admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-30 10:10:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-12-14T07:00:20.653527+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-12-14 07:03:42 +00:00
parent b2038e48c3
commit 9233985109
39 changed files with 2369 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
CVE-2024/CVE-2024-106xx/CVE-2024-10646.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-10646",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-12-14T06:15:18.863",
"lastModified": "2024-12-14T06:15:18.863",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form's subject parameter in all versions up to, and including, 5.2.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/fluentform/tags/5.2.4",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3203147/fluentform/trunk/boot/globals.php",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/41c2ec31-360d-4145-b0b4-77d4d1d4b8a1?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-106xx/CVE-2024-10690.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-10690",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-12-14T06:15:19.057",
"lastModified": "2024-12-14T06:15:19.057",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Shortcodes for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.4 via the 'SHORTCODE_ELEMENTOR' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private and draft posts created with Elementor that they should not have access to."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3207001%40shortcode-elementor&new=3207001%40shortcode-elementor&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5debe121-6373-4b56-8441-f0d4a5920089?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-110xx/CVE-2024-11095.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-11095",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-12-14T05:15:06.370",
"lastModified": "2024-12-14T05:15:06.370",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Visualmodo Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wordpress.org/plugins/visualmodo-elements/#developers",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/49005688-fa40-458d-9c96-5ec2ca7adcd3?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-114xx/CVE-2024-11462.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-11462",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-12-14T05:15:06.560",
"lastModified": "2024-12-14T05:15:06.560",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Filestack Official plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'fstab' and 'filestack_options' parameters in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/filestack-upload/tags/2.0.0/lib/admin-settings.php#L103",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/559a94d8-527d-48b3-a917-461ebfa012bc?source=cve",
"source": "security@wordfence.com"
}
]
}

72
CVE-2024/CVE-2024-117xx/CVE-2024-11751.json Normal file
View File

@ -0,0 +1,72 @@
{
"id": "CVE-2024-11751",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-12-14T05:15:06.923",
"lastModified": "2024-12-14T05:15:06.923",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The TCBD Popover plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tcbd-popover-image ' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/tcbd-popover/tags/1.2/plugin-hook.php#L110",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/tcbd-popover/tags/1.2/plugin-hook.php#L75",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/tcbd-popover/tags/1.2/plugin-hook.php#L86",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/tcbd-popover/tags/1.2/plugin-hook.php#L98",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3b08f533-9c74-4be3-99ff-70a3d9b90358?source=cve",
"source": "security@wordfence.com"
}
]
}

64
CVE-2024/CVE-2024-117xx/CVE-2024-11752.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-11752",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-12-14T06:15:19.210",
"lastModified": "2024-12-14T06:15:19.210",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Eveeno plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'eveeno' shortcode in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/eveeno/trunk/eveeno.php#L150",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3202716%40eveeno&new=3202716%40eveeno&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e254f0ba-9008-44e9-bf8f-31c9614d6f64?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-117xx/CVE-2024-11755.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-11755",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-12-14T05:15:07.100",
"lastModified": "2024-12-14T05:15:07.100",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The IMS Countdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown post settings in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/ims-countdown/trunk/shortcode/shortcode.php",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2de22728-4f67-406c-9db5-33cbba4c15eb?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-117xx/CVE-2024-11759.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-11759",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-12-14T05:15:07.287",
"lastModified": "2024-12-14T05:15:07.287",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Bukza plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bukza' shortcode in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3207300%40bukza&new=3207300%40bukza&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3e348b24-4c49-43ed-b4f3-b31f0f709830?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-117xx/CVE-2024-11763.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-11763",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-12-14T05:15:07.457",
"lastModified": "2024-12-14T05:15:07.457",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Plezi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'plezi' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/plezi/trunk/includes/plz-admin.php#L590",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/67768957-45be-48d9-ad5e-147290ef4cd5?source=cve",
"source": "security@wordfence.com"
}
]
}

