CVE-2024-10100,0,0,e257ac7ecea7ed9deddddca60657be7d2649829f289e846b06e9d10c365d346b,2024-11-04T19:15:05.297000
CVE-2024-10101,0,0,fec1f0c88678ca99198bb58f95f12b144e2edf82230ea1a8688c401204e642f7,2024-12-20T21:15:06.440000
CVE-2024-10102,1,1,e633bb19adeec60256d843d80f8603ddd720609a36b1d493798b4b97a59dd6a5,2025-01-07T06:15:13.730000
CVE-2024-10103,0,0,e854e5edfcf43e70adfea03c62a4fcbb787ffe431d5323bec06ca7656746d9ef,2024-11-19T21:57:32.967000
CVE-2024-10104,0,0,edcf9a609eefa3129230f441c58905f876237c83c0092e5bc98e317fac05c0fd,2024-11-15T19:35:04.683000
CVE-2024-10108,0,0,57e3bdf5c93deb8dbbc7ad9bd9f5c8802e9586c3214ce14e9acc02b653026e84,2024-11-01T12:57:03.417000
@ -243612,6 +243613,7 @@ CVE-2024-10523,0,0,7cc4719be638488b8b84233b435754a6a5dcc357f333b40290bb3e99a0f90
CVE-2024-10524,0,0,c2da650c8fb959e3655afb050ea98d59c38083a2db2a6841d4636c9a53404b99,2024-11-21T08:48:42.313000
CVE-2024-10525,0,0,550cf84729b31fb0a9e5663c63d50687239e5a204169e8c50724c4cdf639431a,2024-11-01T12:57:03.417000
CVE-2024-10526,0,0,6f7e328f774c00887292c6a9b6f09466273e7b5111063f43f180124280a00fc6,2024-11-08T19:01:03.880000
CVE-2024-10527,1,1,2ac72a7f22b2d63c7ccf4054363b685d4c86d8a1de32c24784406b994a4aa3ee,2025-01-07T05:15:09.497000
CVE-2024-10528,0,0,e18f91787a7b7b21f226c7e02b70dcb124a943b826e8ab41e00995ddf212c285,2024-11-21T13:57:24.187000
CVE-2024-10529,0,0,09425f1304014f480214fdc78529d3afec9b9229f4210dd5066c18fb4e21651d,2024-11-18T14:59:15.043000
CVE-2024-1053,0,0,edba6f19243ea494247333ce0355ab208593a904d055289e97a636713af04970,2024-11-21T08:49:41.450000
@ -243621,6 +243623,7 @@ CVE-2024-10532,0,0,f3826ce705d2650c9f0c8c72a6418942413100eab375a8315e8ccfd6195f3
CVE-2024-10533,0,0,723801c2a6b49d5fb26e61442e0ba52d6cb0cf007527bfd8af0f264000609c75,2024-11-18T17:11:17.393000
CVE-2024-10534,0,0,73693b37c20d14c201bbf833a0b376a95955ad7bec222e3a454bcf2d9cff25a0,2024-11-19T19:08:44.727000
CVE-2024-10535,0,0,496e3e4073abe2adad8b54d5ee745431f58893a256de2e44bb2f056357efc2c8,2024-11-08T21:19:27.540000
CVE-2024-10536,1,1,b7f90b63ed51a255637dd678ef409199eb3c89c4bd4b1acaeb7689e7f1b8f159,2025-01-07T06:15:13.920000
CVE-2024-10537,0,0,245f407c71543e9ed1f1e8091a091327bb8b8bb7a6ad44fab60dad856af50407,2024-11-23T04:15:07.663000
CVE-2024-10538,0,0,61014a490bb67ac6333227cbe080cbc3323afad1485db0781083c911c48fb77e,2024-11-14T13:27:00.400000
CVE-2024-1054,0,0,94b651608db3d30d3daebf6e295a99b6cb748f5b340c93c3e226c28c09fa8fa8,2024-11-21T08:49:41.570000
@ -243639,6 +243642,7 @@ CVE-2024-10557,0,0,e65f5d89b91c24f295e5cbd0f813e2ad8ed04df13cf96a919800b770566f3
CVE-2024-10559,0,0,16e3eab9e781d1e16f0d045b8d1d79bfb09e11f3fa816a22b4936c2b8431f9e3,2024-11-01T20:43:41.070000
CVE-2024-1056,0,0,af182e17efd4af1cb9d6458d1d7d67974a36b702d2e517ba61380bf6c671d68a,2024-09-19T22:06:32.340000
CVE-2024-10561,0,0,2bfd240be58df048fbf99413f7d4286366df5405b43b9b75120456be9297f833,2024-11-01T20:42:12.303000
CVE-2024-10562,1,1,d7c95a3831dfff851e9ee43d43dd6c5ce77c641b46f6a2531ccb0389cbb9078c,2025-01-07T06:15:14.120000
CVE-2024-10567,0,0,a04d3f3d999e2b2d50068629e658949590c474642a1d298fb74a13508e02b197,2024-12-04T09:15:04.177000
CVE-2024-10568,0,0,29a6369be6bdec3fac3a49600567225eff324bd19cbe3ade1e99b53075e8cfa9,2024-12-12T16:15:11.250000
CVE-2024-1057,0,0,82d074eff87805c0c8af6f292d67be991df4f6c4e8e298eece318c63dbd97000,2024-11-21T08:49:41.890000
@ -244231,6 +244235,7 @@ CVE-2024-11281,0,0,90e2bd5c8205361ece3136c81be65d202c124421a44b94b51cee816a97580
CVE-2024-11287,0,0,2b855907be08ce91eab121bf5a3c8cc1d79ede49cf458848842325e314d36b25,2024-12-21T07:15:08.053000
CVE-2024-11289,0,0,1d2443a1a9242c04e29818ad13875ac1c58e80e7866f1501dec4b2d1a8559f61,2024-12-06T10:15:05.450000
CVE-2024-1129,0,0,cbf5818dce2e4cd60590d30546d905436cb36b8ec16eeb56ee9382ffddfc0bc3,2024-11-21T08:49:51.773000
CVE-2024-11290,1,1,e7ad334eff31d82a070c36355409378c2a340aba72b63bc5936a92701d2b3571,2025-01-07T05:15:11.117000
CVE-2024-11291,0,0,537e55bae46f427a177aa5b81903c72ee380b93be35511ba50b6e055b27fd914,2024-12-18T12:15:08.710000
CVE-2024-11292,0,0,44d76ae9b7e309446be6c076fee918f16faf12f6eba1bd4aed88a2108eee73db,2024-12-06T09:15:05.993000
CVE-2024-11293,0,0,963e5cd86fd8964150efb764dabf7f60f1898cb3eb1113839b414494aefc5068,2024-12-04T08:15:06.343000
@ -244271,6 +244276,8 @@ CVE-2024-11332,0,0,36669df4e93715465b64ec1799e55f470058053e193a811269619d8d50b4e
CVE-2024-11333,0,0,00c71a7929b275d875b9539b6f0a2f4cc66b516eced93f3c2cfad9bb181a4a5b,2024-11-28T09:15:04.170000
CVE-2024-11334,0,0,f7fc893b8a37cca506fd20fe68edd8509ed855f99666ff9db346702f3632cf66,2024-11-26T17:33:49.477000
CVE-2024-11336,0,0,f6d676d5a427fada73f852223dfd1f8d78278266b2c8c37478ab18b05a16f6ad,2024-12-06T09:15:06.323000
CVE-2024-11337,1,1,d6c57a7b2a87a73b03ef11ff0046f61e713fa6cfa164ff233529c7c3a7cb7a83,2025-01-07T05:15:11.320000
CVE-2024-11338,1,1,ec8204656cc22ec13151c9e49136d87eb07f40b422d082cfeec81e80190914f2,2025-01-07T05:15:11.520000
CVE-2024-11339,0,0,79f980d1c213f37a017402750a78ab5a89012c4a7d884549e17aee2fe1c2fbb1,2024-12-06T09:15:06.497000
CVE-2024-1134,0,0,3b9e316f9f09adef1cfd4f6b3383505dbc9180172570e63197eb1d9f1f72ee08,2024-11-21T08:49:52.330000
CVE-2024-11341,0,0,fe8cd85d684fa85647e91e6c807d0d3948596661a708a57f08c30a79715842f3,2024-12-05T10:31:39.520000
@ -244290,19 +244297,26 @@ CVE-2024-1136,0,0,f1cac8b5fbb038c0eb6351f127c8e971963556b8c2146fbf8d7dfc6a2c8abb
CVE-2024-11360,0,0,659b24fc81e4938ca0374fdfc531183f0da8359af24c60f66cd39ca705cc7b8c,2024-11-26T17:36:08.113000
CVE-2024-11361,0,0,a258bcb3f99fb669d7603f67eec83a19db748f78307acdbf1ea168f7db1a2de0,2024-11-23T05:15:06.673000
CVE-2024-11362,0,0,600c443b489e86c090d64bcffdb5d5e1bea467b36951abaa22635fe3a3274b4a,2024-11-23T04:15:08.617000
CVE-2024-11363,1,1,bfb0dfdef7c6d3b282356c80e7d6779e97ec88abc92f394a4b4005dd8db6fff7,2025-01-07T05:15:11.713000
CVE-2024-11364,0,0,0396ae45ab0b0575c4ca72d73e097c290e7be2140385b973fdc69f4be12bf72f,2024-12-19T21:15:07.427000
CVE-2024-11365,0,0,0e66126dac632663f20d3d9475ab7eeeaaf1783cab23902c99ae23613a9ecef6,2024-11-26T17:43:23.240000
CVE-2024-11366,0,0,eac89358fd6d61e1ab632fc5133430774b50e5a3fa0dd5cf3b695ea3fcce5bce,2024-11-28T09:15:04.313000
CVE-2024-11367,0,0,eea02b3c7a7e23b6b50200379882a96782686712f1c754d90239651a5f9c3034,2024-12-07T10:15:05.453000
CVE-2024-11368,0,0,bf7c67e11e8f973c6ac3bae21678c3dfeb626f80e34696e9e29adffce5777903,2024-12-06T09:15:06.810000
CVE-2024-11369,1,1,cc028b0b8654e597f7a1137244a46d41015f40f300b7c16ffb6a086d7c1bc1ba,2025-01-07T06:15:14.233000
CVE-2024-1137,0,0,9367f9a1347684403f58a1a7490fd736dd1a246a1ba5d989931872114e882ed8,2024-11-21T08:49:52.723000
CVE-2024-11370,0,0,dd87b64b129f6809c8edd7b234994b231659964606722e4f84f6ae489936a5a5,2024-11-26T17:53:22.707000
CVE-2024-11371,0,0,940d4acb1660319dcaf9e79be7b51b02d713b6710d41c4a41d256d4b90485073,2024-12-16T15:53:39.657000
CVE-2024-11374,0,0,a5a1e58c0241313798d5870304d6ab4fd613b7c8d39f72ddd8edd6b514e2a94b,2024-12-07T10:15:05.643000