64
CVE-2024/CVE-2024-117xx/CVE-2024-11770.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-11770",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-12-14T05:15:07.627",
"lastModified": "2024-12-14T05:15:07.627",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Post Carousel & Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'post-cs' shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/post-types-carousel-slider/trunk/includes/ajax.php#L71",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/plugins/post-types-carousel-slider",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4cc038af-c4c8-4141-bbe3-81bcf0a2bace?source=cve",
"source": "security@wordfence.com"
}
]
}

64
CVE-2024/CVE-2024-118xx/CVE-2024-11855.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-11855",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-12-14T05:15:07.960",
"lastModified": "2024-12-14T05:15:07.960",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Koalendar \u2013 Events & Appointments Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018height\u2019 parameter in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/koalendar-free-booking-widget/trunk/koa-wordpress.php#L29",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/plugins/koalendar-free-booking-widget/#developers",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cbbbf5fe-0369-4de6-9b2f-957286b6f394?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-118xx/CVE-2024-11865.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-11865",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-12-14T05:15:08.150",
"lastModified": "2024-12-14T05:15:08.150",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Tabs Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on tab descriptions. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wordpress.org/plugins/tabs-maker/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/284c5646-7728-45bd-9479-483c806ca804?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-118xx/CVE-2024-11867.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-11867",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-12-14T05:15:08.343",
"lastModified": "2024-12-14T05:15:08.343",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Companion Portfolio \u2013 Responsive Portfolio Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'companion-portfolio' shortcode in all versions up to, and including, 2.4.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/companion-portfolio/tags/2.4.0.1/companion_portfolio.php#L322",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/21df75e6-1f3e-4a08-a620-92b44fb48899?source=cve",
"source": "security@wordfence.com"
}
]
}

64
CVE-2024/CVE-2024-118xx/CVE-2024-11869.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-11869",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-12-14T05:15:08.533",
"lastModified": "2024-12-14T05:15:08.533",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Buk for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'buk' shortcode in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/buk-appointments/trunk/buk.php#L18",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/plugins/buk-appointments/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dc1ebc34-d728-42b4-92b4-9e1a4ebd88b2?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-118xx/CVE-2024-11873.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-11873",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-12-14T05:15:08.707",
"lastModified": "2024-12-14T05:15:08.707",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The glomex oEmbed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'glomex_integration' shortcode in all versions up to, and including, 0.9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/glomex-oembed/tags/0.9.1/internals/OembedGlomexIntegrationShortcode.php#L98",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0e57cf85-eec0-4cf6-a800-ceb2b46e2bcd?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-118xx/CVE-2024-11876.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-11876",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-12-14T05:15:08.890",
"lastModified": "2024-12-14T05:15:08.890",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Kredeum NFTs, the easiest way to sell your NFTs directly on your WordPress site plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'kredeum_opensky' shortcode in all versions up to, and including, 1.6.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/kredeum-nfts/trunk/common/shortcode/shortcode.php#L34",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3eb74ac2-ac5d-477b-8142-3e42953f859b?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-118xx/CVE-2024-11877.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-11877",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-12-14T05:15:09.060",
"lastModified": "2024-12-14T05:15:09.060",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Cricket Live Score plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cricket_score' shortcode in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/cricket-score/tags/2.0.2/src/connectFscore.php#L19",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d9fe750f-5d8f-4c47-9d75-d928f1367fa8?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-118xx/CVE-2024-11879.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-11879",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-12-14T05:15:09.257",
"lastModified": "2024-12-14T05:15:09.257",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Stripe Donation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'stripe_donation' shortcode in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/bin-stripe-donation/trunk/module/shortcode.php#L32",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3a028937-38bb-4c28-aaa1-60a86124c998?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-118xx/CVE-2024-11883.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-11883",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-12-14T05:15:09.440",
"lastModified": "2024-12-14T05:15:09.440",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Connatix Video Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cnx_script_code' shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/connatix-video-embed/tags/1.0.5/connatix-video-embed.php#L219",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/89512190-a0fe-495a-9dda-8d8540a5325c?source=cve",
"source": "security@wordfence.com"
}
]
}

64
CVE-2024/CVE-2024-118xx/CVE-2024-11884.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-11884",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-12-14T05:15:09.640",
"lastModified": "2024-12-14T05:15:09.640",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Wp photo text slider 50 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp-photo-slider' shortcode in all versions up to, and including, 8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/wp-photo-text-slider-50/trunk/wp-photo-text-slider-50.php#L250",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/plugins/wp-photo-text-slider-50/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f98f11da-b0ae-4c00-9708-88d6044abda2?source=cve",
"source": "security@wordfence.com"
}
]
}

64
CVE-2024/CVE-2024-118xx/CVE-2024-11888.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-11888",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-12-14T05:15:09.837",
"lastModified": "2024-12-14T05:15:09.837",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The IDer Login for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ider_login_button' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/ider-login/trunk/includes/IDER_Shortcodes.php#L49",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/plugins/ider-login",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/de602cf8-cc02-4459-aa23-5d8236048bca?source=cve",
"source": "security@wordfence.com"
}
]
}

64
CVE-2024/CVE-2024-118xx/CVE-2024-11889.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-11889",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-12-14T05:15:10.030",
"lastModified": "2024-12-14T05:15:10.030",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The My IDX Home Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'homeasap-idx-search' shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/my-idx-home-search/trunk/includes/class-homeasap-search-loader.php#L133",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/plugins/my-idx-home-search",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/172b6b54-d1de-48f9-ad2f-00d62d7e91fd?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-118xx/CVE-2024-11894.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-11894",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-12-14T05:15:10.227",
"lastModified": "2024-12-14T05:15:10.227",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The The Permalinker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'permalink' shortcode in all versions up to, and including, 1.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/the-permalinker/trunk/the-permalinker.php#L14",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d03dbe48-371f-4fb7-8902-a013338ac7d4?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-124xx/CVE-2024-12411.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-12411",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-12-14T05:15:10.437",
"lastModified": "2024-12-14T05:15:10.437",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WP Ad Guru \u2013 Banner ad, Responsive popup, Popup maker, Ad rotator & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 2.5.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/wp-ad-guru/trunk/includes/admin/zone-manager/zone-manager-page.php#L16",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/aa9edf84-7ba0-488c-93ca-ed0b2ee435d5?source=cve",
"source": "security@wordfence.com"
}
]
}

68
CVE-2024/CVE-2024-124xx/CVE-2024-12422.json Normal file
View File

@ -0,0 +1,68 @@
{
"id": "CVE-2024-12422",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-12-14T06:15:19.357",
"lastModified": "2024-12-14T06:15:19.357",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Import Eventbrite Events plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/import-eventbrite-events/tags/1.7.3/templates/admin/import-eventbrite-events-history.php#L16",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/import-eventbrite-events/tags/1.7.3/templates/admin/import-eventbrite-events-history.php#L17",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3207381%40import-eventbrite-events&new=3207381%40import-eventbrite-events&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f799db97-ca61-439d-94ec-a44270d1cd07?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-124xx/CVE-2024-12447.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-12447",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-12-14T05:15:10.670",
"lastModified": "2024-12-14T05:15:10.670",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Get Post Content Shortcode plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 0.4 via the 'post-content' shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the content of password-protected, private, draft, and pending posts."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/get-post-content-shortcode/trunk/get-post-content-shortcode.php#L106",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c2b92091-e615-484f-b402-2e793eed214d?source=cve",
"source": "security@wordfence.com"
}
]
}

64
CVE-2024/CVE-2024-124xx/CVE-2024-12448.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-12448",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-12-14T05:15:10.873",
"lastModified": "2024-12-14T05:15:10.873",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Posts and Products Views for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'papvfwc_views' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/posts-and-products-views/trunk/posts-and-products-views-for-woocommerce.php#L169",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/plugins/posts-and-products-views",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a7e27a6c-8b14-459b-aba2-044f311edf9e?source=cve",
"source": "security@wordfence.com"
}
]
}