CVE-2024-11375,1,1,e93fe4d3fb55901ffef81f61cf6ce0920f198810a19e9d79d72540eb82944d98,2025-01-07T05:15:11.907000
CVE-2024-11377,1,1,c378228a7068075a7054247c60c32355d91968a7950f45c90e033cea36544b34,2025-01-07T05:15:12.083000
CVE-2024-11378,1,1,18095b8d5c21fe9a8c8cff6f50477871c4e9fef3253129a500baad5debeb9de5,2025-01-07T05:15:12.270000
CVE-2024-11379,0,0,9fd00eb3fec3062cfc458a7971d09425d25dcca0c806b20326864d85b70adea6,2024-12-06T05:15:05.813000
CVE-2024-1138,0,0,786863f5efe71d0a9eaa305ef044215c6743ec975f6d66476179ca38c53c9996,2024-11-21T08:49:52.860000
CVE-2024-11380,0,0,52c94407ad753b2016f621791a7f1633d66f164c5a8dac9de6950cc921a3f13d,2024-12-07T12:15:17.897000
CVE-2024-11381,0,0,a7d4461ea9ceab9b31844e38e2e81774bc12f8098e9baabb5b46b5f6a98e8fc8,2024-11-22T06:15:19.643000
CVE-2024-11382,1,1,df85d7e3403a61740b0f7988e30b29460f9aa19d1c808298873a699eef4bb356,2025-01-07T05:15:12.457000
CVE-2024-11383,1,1,0bd752b29e1d721279f3a057a12cad20bb26b751fe22cdc457a198866064150b,2025-01-07T05:15:12.650000
CVE-2024-11384,0,0,bd09d80eb823d8832deb7b6d31dd08e4639583550e7acd4a531e328e5f289803,2024-12-12T05:15:07.527000
CVE-2024-11385,0,0,b8c574c75cf2cea00a757d377dc474503f06328c73f6861f0cd8dff47b3ce271,2024-11-26T18:04:49.077000
CVE-2024-11387,0,0,cc2575267c0624c2d772e7a1294628b14be17e17456ccbcf14c82a61dc7cfdd8,2024-11-23T05:15:06.833000
@ -244348,9 +244362,10 @@ CVE-2024-11430,0,0,b0bcffc10889655fe8c165f80a3f8fb6f3146129ea2141fee920ee16fca85
CVE-2024-11431,0,0,feb39bbdcc42acee380b1ac31c5228441eddfd07fcd54b90d4e5cb1d376f9671,2024-11-28T09:15:04.470000
CVE-2024-11432,0,0,23ac14594d755e6c7a831370f44441d1aa2fbce3d7125bf0c721d30eaec68d84,2024-11-21T13:57:24.187000
CVE-2024-11433,0,0,d7d2b17ecf1f1820c7a169038fcd2102a16fa9aa18d9b8e0d8b10a268cadf048,2024-12-12T04:15:05.990000
CVE-2024-11434,1,1,a4e08407abbf2939073244c3877ebd9c63018f78cc8086c2579f03e753ee837f,2025-01-07T05:15:12.873000
CVE-2024-11435,0,0,1380b27cd2035f7566d8c3a22d2255debbb483bdbc16e31011480f4da4fce733,2024-11-21T13:57:24.187000
CVE-2024-11436,0,0,d9ba482fa12f5a77f1e6d71752538b4ac13c80723176e1f973fa002876475cf9,2024-12-07T02:15:17.980000
CVE-2024-11437,1,1,3b0251b583011184b79fa07b5e9f572dc3fbc9ec947d6b93edcf5e5a1fd4c171,2025-01-07T04:15:06.150000
CVE-2024-11437,0,0,3b0251b583011184b79fa07b5e9f572dc3fbc9ec947d6b93edcf5e5a1fd4c171,2025-01-07T04:15:06.150000
CVE-2024-11438,0,0,f8be712e8ca0c6e2e4ec7ab8e5edf4587d3042f01694165651aa92a3bd58aa58,2024-11-21T13:57:24.187000
CVE-2024-11439,0,0,14a4773754279132bb32a6fa7230c5939b3fc3419bb20a864a23b6dac394549c,2024-12-18T03:15:24.583000
CVE-2024-1144,0,0,abce3af1982b67316bbd44c97fc519435f8a2ffe156205161918695ae799390d,2024-11-21T08:49:53.953000
@ -244358,6 +244373,7 @@ CVE-2024-11440,0,0,f7fa3eb74eeaf205f9272a5dd5c90b4e40423e1f48cb0e4f0c2b5ed6bd678
CVE-2024-11442,0,0,3be9d0f63b7eda8d31b9090ec24b06639190cf0bc4f30335348dc6f41a62dbe4,2024-12-12T04:15:06.157000
CVE-2024-11443,0,0,b1e1426998d283f5f97b1a941caf6cbb78096874880f807e7ae5caada1ad2ae1,2024-12-12T04:15:06.327000
CVE-2024-11444,0,0,18f08a8b9d89a6b1657bb8fc8be414487944593dc8b5fd0eb0cfac993932f20a,2024-12-06T09:15:06.977000
CVE-2024-11445,1,1,b7699ebb298dc958148576bbd05af7dee25f44254cb4a80a299d911c54c1606e,2025-01-07T05:15:13.077000
CVE-2024-11446,0,0,9324a77eacac49b9db503ff17f0de8de50ddb46f09871e23b3695c4980427c7d,2024-11-23T07:15:04.820000
CVE-2024-11447,0,0,bd53c50380b55196efb74cff3fad5c24687f184135cfde8b6a52ffe6934cf7cf,2024-11-21T13:57:24.187000
CVE-2024-1145,0,0,71ba2561916ff383446b1b9365376abadae467a3a4b7425691a59ca4e4176804,2024-11-21T08:49:54.097000
@ -244376,6 +244392,7 @@ CVE-2024-11461,0,0,e598452d44c671acacd0d9bb3b2f7ceb59d795e3e0bc7e2684d3f27a73f6a
CVE-2024-11462,0,0,aafe3276077f02d24fea97371a1b232043adea60a1125c651c2eb01e801d85ea,2024-12-14T05:15:06.560000
CVE-2024-11463,0,0,ad17f3fab6bfb40a789d68c4383c6c0e1f14efa77f86cc521d310c195559f395,2024-11-23T04:15:08.893000
CVE-2024-11464,0,0,5828db9c008addcaa10da0b57e51f0230f10838dab3e51e60f8d2fcb9d133719,2024-12-07T12:15:19.567000
CVE-2024-11465,1,1,a7833ead3ce05afbec7f42c6ab0288abc60f4b5def9fdb7cc868ee53cc9a959b,2025-01-07T05:15:13.287000
CVE-2024-11466,0,0,36ba29a0e83960f183cdc1bb8910604befb538a9ed8bdd074a88ef8b7f706e46,2024-12-04T08:15:06.523000
CVE-2024-1147,0,0,7c585dad4e071b38d649d847ff37c79a25a5d07f7a32720dda50f90a08541bc4,2024-11-21T08:49:54.360000
CVE-2024-11477,0,0,3e8ae99590c1aecc53c52bff36b8f44bed9b32563a126fb58a5303ed844daede,2024-12-11T19:23:36.800000
@ -244397,6 +244414,7 @@ CVE-2024-11492,0,0,7c533f23fa1db5a769500a8b417234e977cff0ed0689b5e9b1d4408fa39bc
CVE-2024-11493,0,0,d49eb92c8c562ba2101f389cdd764449ac518734f087aed95f5fe12a18b9ad3a,2024-11-22T18:07:31.973000
CVE-2024-11494,0,0,120185b1f5452b090fd317862ca91721f9197720b68abdbed625f37e80933fbd,2024-11-22T00:16:41.223000
CVE-2024-11495,0,0,9c4e4a6f33e735c288ef4e55e53a3e0727ff8f6642201545ed0c9f418349e2e2,2024-11-21T13:57:24.187000
CVE-2024-11496,1,1,671b48e7ae89f914c749666b0ef4666f0000e18a3aaa7a05669aeee7d89ddf7e,2025-01-07T05:15:13.480000
CVE-2024-11498,0,0,7272009b792fcdecf70fc17a50bede0518cbaf4c2694bef021eda391707cdede,2024-11-25T14:15:06.607000
CVE-2024-1150,0,0,1edff0fc21d5f22172836448fdcc7da772ab8a792f462f53ba0bc1c0fbae9271,2024-11-21T08:49:54.780000
CVE-2024-11501,0,0,6aa155b5e971a466b4f7473002330671c6add4e056433a95089c7dc638a9cf0a,2024-12-07T12:15:19.783000
@ -244499,6 +244517,7 @@ CVE-2024-11599,0,0,a26c993827526d1af73bfe90f868b9bfb9a722b6b2267b567215827aef919
CVE-2024-1160,0,0,12b04de1fea0a3119efc89b33ba5d2f3d172880f1becfa13297009e56b4efb45,2024-11-21T08:49:55.987000
CVE-2024-11601,0,0,51a555e6d26623f2054da12f000d146e4e1662608f2c3f75f4d4bafe7cada303,2024-11-22T06:15:19.830000
CVE-2024-11605,0,0,60d00021c065e6f38e758db8986f6f41c042a104c692f051aa09c9422ba7d5c1,2024-12-27T19:15:07.253000
CVE-2024-11606,1,1,8acdf1f93f94dec6f06145e6dbcc04add41c7af3a7c8e9a88142b21b37b1486c,2025-01-07T06:15:14.427000
CVE-2024-11607,0,0,64db1cb50de786964ba95a2d2de30c3c373b3627734b2fcf18c662efd5d3b19e,2024-12-27T15:15:09.637000
CVE-2024-11608,0,0,8ddbc230a8730b76ffe6955779ba3c4d90ea8f23edd3f564c2db516009c0d0dc,2024-12-09T18:15:22.580000
CVE-2024-1161,0,0,68cc61ca71a85d6059ad02181ec1fb4a89655dbd3db8900d271e7a26ec14fb67,2024-11-21T08:49:56.127000
@ -244568,6 +244587,7 @@ CVE-2024-11687,0,0,5e77fbcd46b583a4f084d8bcc3492702fbc8999eee40cfff605d5263f17d5
CVE-2024-11688,0,0,8d8a43b07b745617ea451bc11d9802776a561f6818ffe3d6e83d98ef6a879a1d,2024-12-21T10:15:06.733000
CVE-2024-11689,0,0,083793777007e12786b393e59e70bbd36f5df589b4b26e2949eb5844a08ab45f,2024-12-12T04:15:06.657000
CVE-2024-1169,0,0,7d005e1e32dcb786dc145e0dc1f4f8a0f524691319a7051d5e1a67ddcb23a460,2024-11-21T08:49:57.153000
CVE-2024-11690,1,1,64d108b29567f27e54fa807da12df37326bc2cd355da96d7ac4d20d7fa8e41b1,2025-01-07T05:15:13.677000
CVE-2024-11691,0,0,36fe8b3d1feccd057ef27ddd17979a52004da0a9606d16fdfdb44bd6d5656bc4,2025-01-06T18:15:18.373000
CVE-2024-11692,0,0,9269d1047de5ccf3bbe848f7300e55c4147a58cfd139cb6b7f723bc7b81e3d4c,2024-11-27T16:15:12.530000
CVE-2024-11693,0,0,e0fdce984dc3054eba0934c78141d5d7d4f14af64b3544f5156b2322b39ad19d,2024-11-27T16:15:12.753000
@ -244621,12 +244641,14 @@ CVE-2024-11744,0,0,d39b5f592014fd4a2278c647fc2411f75d3865150415b86b86bc4d90ea41f
CVE-2024-11745,0,0,96069305de6ef8812783ef245e2f61d86d985db42c36cad22c8d389adbd7e8c1,2024-12-03T15:25:28.847000
CVE-2024-11747,0,0,3759ff4fc6bacdbc93b41c30e49e712686d53794386a1c516e9d37a83c4db995,2024-12-04T03:15:04.933000
CVE-2024-11748,0,0,e7645e460b472de84c1c6d90ad8d3f118aede3a0d553d462a4edccc0cf16cb19,2024-12-18T03:15:25.943000
CVE-2024-11749,1,1,a34162dc3441bb7233fb0884b31b8ff8fbbb03f89d39bb90fd94d6fefe6b50b2,2025-01-07T06:15:14.713000
CVE-2024-1175,0,0,f997875411f4ee3836569f05e6ded063f5984d7986ed98f909a5423e1a302ce0,2024-11-21T08:49:58
CVE-2024-11750,0,0,7ad8eba5e612b45089b0006a10c8f5004dc37025f0797564ad303213ba0cd10f,2024-12-12T05:15:09.577000
CVE-2024-11751,0,0,cbc44290cddf15ae35c92a8e4b75351046563158eb1fedf91f48e5c8b200a32b,2024-12-14T05:15:06.923000
CVE-2024-11752,0,0,c48a168f2b3a172a5086d93afa4f6d610d49141a00f07210bee49dcaa523a5b5,2024-12-14T06:15:19.210000
CVE-2024-11754,0,0,115157a8a0f024c3ba84de7edd359cbde1e25041eace45096f12b0e339d7e447,2024-12-13T09:15:05.630000
CVE-2024-11755,0,0,c883abaefa6170cee64d3b62a0d846726e75234488258495594582792094520e,2024-12-14T05:15:07.100000
CVE-2024-11756,1,1,61a3f10bbfe20c57d2a9ef3bbe71f843c6e92a6387f10cd46d5720b2e61f0cf5,2025-01-07T06:15:14.943000
CVE-2024-11757,0,0,1bc7aae07622ccc6a4b7076dd363e7b8ecfc55de5a0f36b46f6f6ac7ac916966,2024-12-12T06:15:21.367000
CVE-2024-11759,0,0,721c2f6fdff65f13ac54d162c1b8bb0f862a88123dec2155aa18c28dd98f712d,2024-12-14T05:15:07.287000
CVE-2024-1176,0,0,ade3cc69c20caab05c727481cc0ec5f568a186d8a0d855f0f768d9d6ccfee82f,2024-11-21T08:49:58.123000
@ -244645,7 +244667,7 @@ CVE-2024-11773,0,0,8f508701342909bb3125bf0e1fc423b8efe31d0b55b4e2a3bdbbc0d7a1ff1
CVE-2024-11774,0,0,2f351d61aa038a49c773ab74e882e8cd2203f9cf3f3df13c0faa462f8ee3a46b,2024-12-20T07:15:10.393000
CVE-2024-11775,0,0,0be2b5775aa12c2634dedea0534264de5c8544551afcfc7760cb6a86958e9dd8,2024-12-20T07:15:10.597000
CVE-2024-11776,0,0,db96a767ae984aa946e97339afd57034a67d2d93961a6fe48dad1a311ebfe8b3,2024-12-20T03:15:06.420000
CVE-2024-11777,1,1,3f98ebf065259973e17593034b9da476d62f4f3a8b02a7ab11c065a411f92301,2025-01-07T04:15:07.200000
CVE-2024-11777,0,0,3f98ebf065259973e17593034b9da476d62f4f3a8b02a7ab11c065a411f92301,2025-01-07T04:15:07.200000
CVE-2024-11779,0,0,66ab9533cf27509ff85b54c7dc6f857efc44402b9c1a2b7fc4f1c1fbd8a0b4e7,2024-12-05T10:31:39.980000
CVE-2024-1178,0,0,455b49ccf992fe53bd03a32d9f022f083f7714cf103a3dd0d2ba2a085047974c,2024-11-21T08:49:58.357000
CVE-2024-11781,0,0,c0e6be58a4f2f20ed752d41934ec31e6ef434c9b40a727cf73a45e49f6a0c1d4,2024-12-12T06:15:21.940000
@ -244680,6 +244702,7 @@ CVE-2024-11807,0,0,5b0564826b05464c314eefc84d6d7fdc2dbd57c9a7cdeff75f8e6a6bda0d8
CVE-2024-11808,0,0,75f519afc7bb5c87c20928e7143a36463cbcdb95ed65cf999a2b84cb633366dd,2024-12-21T09:15:06.037000
CVE-2024-11809,0,0,1f74a5fd4084e6ffe9713972c542683f1719819d3bb81586e87aada1d25da361,2024-12-13T05:15:07.127000
CVE-2024-1181,0,0,75e84367823a14869b96be5d2a44185a42194134ed6d728c2cc873c3b47fce46,2024-11-21T08:49:58.703000
CVE-2024-11810,1,1,775a4e17b3ca89ee87e40ba7b3f55729ab9fad21bf924c3b2c39e4cfdaa24581,2025-01-07T05:15:13.883000
CVE-2024-11811,0,0,de10a3ae4822973dd993404053b9029fe9aac56c38d9c3c2b8c2699bef5d0ac0,2024-12-20T23:15:05.590000
CVE-2024-11812,0,0,df32cc25c5bb5c5dcc725bf487d9704dded6625df8d19e9336934b5d64e1e261,2024-12-20T07:15:11.373000
CVE-2024-11813,0,0,47a3a35561cd3c4cfbe2425cc2aa9f8596afbe4dae47aa0811b6748805370891,2024-12-04T03:15:05.227000
@ -244739,6 +244762,7 @@ CVE-2024-11882,0,0,c14c2af9493e334fe3da2508e7ca83b6d319f8d382e00a76baaf2e7e94429
CVE-2024-11883,0,0,3efb818468ee15a4b72e48a1c8061e4502ee7a82e825630c64edf1ae726709d5,2024-12-14T05:15:09.440000
CVE-2024-11884,0,0,cc9f4dc6cbe1c2166ce740e309ba0401705b8efb2b8ab841325213a1f1dfb2c1,2024-12-14T05:15:09.640000
CVE-2024-11885,0,0,04f2670653faa6c8c44289cb974ffa09eb74041d205c6bf3342ab059c2818d96,2024-12-24T06:15:32.093000
CVE-2024-11887,1,1,8b88650a2741ab60c92c9d798a57f51f935fc2d2aabb3493ceafeb16c58ef1d6,2025-01-07T06:15:15.147000
CVE-2024-11888,0,0,8a06477d55991ecfcdfbbbe13cfc5cc7673a7932d3eb8f15153aab2ef7344e32,2024-12-14T05:15:09.837000
CVE-2024-11889,0,0,c40f4924de6b0709ad2ac4ea75e730ab583fde8e75b7967e6c96aa9146701117,2024-12-14T05:15:10.030000
CVE-2024-1189,0,0,3e2c1a3fc9f24eb6eaedd5adba4b6f521645b93b8971a5e9477fe83a4ee5ef97,2024-11-21T08:49:59.850000
@ -244748,7 +244772,7 @@ CVE-2024-11894,0,0,9e31b28fa56a41e12b82fdf98576d9a13777f5eed7b6c3fc1f71a85af109e
CVE-2024-11896,0,0,34f349ccc91bcf6d6c27bb81a454efc17924954cfa878d33ee370546a785a3f4,2024-12-24T09:15:05.663000
CVE-2024-11897,0,0,63c2369fafd5da048dd57864988be95602290ce10df0f51d423ab54c866c15e0,2024-12-04T03:15:05.380000
CVE-2024-11898,0,0,e843212abf00805a20f8b4b65b36c01f75cc2096cf65f2d0e7899f11eb517a82,2024-12-03T08:15:06.857000
CVE-2024-11899,1,1,2d9622bde30df58f2b333ce412c343551a1059bea7bd567b64028a464b5ac3e7,2025-01-07T04:15:07.350000
CVE-2024-11899,0,0,2d9622bde30df58f2b333ce412c343551a1059bea7bd567b64028a464b5ac3e7,2025-01-07T04:15:07.350000
CVE-2024-1190,0,0,234a49a5e7705658abf0b6e88d111180ae34b962c9b1fcba39bd09bd939fee39,2024-11-21T08:49:59.993000
CVE-2024-11900,0,0,907cc46cf6ec9c4d3d9c16ef3063c98e3f05e3d3fbaf96bdac5c807705a3d6e6,2024-12-17T00:15:04.917000
CVE-2024-11901,0,0,b4f47b708bd6950d29700a0fa25685f0a500c1152f87b15c0f3253f7e0b084c7,2024-12-12T04:15:06.817000
@ -244771,7 +244795,7 @@ CVE-2024-11928,0,0,4eb81c3b991253e17b093831750d2f60d8030675796e16e7e29cc29429037
CVE-2024-1193,0,0,dfff57fc9ce7a1dbebe4335de503e2f3e62619c8f53eebdea960e5ff40a71456,2024-11-21T08:50:00.427000
CVE-2024-11930,0,0,3d6f16686fbf2f10ff523adfd2c8cbb605e12592056b32937532511e03efa5aa,2025-01-04T09:15:05.880000
CVE-2024-11933,0,0,ff719b80c8b04b1955877df42e564ce90eac2c09e4f59c20e785f18a1e8804d6,2024-12-03T16:04:10.350000
CVE-2024-11934,1,1,df49356b7407c6592fac7ee78248ff2dfb17d24355b0e22b8f9a7697c9ad6729,2025-01-07T04:15:07.520000
CVE-2024-11934,0,0,df49356b7407c6592fac7ee78248ff2dfb17d24355b0e22b8f9a7697c9ad6729,2025-01-07T04:15:07.520000
CVE-2024-11935,0,0,f2a8d43d6f9999d38415d9b41f66ab77f7c4f7c94de5d0bc77beeed93d88f487,2024-12-04T13:15:05.910000
CVE-2024-11938,0,0,6867b7d1c50742be481431f973c83467fcdb9442488abece06649b31c7a1e61f,2024-12-21T07:15:08.453000
CVE-2024-1194,0,0,2ad6fa2abb4bb109947132f87b19e7c09219cf51535c19102f3cbbfcba6ba405,2024-11-21T08:50:00.573000
@ -244840,7 +244864,7 @@ CVE-2024-12014,0,0,d63bd7a401a8fb5ede49d9de357706a50a82cd2bae6c930cf8555bf9a9cab
CVE-2024-12015,0,0,d5a693fd232b1e3fbc53d72a834e39c83a435aa6e5ae231752c351acc22ca6db,2024-12-02T14:15:05.383000
CVE-2024-12018,0,0,593c05ac2f3dac4339301164983c309f8de674e944577becd0f305b7e0d23ef0,2024-12-12T06:15:22.737000