64
CVE-2024/CVE-2024-124xx/CVE-2024-12458.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-12458",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-12-14T05:15:11.060",
"lastModified": "2024-12-14T05:15:11.060",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Smart PopUp Blaster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spb-button' shortcode in all versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/smart-popup-blaster/trunk/admin/shortcodes.php#L14",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/plugins/smart-popup-blaster",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/afd7fe73-1f24-4e47-a0c4-5a08662c4dbe?source=cve",
"source": "security@wordfence.com"
}
]
}

68
CVE-2024/CVE-2024-124xx/CVE-2024-12459.json Normal file
View File

@ -0,0 +1,68 @@
{
"id": "CVE-2024-12459",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-12-14T06:15:19.487",
"lastModified": "2024-12-14T06:15:19.487",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Ganohrs Toggle Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'toggle' shortcode in all versions up to, and including, 0.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/ganohrs-toggle-shortcode/tags/0.2.4/ganohrs-toggle-shortcode.php#L350",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ganohrs-toggle-shortcode/tags/0.2.4/ganohrs-toggle-shortcode.php#L98",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3207393%40ganohrs-toggle-shortcode&new=3207393%40ganohrs-toggle-shortcode&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/efd49905-0f2c-44b7-85c6-c2b77440ac17?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-124xx/CVE-2024-12474.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-12474",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-12-14T06:15:19.627",
"lastModified": "2024-12-14T06:15:19.627",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The GeoDataSource Country Region DropDown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gds-country-dropdown' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3207322%40geodatasource-country-region-dropdown&new=3207322%40geodatasource-country-region-dropdown&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c974726e-9371-40e5-8664-c12c8c06e5b9?source=cve",
"source": "security@wordfence.com"
}
]
}

68
CVE-2024/CVE-2024-125xx/CVE-2024-12501.json Normal file
View File

@ -0,0 +1,68 @@
{
"id": "CVE-2024-12501",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-12-14T06:15:19.770",
"lastModified": "2024-12-14T06:15:19.770",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Simple Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/simple-locator/tags/2.0.3/app/API/AllLocationsShortcode.php#L19",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/simple-locator/tags/2.0.3/app/API/FormShortcode.php#L31",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3207747%40simple-locator&new=3207747%40simple-locator&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/38cb5e43-56d0-40b6-936a-f10f15d2e72f?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-125xx/CVE-2024-12502.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-12502",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-12-14T05:15:11.260",
"lastModified": "2024-12-14T05:15:11.260",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The My IDX Home Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'homeasap-idx-landing' shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/my-idx-home-search/trunk/includes/class-homeasap-search-loader.php#L147",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d17aca2b-5ac6-46cd-a439-f492e6573a46?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-125xx/CVE-2024-12517.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-12517",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-12-14T05:15:11.453",
"lastModified": "2024-12-14T05:15:11.453",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WooCommerce Cart Count Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cart_button' shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/woo-cart-count-shortcode/trunk/woocommerce-cart-count-shortcode.php#L79",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8373938c-060a-4579-a133-d25b4d065d36?source=cve",
"source": "security@wordfence.com"
}
]
}