CVE-2024-1202,0,0,a098cbd545693e5d361995e28174ffa246c4ae019a07a45a38ebe2abdfe163e3,2024-11-21T08:50:01.790000
CVE-2024-12022,1,1,08c553a81c76cd8c361877e5f844a3ca91d6fad54d361a7829130df17ee98a64,2025-01-07T04:15:07.677000
CVE-2024-12022,0,0,08c553a81c76cd8c361877e5f844a3ca91d6fad54d361a7829130df17ee98a64,2025-01-07T04:15:07.677000
CVE-2024-12024,0,0,653613587e608bd6caaf8de2305d76e365d1bc24ca72c717531373600ef68f49,2024-12-17T10:15:05.643000
CVE-2024-12025,0,0,48a6a81843ce463d9a84b144c8201ecb34a901e35178968cb10c7b2b1d7242fe,2024-12-18T04:15:07.347000
CVE-2024-12026,0,0,cbdee4f4d341b218f2a9910c9db7c968e1470cd32e93684865d3bd2934d626d1,2024-12-07T02:15:18.520000
@ -244854,6 +244878,7 @@ CVE-2024-1204,0,0,52c83c0f4289636bc1afd18cb37875b782729e90167239cc1a53f532e5633e
CVE-2024-12040,0,0,82ff661fdb988bbdc555297e0b0d4a5a42a6c3fde3cb51373bdf40b4e4dd0633,2024-12-12T06:15:22.947000
CVE-2024-12042,0,0,b4111492e93c9126d488ebee36a5b9ed9603a0917a66407440ec106154a8d6d8,2024-12-13T09:15:07.370000
CVE-2024-12047,0,0,b519fe3aa5ce2a0ef1dc7a25def83e3d7d75fdf22001ebe45f82c1494b6008ec,2025-01-04T08:15:06.157000
CVE-2024-12049,1,1,1681f5b0744998dc98b0ac8383ab3f305ba3143c966050706a7a972316fca8e2,2025-01-07T05:15:14.147000
CVE-2024-1205,0,0,7a555763b4ee56426377ab020ddc9dc79c7bd15b9be6f5edc39ecd5779b4ad33,2024-11-21T08:50:02.210000
CVE-2024-12053,0,0,bc2b289301180bd6933809c4de004e58bcafd2b88fa0501ccb1750c43496ee92,2025-01-02T17:47:20.023000
CVE-2024-12056,0,0,d7fbaa89c201679c30b80d6484a6860abf01d1ecc41424a8e0b08b504062cb8c,2024-12-04T15:15:09.700000
@ -244867,6 +244892,7 @@ CVE-2024-12064,0,0,5bbffd5016c2c66c65f1cad07469a2c9304ddde32e6765225186e453c653a
CVE-2024-12066,0,0,b8b74ff74daf8006195a72a7866cbbcaf66d537ba02c482e9dfaf1c6e82963a9,2024-12-21T07:15:08.907000
CVE-2024-1207,0,0,7ca2a33c54192dfcfa7fe7f99bed16fbfa1215b4ac8ba5de485b890ce26af06c,2024-11-21T08:50:02.457000
CVE-2024-12072,0,0,a174c14ab62255e805373ea4d76cdd13bc3d9cbde3ba4a3927979f9e7d419d41,2024-12-12T06:15:23.383000
CVE-2024-12073,1,1,475cbc36cb5ae8f88984192a7bf4a297e0f4afe77d63eaa7029ef51bd04b08b1,2025-01-07T06:15:15.367000
CVE-2024-1208,0,0,3c4b0e7895c1837530e812c9d592f58958b18ef870d236a49969dfb3f5e669a9,2024-11-21T08:50:02.590000
CVE-2024-12082,0,0,d67c450c190c0364d4b144dcd382bc569f8e4f4f12ff2a960005828e083c85c7,2024-12-11T17:12:56.793000
CVE-2024-12089,0,0,e4693d0f49f7bcd8f49a3c46cbf99b45117c9aeb9696a4344a79bacac3eaba78,2024-12-16T15:15:06.250000
@ -244876,7 +244902,7 @@ CVE-2024-12091,0,0,35c9100407a2a2f03cc09233dbdc35208e548ffdd088d484bb9b374c740b5
CVE-2024-12092,0,0,6cedbb52bdc4fd872b35781acb98ac9a9b54d520c5d29f314ba42350997260f9,2024-12-16T15:15:06.677000
CVE-2024-12094,0,0,918109c0341953bed354c9dc0c1e3bf994d002b139d0d147a6756e1d0b4180c2,2024-12-05T13:15:05.923000
CVE-2024-12096,0,0,a0b37dcc639d983cbff8481184c987ae3b7851e6c867f94b52bee5fdf38bc784,2024-12-24T17:15:07.497000
CVE-2024-12098,1,1,b63726c5152f425567a10a211b5f28fbcff6e537525be9d0cac5349c5e9b327f,2025-01-07T04:15:07.837000
CVE-2024-12098,0,0,b63726c5152f425567a10a211b5f28fbcff6e537525be9d0cac5349c5e9b327f,2025-01-07T04:15:07.837000
CVE-2024-12099,0,0,82c97da21165b875b9d77b9a11ed031ee03fad8a14b90d2e80c74afeac6e262d,2024-12-04T04:15:04.287000
CVE-2024-1210,0,0,f5a9389cac94cbfcfa3f0d961d1ea27115bf7afa331ce2988db15dbaf2efdf76,2024-11-21T08:50:02.867000
CVE-2024-12100,0,0,5d9bee140d619efc5bcb5724e98abb1747cc29824dfdae10a66de74940256d24,2024-12-24T06:15:32.830000
@ -244892,6 +244918,8 @@ CVE-2024-12115,0,0,e6944683813361fa4999b92dbfb5849d2d0c20bc3f6186b671317bdf28394
CVE-2024-1212,0,0,c6c0d98b39fe69ac963e13ef16e93aec1a62abd1466de44e7788f638a4921cfa,2024-11-21T08:50:03.010000
CVE-2024-12121,0,0,03702b315699ac0a86731f33a73d0aefd1ecc16bf8d72dc7730c1bb362033b62,2024-12-19T02:15:22.610000
CVE-2024-12123,0,0,3314f70340307f7968d2c224d2753ec462f128bd5dd04a8f7d840d35f281e69e,2024-12-04T04:15:04.430000
CVE-2024-12124,1,1,0fd98c73daa8d1ce9959268c0475817b20b4d7ca8ce2793643bde29f6970a1fc,2025-01-07T05:15:14.340000
CVE-2024-12126,1,1,b0f00c4bf0b4302d6115af0d6af3b97db152c00b497d912443ec3c39ea9a8c54,2025-01-07T05:15:14.533000
CVE-2024-12127,0,0,5a71954d556e5e4eca59c6ef18b25e4cca9d5062e24f45d25c54cd9cd408718b,2024-12-17T10:15:05.830000
CVE-2024-12128,0,0,c4db33033b659bed09aac37afde730f735bf98fa121412b3aa3432fe49f39a39,2024-12-07T10:15:05.843000
CVE-2024-1213,0,0,71ef51029e532fbd05d5ffce04ca88ce9c1183a8c328c139d7f9dd3d163c9edb,2024-11-21T08:50:03.180000
@ -244899,13 +244927,18 @@ CVE-2024-12130,0,0,05811205e7cf6b9d5db685121cc1c0a1d80fffaab6e459b31891b300ff7df
CVE-2024-12132,0,0,80a7c8d496b1886913eb9109e260df5ae2c0aa6f78d2c4d5ff0aee7f1f0cf7f0,2025-01-03T09:15:05.983000
CVE-2024-12138,0,0,8d975d6d21268c978bf38e4ecd10070b486d972f9cb2bde16883c51e239ae6fa,2024-12-04T14:15:19.413000
CVE-2024-1214,0,0,006edfeb44add0513d6df0049d407da5a783feee7b6e41af090a449d9f26b334,2024-11-21T08:50:03.383000
CVE-2024-12140,1,1,84cf86e00b498546176b727137ac2a768edc827afd618f9d2c61ff836fb1f63c,2025-01-07T05:15:14.730000
CVE-2024-12147,0,0,0ebd2d9e73219a39fb6777c8b0dc3255058db7114ec6ee0c20c337fec7f9520f,2024-12-04T18:15:11.803000
CVE-2024-12148,0,0,2d82ecdcd1ae8b06b2bbc4387f4ec8d5588d3a1672ec54422fedc0a9fcb34bf5,2024-12-05T19:15:07.473000
CVE-2024-12149,0,0,6cea541fb8390eb73924fcce3986b6c54a0134049e02ebc343dd9227319eb6b2,2024-12-05T19:15:07.627000
CVE-2024-1215,0,0,4329416f300d2c475797311e08de13347ae9dc69f951944050207e3d4abf36b5,2024-11-21T08:50:03.560000
CVE-2024-12151,0,0,958cd3e076f1ea17ca0ad827def723dfad6dc87ee6b3f8172337cf6f1994be20,2024-12-05T19:15:07.773000
CVE-2024-12153,1,1,22e2967fc47cf53b1f6950bbe994a9df52e94c829c300fca48f8d4054f6ee1bf,2025-01-07T05:15:14.927000
CVE-2024-12155,0,0,a9bad28298e0ff298ba13b998a693d2b1a968d7ec52abbb9a976f5fdc4810431,2024-12-06T09:15:08.417000
CVE-2024-12156,0,0,2e2ae1d329cdc90aba56d374ee329c37f84e6225dfe0fbd4afb09b6a3021715e,2024-12-12T05:15:11.163000
CVE-2024-12157,1,1,a19dadfc4fb54967c2955b5bead8bafcc01853ab1ae25fb93fbec84bd54e4d60,2025-01-07T05:15:15.133000
CVE-2024-12158,1,1,25ed1c3814406cad8f35b5c4879838e5e610bcc4431220e1731829bc6b113176,2025-01-07T05:15:15.323000
CVE-2024-12159,1,1,64e61826ab5c5975d420658cde528c10f1d1f6efa904e496d8ad1f5937e1f6fc,2025-01-07T05:15:15.527000
CVE-2024-1216,0,0,2ac4284b62a708a705b7ab9ac6ff4ec2f3952b584d951b1f83e5c9b3524c781f,2024-03-21T02:51:38.760000
CVE-2024-12160,0,0,2c6191a6a825b29c030b8d3eb20fe09ec5c665c03e8080de9d738d6bc79c2538,2024-12-12T09:15:05.220000
CVE-2024-12162,0,0,74000f06bf15c8250a3d3772859e4a16bab71460bbdb53ca978f73d57f64b12c,2024-12-12T05:15:11.750000
@ -244913,9 +244946,11 @@ CVE-2024-12165,0,0,565f6113f161726a36dcd8f87106f931ffa1dad23df770638714143fb4529
CVE-2024-12166,0,0,318717b4a3842e9291a2442fedeb1198ccbbca486552d6b1e9ef8aa65b1bfc3e,2024-12-07T02:15:18.923000
CVE-2024-12167,0,0,648fdeb771c33890685bfca6029b01ac44a17697a1725a67472f5321f6e1f66d,2024-12-07T02:15:19.057000
CVE-2024-1217,0,0,3de4593a5f9b417a5fbd6236f528d532a8a6dfb588724578487cd5ad8c5d1072,2024-11-21T08:50:03.817000
CVE-2024-12170,1,1,7d6479dc0709ea7976092a5192eec7c92ddc670f347c515df955cd001fdcfaa2,2025-01-07T05:15:15.713000
CVE-2024-12172,0,0,71dcf4ad1517a839187dba7f34de208b20f0af666e791340d3555b8bf199e319,2024-12-12T06:15:23.587000
CVE-2024-12174,0,0,d557284551bec104067ec802c1680b85a8fd3b4f89f1ebaca3a04bd8bacf5eb2,2024-12-09T22:15:22.237000
CVE-2024-12175,0,0,20611cd6daa70118d224218791ec5441f3e7f7d13ba5742f58eed508c2484c9d,2024-12-19T21:15:07.530000
CVE-2024-12176,1,1,f3a72da294d6ed072e2856bd39515dbd185e3dc49192b20d3a26e3837057e448,2025-01-07T05:15:15.900000
CVE-2024-12178,0,0,85097aaa964ca63d98736b6294a6f2c33aab0e7c117a2f19277506f724b552a8,2024-12-17T16:15:23.687000
CVE-2024-12179,0,0,a0a65d195e49bd7b826852d9b69fa37a100c8cceb44f5eceb7a4713ebca18c3a,2024-12-17T16:15:23.870000
CVE-2024-1218,0,0,ae65e02be37dbc9babfa45210656ff360cc199b16c8680945f92dd585fedfbc3,2024-11-21T08:50:04
@ -244941,10 +244976,13 @@ CVE-2024-12199,0,0,c4a94d94cf3a0ec0f1a10765eb1371db0ca63357c63383a89961385697ea9
CVE-2024-1220,0,0,9554836c8027e0b7a98d02c469b0640f37340ff8518df5c7c53c1851829f880c,2024-11-21T08:50:04.733000
CVE-2024-12200,0,0,23413f89ab73dcfe4f53913520af84d44004f8074e56a4f24db9e34101f9d57a,2024-12-17T16:15:24.897000
CVE-2024-12201,0,0,24aea21415169e4ceff164eedb7fa32646ef24d523e6e014144846720c08c29c,2024-12-12T07:15:09.607000
CVE-2024-12207,1,1,76c8fa95f11590dc49aa5b062e9bb5af48aaa9477d134f7c1609580bb8e1c8b2,2025-01-07T05:15:16.080000
CVE-2024-12208,1,1,e03ecc3884be8ef44ef5a077ba53c4a05754ec74a94b603c1e749a21b3975365,2025-01-07T05:15:16.270000
CVE-2024-12209,0,0,965d45920161ad8379a478313464ecb572a2b8b8ed1bf056a1646168e0b8105f,2024-12-08T06:15:04.823000
CVE-2024-1221,0,0,c833d2d1840e5e81b3c325295532e3c4cac8ba514abb434d638a7c419bdc43e8,2024-11-21T08:50:04.920000
CVE-2024-12210,0,0,fcdbe73e10e5bb8e25626395e1c0b8dfb21d78601eb91a6e83c928772c0881ff,2024-12-24T06:15:32.973000
CVE-2024-12212,0,0,4068a90166bc858f8bfa4c7fe1dbc180f7e4e033930f31a1b74471c9abd7763b,2024-12-13T01:15:05.810000
CVE-2024-12214,1,1,e5bb0332e0fe01f5cc924fbc7ed5aea720d65c55a0e9216597df8548b18bb334,2025-01-07T05:15:16.470000
CVE-2024-12219,0,0,30a275e193bbba91aa16bdcd2e01caf0ae8c253910825d417094094009d7c6a9,2024-12-17T08:15:05.010000
CVE-2024-1222,0,0,ff0f67607974451388d42ae6b90b2e9690717b801a6493a4e7aa508a94c6883e,2024-11-21T08:50:05.110000
CVE-2024-12220,0,0,5a9af5863bd9968393d1012c1c5f5fb4875db98205155149f405e76579a2b19e,2024-12-17T08:15:05.393000
@ -244967,16 +245005,20 @@ CVE-2024-1224,0,0,cbfbaa5b4f0e1c410530412d727d5bf58dfe126bd3d740f330bf5c6e93a065
CVE-2024-12247,0,0,ad117a7da5529073984608210b9ebf0c8357341e47d0f7a47c01f4275cf4ac25,2024-12-05T16:15:25.243000
CVE-2024-1225,0,0,1335eabc5dc5752fbd7f31a11bdeda2f1be9be2c21abaca809140eabb8940f2a,2024-11-21T08:50:05.673000
CVE-2024-12250,0,0,e5f748db33ee246e1110b31eaf24b071ff8e9ad960657a91bc37454c3187e14e,2024-12-18T04:15:07.657000
CVE-2024-12252,1,1,d2a36d6f8519946aa283013662310c3484c591468bc446e63c62515e57b10fb1,2025-01-07T05:15:16.660000
CVE-2024-12253,0,0,ddc85ae180bc30a65db67a43f7fe8d6c4299882333782166c00f6946fb3a98d4,2024-12-07T10:15:06.030000
CVE-2024-12254,0,0,6372ca23e9b475efcbc80401e5929ada552ac002068d1a3c23d690a8cfd8b99c,2025-01-06T18:15:18.713000
CVE-2024-12255,0,0,3e6ee7ef8ecf957b3c9750bb4e9452362942858fad7f6d35e3c4d339eaa5898b,2024-12-12T15:15:09.967000
CVE-2024-12256,1,1,91c1dfa0d3f9166fdc561fc70b740d210ee69feddbaebc652f41556e6e501ed5,2025-01-07T05:15:16.857000
CVE-2024-12257,0,0,51052901a7cca4cc3e08f8db1db23715b8800d7e5a86753505efbff635c332e0,2024-12-07T02:15:19.187000
CVE-2024-12258,0,0,3eb19625a1330fc72081e9c0b05d899d6c52aedf5334c3f98a645064595ca085,2024-12-12T04:15:07.160000
CVE-2024-12259,0,0,e9a04546160f01ff787a627ab63ead177a9297f047c69a037836e7bcca93e425,2024-12-18T04:15:07.803000
CVE-2024-1226,0,0,b8e723228c95f73a75e74922943d4c7b5983bd824925379e4a1dadf0498e92dc,2024-11-21T08:50:05.893000
CVE-2024-12260,0,0,6279b3003f5c04cde3aca10d6cb551198f7d4f49319583b742575d1bffcdfccd,2024-12-12T04:15:07.330000
CVE-2024-12261,1,1,34eef7a15fa985b49a3130adeab4cc38db0c9ba3b02933fa45bb90b598ada31a,2025-01-07T06:15:15.593000
CVE-2024-12262,0,0,fa3931ee556920568b7665df357fd87a96e303a16aae692eb53618f8bcee485f,2024-12-21T07:15:09.163000
CVE-2024-12263,0,0,183574df079ffbee27d57051711c108d812463b16a94004cdf52784fa08d4f65,2024-12-12T06:15:23.960000
CVE-2024-12264,1,1,ac07b413924d52c19722b6b39f9a97f1b1b6f0599f1ea1cddba029abd74d6a9f,2025-01-07T05:15:17.047000
CVE-2024-12265,0,0,4ecaf6258b9c646985803002f662a35d37ddc850eb892429f8568423d5e8ff62,2024-12-12T06:15:24.143000
CVE-2024-12266,0,0,909ac121710013990590ae1f8a6d6364fd581e2e3e734e8055f1296c676eb281,2024-12-24T05:15:06.433000
CVE-2024-12268,0,0,57b1dbc34c4fad3378e18637f11a9af5fae95800fe2a5a30ffdcb7012568a613,2024-12-24T11:15:07.623000
@ -244989,8 +245031,11 @@ CVE-2024-1228,0,0,02a2d35b9c29d8600ba5afee210d0e6465f5ee41eb5d9edcafc9d5f9e15f44
CVE-2024-12283,0,0,27e00fa0bc574ce5113c52cfd02ee2100414eb1f36a7d99001797949356bf37d,2024-12-11T09:15:05.697000
CVE-2024-12286,0,0,a2cf97a2f897256d80732f72cb83c0245f2eb4e867cc795bfeda6550048be20a,2024-12-10T18:15:27.150000
CVE-2024-12287,0,0,3bd2321de0e3063fd87782574573766f363076382fc77605ade9039fc3997618,2024-12-18T07:15:07.040000
CVE-2024-12288,1,1,2b34fc8eb4709b34f9e1bbef958cf604197d6b5c8258b4549867810433c5a64e,2025-01-07T05:15:17.243000
CVE-2024-12289,0,0,13ceaf41c63ab9df769c06a97eb1837bd3475cf420d82b37c196bad01ff19ec0,2024-12-12T23:15:10.500000
CVE-2024-1229,0,0,8ad8bfe76844e757ec6d08a1bad2f097b99b608e965943a6e4928e217dfee4df,2024-11-21T08:50:06.520000
CVE-2024-12290,1,1,dd03ccb632ea5a012e06ec58307bf2deeeaadb86701f4e653ec52c31682a07e9,2025-01-07T05:15:17.440000
CVE-2024-12291,1,1,d1cef006451deb4726152dc84511fb1b2859c23efc3b6f16d98831e1cfaa0314,2025-01-07T05:15:17.633000
CVE-2024-12292,0,0,9c2e3f4715c47523d2f1e1d813aca821c280ab211aff2eeed6650ad59c376aa9,2024-12-12T12:15:22.470000
CVE-2024-12293,0,0,2953fa4e59ad0d89a9c80037ec9c293444942d58e596c71e3b8975df1192ecb7,2024-12-17T09:15:05.347000
CVE-2024-12294,0,0,beb757b9be530a21bd62fb0889c97c31013e2208ab8db98bc3384b757caf5365,2024-12-11T11:15:06.623000
@ -245004,13 +245049,18 @@ CVE-2024-12309,0,0,16d03882c6009566e79b9c8c2443055d4427c7f1e57279e0146963b711b56
CVE-2024-1231,0,0,b14e8b0a07bc5ec367647c5978c3a1256f30a8a16700580e77b0e0e8d9654fdc,2024-11-21T08:50:06.870000
CVE-2024-12311,0,0,815e3491f6c1f7b3abc4a4d287cec4a5fe89f53db46c7d87ecfb8135e71ecf12,2025-01-06T14:15:08.153000
CVE-2024-12312,0,0,81d22bd123230bacbdc2896ec02614f9266db15df91f1b6305d0718b6052467b,2024-12-12T07:15:10.090000
CVE-2024-12313,1,1,f95ad1b7ee5c9c8b1e6156101adb575b7211cb88ceaf5c60bae6d522015943ba,2025-01-07T05:15:17.853000
CVE-2024-1232,0,0,0724dcbb02c95ade7614aaa3e49113b53bf4da94f0e9ec3c91efd2f39f26e0e2,2024-11-21T08:50:07.030000
CVE-2024-12322,1,1,d1d1ba99e3248373db00660e43bd83c74463e7aba267c41381ae292bf15ed01a,2025-01-07T05:15:18.063000
CVE-2024-12323,0,0,06bea100acdfcead34fe4d931dfd21a64a280c25bd363945a1e09f063078f508,2024-12-10T15:15:07.300000
CVE-2024-12324,1,1,b690feec26da2984b756e7477c2a892da17cdcb52876c2b06d7ebd8d5f2c678f,2025-01-07T05:15:18.267000
CVE-2024-12325,0,0,46c6dbf8ab48a9529900a473106f832e082cd9f7d718e64a5c9e5edd2c3d133d,2024-12-11T12:15:19.200000
CVE-2024-12326,0,0,6214bd8c3b6441929fb143e430a818a70c0eda117c1da1c1d4092fdb062e916b,2024-12-06T21:15:05.957000
CVE-2024-12327,1,1,33b53efc3ce56f726d317632e9f42265ea308a0bd5237c993a51a1f8709d6c07,2025-01-07T05:15:18.470000
CVE-2024-12329,0,0,66dd2e3f2af8b0b1aca8274acaafc22644d93ff908c884984769d59605f22905,2024-12-12T07:15:10.607000
CVE-2024-1233,0,0,9d758d75169c31056a2dd99a6ff761ac0a3c179827b3dc598c6fb0d83614dada,2024-11-21T08:50:07.317000
CVE-2024-12331,0,0,1854f15311a9fd512bedfae9559249a253ffa3b6afc48825c570d85f65b5b458,2024-12-19T12:15:05.330000
CVE-2024-12332,1,1,9ade021f05f8b6e21164a241020abeabd975e39004cb00e9e2b83269848afc43,2025-01-07T05:15:18.687000
CVE-2024-12333,0,0,f9b36bf24b65a5eadc34be133c8efc135d615c6b77b9af6e424c71705bac5515,2024-12-12T09:15:05.390000
CVE-2024-12335,0,0,811e1f31fde162cfb07e19f2dc625fd9888bd35150e2bacee10a476425d11394,2024-12-25T07:15:11.980000
CVE-2024-12338,0,0,202a85d7d49dabb95d9680ff72787a60f1c4021e681feb9be8640c62beb774ef,2024-12-12T04:15:07.497000
@ -245047,13 +245097,15 @@ CVE-2024-12373,0,0,83b846beefe400aa9231cc84fd600de52fbf3fd7f422b967ec41c6b980048
CVE-2024-1238,0,0,61e2d99ce6e3dfa86afb8331abcc236f68b5fa34f245659f4f6216db5239b32e,2024-11-21T08:50:08.053000
CVE-2024-12381,0,0,68b33f6b694aa45ef73ff06945e737e58ccb7b1c7ea2cfeb4d826136c48b3d1f,2024-12-13T19:25:33.143000
CVE-2024-12382,0,0,f70294886a1865641a484753f3298929660ab1bd7002caff75777615f01f2e87,2024-12-13T19:24:25.137000
CVE-2024-12383,1,1,cef6b512c28673e57747095580f46f3d1a23cd2ac5dd948f3ffe8185e568c272,2025-01-07T06:15:15.790000
CVE-2024-12384,1,1,cd7118b6e6ac25f91cd1e0a0d2656f02763a1bb4ed18e9935c8cccb732d09818,2025-01-07T06:15:15.983000
CVE-2024-1239,0,0,a515a367dab4b48d00e7f390a15c0d107266b53b28358b9f5ebf3476b0a625f5,2024-11-21T08:50:08.180000
CVE-2024-12393,0,0,f3d3d4aeb55dacdbdda4d3e84dd9efd2b47893e24f5c1cd3a62a5960b9b718f2,2024-12-11T17:15:14.657000
CVE-2024-12395,0,0,75ff5ef98722c35fb11d383db877ddbb73a300c7cb334e918191d763e24090f0,2024-12-17T12:15:20.377000
CVE-2024-12397,0,0,661288be67552f431f0a0bf144bed2d313b12b592e50cdc78451d7c1272f6fb5,2024-12-12T09:15:05.570000
CVE-2024-1240,0,0,28733ede53b96385ee0de4a7c5187b3db0d925b1e4ab6e977522dc277dee75de,2024-11-19T19:04:53.913000
CVE-2024-12401,0,0,ba741c7b51198b95eba245807f65253a1c54ea777ddd918337cd97bd144396fe,2024-12-12T09:15:05.790000
CVE-2024-12402,1,1,8e35cfc4cf7a344abb45fa7331224e766525626c55ea5686a3d8b4838a76c51f,2025-01-07T04:15:07.990000
CVE-2024-12402,0,0,8e35cfc4cf7a344abb45fa7331224e766525626c55ea5686a3d8b4838a76c51f,2025-01-07T04:15:07.990000
CVE-2024-12405,0,0,631a04fc890c6ac2fbe1fd822df1e67f289f1ef7b029b11f0950a96d4993c03b,2024-12-24T06:15:33.123000
CVE-2024-12406,0,0,3a24bd925fcaee835bc0ee30f7ad38b16626ae1e5c8470fedd28227d3dd60123,2024-12-12T05:15:12.210000
CVE-2024-12408,0,0,c9a97800ebdc971055fe039c0934b7c899913355f0545cc6cb71b6253bd484f6,2024-12-21T10:15:08.067000
@ -245061,32 +245113,43 @@ CVE-2024-1241,0,0,ba82bb77c28ed45b324839e72710669d8c2af006c45eeed23dee90a28ff67e
CVE-2024-12411,0,0,fca8eab422ceda64b215d958b150a7f03625a9aa9df8afa22fe2b27e73430e47,2024-12-14T05:15:10.437000
CVE-2024-12413,0,0,fdd057a05387c9ace72d4ba4316c6065bf29813d0f1c7f4a169e0a5a81de204b,2024-12-25T04:15:06.607000
CVE-2024-12414,0,0,ecf25a2c3f536085b4d44f95471b078e2b7cb6ad454e7c12c9e7d103ff4fa2bb,2024-12-13T09:15:08.070000
CVE-2024-12416,1,1,435759be4e4ba56188ea7f6720fc32442a546d90f18b812fdb1df1c91242e1f0,2025-01-07T04:15:08.143000
CVE-2024-12416,0,0,435759be4e4ba56188ea7f6720fc32442a546d90f18b812fdb1df1c91242e1f0,2025-01-07T04:15:08.143000
CVE-2024-12417,0,0,bd175c91ae947c344e10a61ee40da01cd87015ebf65316b1689d31a703a65c78,2024-12-13T09:15:08.353000
CVE-2024-12419,1,1,1650645ff6c9400ef0ef895584325bbd55288f83ea55cd87214a983e3f37109a,2025-01-07T04:15:08.337000
CVE-2024-12419,0,0,1650645ff6c9400ef0ef895584325bbd55288f83ea55cd87214a983e3f37109a,2025-01-07T04:15:08.337000
CVE-2024-1242,0,0,d730388eb7530fa29fb11ce649456e01cfb020c8a1d70e87c977d44dc1314073,2024-11-21T08:50:08.620000
CVE-2024-12420,0,0,ae8d110f5efef295dc5d542d71461638a083f9c010e00a24758178ab1b247bfd,2024-12-13T09:15:08.627000
CVE-2024-12421,0,0,d0800edd844bf37ccee00fc76da3ec64bb2b51e717430e725122892ee39e78eb,2024-12-13T09:15:08.870000
CVE-2024-12422,0,0,27a2b7b5579aea6b626e898353e29adaf77dce7f7392fa2cdcdfb4f6d55292dc,2024-12-14T06:15:19.357000
CVE-2024-12428,0,0,0dc42c82097510dcd67ba200f4a63250bd059d1ff61bcff7d39f7b5f34a5af10,2024-12-25T05:15:06.920000
CVE-2024-12432,0,0,3d67b932349f6253a91fa970f1501aba586896a462aba17731bbe90a2499433d,2024-12-18T04:15:07.947000
CVE-2024-12435,1,1,0b924907debc21d874056d540a36b4cd28d4a499f8792c113a5d9122f40bd903,2025-01-07T05:15:18.887000
CVE-2024-12438,1,1,c9ef02addc6910fa2706e6be2c335f22d8f54b28a122931dc35a45fba8c72f96,2025-01-07T06:15:16.183000
CVE-2024-12439,1,1,55eb62afc9e2c987f37d9a895563de0caf2db1a105c514b897f15c77e7e1c9e2,2025-01-07T06:15:16.430000
CVE-2024-12440,1,1,0736cca2507be95826bc828631fe95b2052cff97e97230bd61b7c954f9609103,2025-01-07T06:15:16.630000
CVE-2024-12441,0,0,60177bfa0d9dcd79729d5ab6a51352067dd3b55deb7861fd956eb7f2cdfb3058,2024-12-12T05:15:12.703000
CVE-2024-12443,0,0,f07c0805b285e00ba917c2d7fc7d6d01900a808064fd2463aaf6cc786dd6eda1,2024-12-16T23:15:06.097000
CVE-2024-12445,1,1,9511fa1142d96631857d0b2e66eb9af0e099f14a7b2400b88b1643052a5ba957,2025-01-07T05:15:19.083000
CVE-2024-12446,0,0,b02d1d791b4cf7afeb09eb0c21565790a25f436f0af246a7f2fa3fcff09dc38c,2024-12-14T07:15:07.040000
CVE-2024-12447,0,0,5037bc53ba4fa77c34e124f2cad2eb5580f0278ba0adbdec7fe60ff9c399f942,2024-12-14T05:15:10.670000
CVE-2024-12448,0,0,4923580d5a5f99d530db30df1f25529a66e5faa8f94f1d2c65ae42b9f669a340,2024-12-14T05:15:10.873000
CVE-2024-12449,0,0,5fcc22f14406311e0fc83130f321673a9681bcd45ccd4b15a7e6df2428ef10f4,2024-12-18T04:15:08.103000
CVE-2024-1245,0,0,95e8542ba13fb11ab7fe96b21acceb5168a3d85655e46eadbf4243e255ea26c4,2024-11-21T08:50:08.740000
CVE-2024-12453,1,1,90bc8e9fa2cbca0591ac8c6d43563da6ce82cc131b5bb9f5968c2db02be70150,2025-01-07T05:15:19.260000
CVE-2024-12454,0,0,8d73661dfeacd698ba1638817b062fe681bc6bd2d9cfe150642a15e6ed3c799a,2024-12-18T10:15:08.117000
CVE-2024-12457,1,1,db204227c2f84d575524d235110aa5b07f19e67d61178d0039868898bda6c1a2,2025-01-07T05:15:19.453000
CVE-2024-12458,0,0,2c85dc279316bc1b4e93538e44ceb8987e74dd6cb51bbc5d16cad08865fed65b,2024-12-14T05:15:11.060000
CVE-2024-12459,0,0,83621c8a2cdeade953c2057764b3830fb57d2e52944bed7c2b576b695b57b999,2024-12-14T06:15:19.487000
CVE-2024-1246,0,0,1f374a88e5f240286cc1247b0f1cf35c16b35bebd909ebb6b31cd5f41f473567,2024-11-21T08:50:08.877000
CVE-2024-12461,0,0,f7bab5c2b1e2764e06dde5d0575615b7d6c222c7cf9c0439423d8ffeaa327299,2024-12-12T04:15:07.820000
CVE-2024-12462,1,1,822939e7a31cb5c516e488647a1655c7767f9105510a5811471dac40183f2d40,2025-01-07T05:15:19.640000
CVE-2024-12463,0,0,bf2ad951357546047d42b0aefb8a66347583691f5449e603983c94f9bac4eadf,2024-12-12T05:15:13.197000
CVE-2024-12464,1,1,fe64471b11df1c8aea2831428c22f4efdf9f68fdc40ab12fb9fcffe071303852,2025-01-07T06:15:16.823000
CVE-2024-12465,0,0,71cf8d099f9bc4306dd9d21cf13805ebee4cfad62908f99a6e3f6ef7ca285117,2024-12-13T09:15:09.060000
CVE-2024-12468,0,0,20d3be8a82fb7f9b6094ff27e59754b2c2151696c1841d3d96ac080fb2a03b3f,2024-12-24T09:15:06.227000
CVE-2024-12469,0,0,871c3c1e000bdae5610f745ffefecdbdcd7d22ba906daf923687641c197ab750,2024-12-17T10:15:05.997000
CVE-2024-1247,0,0,87dd54613b1838220658d2242080e8fb0b79934df6e5afef144b61ee319c0ba1,2024-11-21T08:50:09.013000
CVE-2024-12470,1,1,f5e5a45ffe482cca25de285855a4a74b00f4883aeec6c92dee418c81be8d8bf8,2025-01-07T05:15:19.823000
CVE-2024-12471,1,1,b5a121f6718d68ea784fc6742836a638f28d467feadf0e8b69507e5dc6176835,2025-01-07T06:15:17.027000
CVE-2024-12474,0,0,2858a766a8bcbd6035c2be4131a605cddb7bb17f787cc233f6060efa0069c36f,2024-12-14T06:15:19.627000
CVE-2024-12475,0,0,f15ae25929cc8f0bd288861c59cbb63f77614f57516a7a95543988715ffc6cd3,2025-01-04T12:15:24.650000
CVE-2024-12478,0,0,9740cd4243776bc4b985718131b1bfcc5e0a94370bd612144af92e9b380848b7,2024-12-16T11:15:04.890000
@ -245120,23 +245183,24 @@ CVE-2024-12518,0,0,e836e2bda2de8df1c322fb96b28c258a6308fb3f7a0cbb3b5a146ac83d3fa
CVE-2024-1252,0,0,d03beb126367df5b21be601ec7e2ecf5f48cece91d0754af14f589827736f3cf,2024-11-21T08:50:09.700000
CVE-2024-12523,0,0,185a41d328f0e130d8ed17ada12f64a855433449910369cbbb025fff8ce0f4d8,2024-12-14T05:15:11.640000
CVE-2024-12526,0,0,b192d6e45212a3c6d09a8a6cd2198d071bb3ba4da94a4e2bf151be7ad2c18324,2024-12-12T05:15:13.577000
CVE-2024-12528,1,1,b542d57e01c0c48ad9564b0890e0d12d29edb2156a8c53246e86bf7139add551,2025-01-07T04:15:08.543000
CVE-2024-12528,0,0,b542d57e01c0c48ad9564b0890e0d12d29edb2156a8c53246e86bf7139add551,2025-01-07T04:15:08.543000
CVE-2024-1253,0,0,a598e10fa6d530af6148de164d99995412d597f7142ead42d62b85e905a98949,2024-11-21T08:50:09.843000
CVE-2024-12535,1,1,b0034002c69bb854c515c85f47eb566bda639381994e791864e14498ccfc66d2,2025-01-07T06:15:17.220000
CVE-2024-12536,0,0,a925f1a48eff74b537962fd623796390384e9d276d37e7a9cb0d9ba10f9464b0,2024-12-13T17:14:44.007000
CVE-2024-12538,1,1,b01ad61b9334acc7635ec3132a042fbc3171b4976dc799538cae1899a313c7bf,2025-01-07T04:15:08.720000
CVE-2024-12538,0,0,b01ad61b9334acc7635ec3132a042fbc3171b4976dc799538cae1899a313c7bf,2025-01-07T04:15:08.720000
CVE-2024-12539,0,0,bf2bc8684b4967ec9692452689aaa296f660969c9ab0dd0ec9b638e64908ab0d,2024-12-17T21:15:07.183000
CVE-2024-1254,0,0,44df8e919ae544d26fc82110d33f6e7af1fff88011a3bcb100ca7209bc278c91,2024-11-21T08:50:09.993000
CVE-2024-12540,1,1,adba74440c12054a2b4aeaae92390c7293233c635a45305f713e588bc7755fb5,2025-01-07T04:15:08.917000
CVE-2024-12541,1,1,95de6c00a67fad2bff3a8f0a88abf7af44dc43fdcd8e0d9d6ce67499f6d10f94,2025-01-07T04:15:09.083000
CVE-2024-12540,0,0,adba74440c12054a2b4aeaae92390c7293233c635a45305f713e588bc7755fb5,2025-01-07T04:15:08.917000
CVE-2024-12541,0,0,95de6c00a67fad2bff3a8f0a88abf7af44dc43fdcd8e0d9d6ce67499f6d10f94,2025-01-07T04:15:09.083000
CVE-2024-12545,0,0,5409af2cc867f9cbfaa0048cd65660c930731d490c0e60928807d15814cab2e6,2025-01-04T08:15:06.363000
CVE-2024-1255,0,0,5935182eb4eb024c7cf7e3cda464e0c74472c4e58bc0030bb090a2a8f708b72f,2024-11-21T08:50:10.150000
CVE-2024-12552,0,0,8443c6d0851e2c1de6fc0e2780c54c711d712f43dce29b5a9fc2e07cff55adf4,2024-12-13T23:15:05.553000
CVE-2024-12553,0,0,cd61f311646d40093b2eea8b09f233e945a3d877e60c1a1abbe43e2cfcd9ea6a,2024-12-13T23:15:06.310000
CVE-2024-12554,0,0,03325541f88792da1f6e44f52ff0851958b98ec9e3aa0b4c7708f85287495a8a,2024-12-18T10:15:08.493000
CVE-2024-12555,0,0,2e017ff0ee33b0c8a472113c693bd6d33089424aa43829233098413c47eb605b,2024-12-14T05:15:11.827000
CVE-2024-12557,1,1,c9c6d6d60fa1e63d0c31dc33ceb551ab46ad22cb114705bc0dfb08def0caa40b,2025-01-07T04:15:09.260000
CVE-2024-12557,0,0,c9c6d6d60fa1e63d0c31dc33ceb551ab46ad22cb114705bc0dfb08def0caa40b,2025-01-07T04:15:09.260000
CVE-2024-12558,0,0,ff1dd3178bf5e061322cf2e1a359f721c0d270a183cd44116b64f362a8103982,2024-12-21T10:15:08.600000
CVE-2024-12559,1,1,f54cf3f9991327e38603b9f68b85ad1beb15e578526394c2a7bc1915ca2539bc,2025-01-07T04:15:09.433000
CVE-2024-12559,0,0,f54cf3f9991327e38603b9f68b85ad1beb15e578526394c2a7bc1915ca2539bc,2025-01-07T04:15:09.433000
CVE-2024-1256,0,0,ea8829298a5ced036094d7fead955f33827bc36bbc0a7f87a81ee1f95b95b282,2024-11-21T08:50:10.293000
CVE-2024-12560,0,0,d33290fc3e54f51dd78cb0afaf9a18e8538f72db9dd0f598ab5a68b55bfe89a1,2024-12-19T07:15:13.507000
CVE-2024-12564,0,0,0abcb221861e5fc99f1edf43c59fea9ce50a3b4bd68b4b9a5961d76741772172,2024-12-12T15:15:12.097000
@ -245154,9 +245218,9 @@ CVE-2024-12582,0,0,bbfe1aae814f308a85392c13709691d46da248e6458c80cb519b63fa483aa
CVE-2024-12583,0,0,6c1f345fbc3f1cc53302e61a1dfbebbfcc1b6c1ee5d98cc4a9e3c7ebaa7ceed3,2025-01-04T09:15:06.090000
CVE-2024-12588,0,0,9ef4dd85f085f6ba612688cc14a2c49d05248e20e75bd2d7bdd4aff39b5ac0f2,2024-12-21T09:15:06.233000
CVE-2024-1259,0,0,1c6bb100fc9cba505c4d696801bfd3102c508e530bb2e36c86a6685675278bd7,2024-11-21T08:50:10.730000
CVE-2024-12590,1,1,78caf08663857a2f888f89c4842ba777750ad04068c078583ff87671d3a13c4e,2025-01-07T04:15:09.607000
CVE-2024-12590,0,0,78caf08663857a2f888f89c4842ba777750ad04068c078583ff87671d3a13c4e,2025-01-07T04:15:09.607000
CVE-2024-12591,0,0,ab3753b6008fbe3e6034e40f9f857196cd212596c7c67b4ab270eba30c140899,2024-12-21T10:15:09.177000
CVE-2024-12592,1,1,f7078feab8fa5eead0a6efa9f90d4e3b58439abfb00aa0f348c4b0049b74503e,2025-01-07T04:15:09.783000
CVE-2024-12592,0,0,f7078feab8fa5eead0a6efa9f90d4e3b58439abfb00aa0f348c4b0049b74503e,2025-01-07T04:15:09.783000
CVE-2024-12594,0,0,594b37b561926a174996b6f220ac2c193da316e698a771fbe44cfee2e4625e76,2024-12-24T06:15:33.297000
CVE-2024-12595,0,0,d10767ce84f7e81d5a6ad487503289a59f4d01b86cd7eb0b224ee74e49237f41,2025-01-06T21:15:14.003000
CVE-2024-12596,0,0,5fc66f30988060a8b7bb1a593c82bd6c3fc2c995268e617c35d93ef410dc9a09,2024-12-18T04:15:08.253000
@ -245171,6 +245235,7 @@ CVE-2024-12626,0,0,dc01f58442ef4eb4425488c755c4a1d0852a1ed618c4541c829e9e2584781
CVE-2024-12628,0,0,f48463b1ecdc4a2ff76d188b8ae44a2e0e32ef1e929dc806ea33e24839d1432f,2024-12-14T07:15:07.213000
CVE-2024-1263,0,0,1ded99eb7dd7c25043d30fb557b1a5799a79150045deb56dc782cc48f4b0c898,2024-11-21T08:50:11.303000
CVE-2024-12632,0,0,b2981d9ae0d79f88557270498f7d8919df56f26fc08631dba371165f9d0f4233,2024-12-13T21:15:09.317000
CVE-2024-12633,1,1,ac69292f6a12c945fd607e3ad86b3344f43286244c6390a44a1c51cf13345366,2025-01-07T06:15:17.417000
CVE-2024-12635,0,0,3c7aa75fcbe7aad344d7ab6a29830b91315b8c91a45f35c3746137d636be222e,2024-12-21T07:15:09.380000
CVE-2024-12636,0,0,42a82168ce07b7a4b358fd4a7a39c0f3a390399d55754f2ae0215aa2892ce194,2024-12-25T05:15:08.067000
CVE-2024-1264,0,0,0a400b50d7c5417af4540851d66c40fe9607cfb1bbd030ca37354551feca3778,2024-11-21T08:50:11.460000
@ -245277,6 +245342,7 @@ CVE-2024-12843,0,0,e0d63d5eaa72fe482e9688112e3425396d4210ce7c52333ca08afb767873f
CVE-2024-12844,0,0,5c87a9ff55812bd16a6653ca7a057210dd46c019a4746aa2ea360cfc1b225b08,2024-12-20T21:15:07.833000
CVE-2024-12845,0,0,6db3f79a15d2d76db842fd5e3307555a4b420c54dce4b03038fc42d43c0c515d,2024-12-20T22:15:24.727000
CVE-2024-12846,0,0,e4c252bde2ca9af2e00706946ce2eb14da53254be655d485961e368b0c87d8ac,2024-12-21T05:15:07.373000
CVE-2024-12849,1,1,1ec1f74cc5622df60afc70cfedb69ebca5791587da5e6e97ed85991f051e26c4,2025-01-07T06:15:17.607000
CVE-2024-1285,0,0,f377c2065ba4ae04295fe1855da43b832210575f04c4c7725642d3c9965142c4,2024-11-21T08:50:13.903000
CVE-2024-12850,0,0,075205b205303999a6a29790d3e10f6b915eaaea804fbc90dec0f08e9b7ce1f4,2024-12-24T10:15:06.033000
CVE-2024-12856,0,0,9babd12091bd3794c40f556b84241a138bc1e45b107552b0272431ce40e98129,2024-12-27T18:15:23.677000
@ -273931,6 +273997,7 @@ CVE-2024-7691,0,0,6dad0c769fb572b88a068528267f61949164dc392b80af6f168258a6b2c7f6
CVE-2024-7692,0,0,4b38ff30e017e91d8a002928077306fde8ee04d0be5e9045460020d6ccc3af22,2024-10-04T17:14:50.990000
CVE-2024-7693,0,0,dd3e43863a4776bf6aa9cee54c3310fd08dfe98f5bd8663ebc12432cb7153f16,2024-09-06T16:51:35.647000
CVE-2024-7694,0,0,3a2582a984429d8c89c3dd71bc863aef01ff80b7baff4f3e3f71f54998d90a46,2024-09-06T17:24:42.573000
CVE-2024-7696,1,1,35e2703a3580e34793b0adb47636435a97e9bc261b606487fac86ca26d6b5071,2025-01-07T06:15:17.827000
CVE-2024-7697,0,0,122b8f72aeda3c5b2d61460f1dce24bd382a6f877b1c3f9efb3e322459b58ee0,2024-09-06T18:04:28.030000
CVE-2024-7698,0,0,28382cbcfd0fa7ea6a7d15c9ccdd01abba2e948df9ed5ab95948fe232327814d,2024-09-27T19:39:43.350000
CVE-2024-7699,0,0,69660c01a9078b1bb8b8ba16d42135a8912e2caf5b6ecd54d7bddf6785b1e596,2024-09-27T18:59:31.277000
@ -274890,7 +274957,9 @@ CVE-2024-8849,0,0,0734151af4af8138bcdc00f593bbe5da7ce0eb57042fd20edab1406815b87a
CVE-2024-8850,0,0,6a79107655be2c071c14b8c23b6123b1889673d27ef57475d913bb60daea2138,2024-09-25T18:49:53.397000
CVE-2024-8852,0,0,30058a9af3dd7a32997e52bc92060be7a6e41d470611028e31f3fcdaf7d3bfbb,2024-10-25T21:20:11.410000
CVE-2024-8853,0,0,8a2f5d1c05cc9b3a3da315856bc11b5532339e2e37b2d0099ab6a7be83232255,2024-09-25T17:49:25.653000
CVE-2024-8855,1,1,1956de983d46a6371dc4df62437b92a6dda5a74fa8a190c1f8e671dfd2de38f5,2025-01-07T06:15:17.977000
CVE-2024-8856,0,0,9673197f029df18178a4a1f715fc7a70f5066ac5587142a3b689de66b2851e04,2024-11-21T16:15:27.633000
CVE-2024-8857,1,1,c66b32372d1b3863f228a54c316a3ef7200e64698f2924a997c32bd7dfd3d8b0,2025-01-07T06:15:18.100000
CVE-2024-8858,0,0,ad81041fe495a196e9577347167ecfba5a083a17b0628925776a883bde8de8f7,2024-10-02T18:41:29.067000
CVE-2024-8861,0,0,b142f8cdfb1b389115184b8221537238e047c24179b6739e896f736e2c2081f9,2024-10-01T13:41:27.213000
CVE-2024-8862,0,0,1a8961f8693547b26bd383d0fe2e24176b66436d4aff5322938219edf5b87168,2024-09-20T15:47:10.697000
@ -275162,6 +275231,7 @@ CVE-2024-9204,0,0,a5160d78b40684d13a0abe78f0110c3f251288d3f2bddb167ad6ebb658dbfb
CVE-2024-9205,0,0,5ae9601368f3bcca980df59978014460b19f7164118a2dcd7e7fa2f27092d41f,2024-10-15T14:16:53.337000
CVE-2024-9206,0,0,be3e1f94144fc51753cd1bd12f56737ba31549963e7e6380e7b5eb5483568304,2024-10-22T15:27:08.847000
CVE-2024-9207,0,0,e5525b1e8a190b78c38e7b4cef54f1aa80674fbb3d5f5e4081838d7246c5a623,2024-10-10T12:56:30.817000
CVE-2024-9208,1,1,8b3dbb760a0e82ad95960e955d1108019621b24f631ebc05a17db587462510fa,2025-01-07T05:15:20.790000
CVE-2024-9209,0,0,23750bdc4f9c650f82cd685942246dc8c2f4c461cac57cfd6b7d60cb94f7fe7c,2024-10-07T19:20:32.777000
CVE-2024-9210,0,0,c4e5f9d47e14247e63a2b18a451c4a1ff64faf127742a99345638ca5cbe6f226,2024-10-08T15:34:42.060000
CVE-2024-9211,0,0,9f3db3fbfc8b77df31c04200f6e0f4fd68502b04da49c90d6b1017cd48a111e9,2024-10-15T12:58:51.050000
@ -275502,6 +275572,7 @@ CVE-2024-9633,0,0,464719aabf82d4c51da737aba0ef58dd3d7e243c61253713abe30460682816
CVE-2024-9634,0,0,7b5dabf15ae54de4daab48b64d2e27f430eb55d7ab2217a5e19376e8531d6f32,2024-10-16T16:38:14.557000
CVE-2024-9635,0,0,9f77fd7ccc96fa6d4c00f44465f9f4a309bfc7a2ae1c26c3627ef0449f3c9e02,2024-11-23T07:15:05.027000
CVE-2024-9637,0,0,0f4d16db68000f66da50bae84c41a0f228004e7436fcad95d0969905f72e932a,2024-10-28T13:58:09.230000
CVE-2024-9638,1,1,ce33c4b600ed06e2e65e1d9a56a164be7402004966f3e2fcb3141277ce238c60,2025-01-07T06:15:18.217000
CVE-2024-9641,0,0,1af3f797b9845e72a30c1ec84ed9cc9350f350e1f0f00ee15b2f0dce5766f023,2024-12-12T18:15:28.297000
CVE-2024-9642,0,0,e785c942bfa480a7574dc49561aef989c60cf4146a0b8eb964f23c4e5169b91d,2024-10-28T13:58:09.230000
CVE-2024-9647,0,0,fcdcaf92364c0d2df50a52f6773b32a5c3346fda1bdd5380b00168c49162a8b6,2024-10-16T16:38:14.557000
@ -275542,8 +275613,10 @@ CVE-2024-9692,0,0,c09412d3ade796bbe36fcbdc283e7a2ecfb61423341d9a573b10de9b4af8a9
CVE-2024-9693,0,0,96c2aa2e3e432eefa572dcd34b83d0c8393d8a6c0331136462b7a8bf8e88cb01,2024-11-26T01:57:19.427000
CVE-2024-9694,0,0,300f71d40bb815a23c3a0bc83a96e03beb3f23d9fc0b94128148bd02f8e753bb,2024-12-03T03:15:05.123000
CVE-2024-9696,0,0,a1a81fef8596ef3bd11bad2b6e9730354c1de3321eb96ce84006b7785432034a,2024-11-25T20:42:32.327000
CVE-2024-9697,1,1,399cd7720335615817bca30ac608e0ddb27bbd480d1c83b425b8abf638174f48,2025-01-07T06:15:18.330000
CVE-2024-9698,0,0,4bf686193ae48864cd34920ebab8db56c7a750eaeae4b44accdb14ce30e1b3cc,2024-12-14T05:15:12.987000
CVE-2024-9700,0,0,e1d890043f9e82a1a371785886deff7f019dc3e23b5dc60dcf4df22bf1134a31,2024-11-25T19:57:41.387000
CVE-2024-9702,1,1,95a99dd11fa5e921a92645d6f5e952b53257bf8f9fd0658cd67408dcd38bc530,2025-01-07T06:15:18.597000
CVE-2024-9703,0,0,f74b8eb4f5c30abc9348d860f43a1acf838112c918b3b24a8823031e5bd757fc,2024-10-22T15:25:27.887000
CVE-2024-9704,0,0,447028db9bd5f1d3bac8b55d44bb1a06edbf3c8e5b267ad90ca35dbb527f8371,2024-11-25T19:19:22.113000
CVE-2024-9705,0,0,d3e6e0cdfa50d1f44cfdccc6623bdd59d96e39c6b3b67c956a243ca7bda34dec,2024-12-06T09:15:08.577000
@ -275871,4 +275944,4 @@ CVE-2025-22387,0,0,9dd5c36f62757a631fb5a2b118d56ec31778a4d5c7b66059ba094bd093cfa
CVE-2025-22388,0,0,7b76724cf59a9c67f325da6bd673f3f15746ba083c4bc35be8117d11c0a0d8b4,2025-01-06T15:15:16.307000
CVE-2025-22389,0,0,50d6eaab20c8259cde700c821ce2570def076c6cb2eb277d3379fa3f59f6550e,2025-01-04T03:15:07.580000
CVE-2025-22390,0,0,36805a833480d9f50dee34ab32e5ed9b2707017fd5287eb5a8abd68b1059bfbf,2025-01-06T17:15:48.170000
CVE-2025-22395,1,1,ac5db0ebc696fbb0c57e43b4ad48f0832ef7eb798546a738d8afe72cc61eda1e,2025-01-07T03:15:06.047000
CVE-2025-22395,0,0,ac5db0ebc696fbb0c57e43b4ad48f0832ef7eb798546a738d8afe72cc61eda1e,2025-01-07T03:15:06.047000

Can't render this file because it is too large.