64
CVE-2024/CVE-2024-125xx/CVE-2024-12523.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-12523",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-12-14T05:15:11.640",
"lastModified": "2024-12-14T05:15:11.640",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The States Map US plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'states_map' shortcode in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/ymc-states-map/trunk/includes/frontend/Shortcode.php",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/plugins/ymc-states-map/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bdd07160-721b-4807-a227-72cd91faef39?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-125xx/CVE-2024-12555.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-12555",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-12-14T05:15:11.827",
"lastModified": "2024-12-14T05:15:11.827",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SIP Calculator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://wordpress.org/plugins/sip-calculator/#developers",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/03afffcc-02fe-4054-8876-6a4e4d9de071?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-125xx/CVE-2024-12578.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-12578",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-12-14T05:15:12.000",
"lastModified": "2024-12-14T05:15:12.000",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Tickera \u2013 WordPress Event Ticketing plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.5.4.8 via the 'tickera_tickets_info' endpoint. This makes it possible for unauthenticated attackers to extract sensitive data from bookings like full names, email addresses, check-in/out timestamps and more."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3201476%40tickera-event-ticketing-system&new=3201476%40tickera-event-ticketing-system&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2db29c12-bf8a-4d5a-b12a-6c74b816d5f0?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-96xx/CVE-2024-9698.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-9698",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-12-14T05:15:12.987",
"lastModified": "2024-12-14T05:15:12.987",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Crafthemes Demo Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'process_uploaded_files' function in all versions up to, and including, 3.3. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/crafthemes-demo-import/trunk/inc/Helpers.php#L421",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e44dd0e8-e6e7-4a2d-b9ca-abd1de273092?source=cve",
"source": "security@wordfence.com"
}
]
}

37
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-12-14T03:00:19.797168+00:00
2024-12-14T07:00:20.653527+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-12-14T02:15:05.010000+00:00
2024-12-14T06:15:19.770000+00:00
```
### Last Data Feed Release
@ -33,21 +33,44 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
273829
273866
```
### CVEs added in the last Commit
Recently added CVEs: `1`
Recently added CVEs: `37`
- [CVE-2023-29476](CVE-2023/CVE-2023-294xx/CVE-2023-29476.json) (`2024-12-14T02:15:05.010`)
- [CVE-2024-11867](CVE-2024/CVE-2024-118xx/CVE-2024-11867.json) (`2024-12-14T05:15:08.343`)
- [CVE-2024-11869](CVE-2024/CVE-2024-118xx/CVE-2024-11869.json) (`2024-12-14T05:15:08.533`)
- [CVE-2024-11873](CVE-2024/CVE-2024-118xx/CVE-2024-11873.json) (`2024-12-14T05:15:08.707`)
- [CVE-2024-11876](CVE-2024/CVE-2024-118xx/CVE-2024-11876.json) (`2024-12-14T05:15:08.890`)
- [CVE-2024-11877](CVE-2024/CVE-2024-118xx/CVE-2024-11877.json) (`2024-12-14T05:15:09.060`)
- [CVE-2024-11879](CVE-2024/CVE-2024-118xx/CVE-2024-11879.json) (`2024-12-14T05:15:09.257`)
- [CVE-2024-11883](CVE-2024/CVE-2024-118xx/CVE-2024-11883.json) (`2024-12-14T05:15:09.440`)
- [CVE-2024-11884](CVE-2024/CVE-2024-118xx/CVE-2024-11884.json) (`2024-12-14T05:15:09.640`)
- [CVE-2024-11888](CVE-2024/CVE-2024-118xx/CVE-2024-11888.json) (`2024-12-14T05:15:09.837`)
- [CVE-2024-11889](CVE-2024/CVE-2024-118xx/CVE-2024-11889.json) (`2024-12-14T05:15:10.030`)
- [CVE-2024-11894](CVE-2024/CVE-2024-118xx/CVE-2024-11894.json) (`2024-12-14T05:15:10.227`)
- [CVE-2024-12411](CVE-2024/CVE-2024-124xx/CVE-2024-12411.json) (`2024-12-14T05:15:10.437`)
- [CVE-2024-12422](CVE-2024/CVE-2024-124xx/CVE-2024-12422.json) (`2024-12-14T06:15:19.357`)
- [CVE-2024-12447](CVE-2024/CVE-2024-124xx/CVE-2024-12447.json) (`2024-12-14T05:15:10.670`)
- [CVE-2024-12448](CVE-2024/CVE-2024-124xx/CVE-2024-12448.json) (`2024-12-14T05:15:10.873`)
- [CVE-2024-12458](CVE-2024/CVE-2024-124xx/CVE-2024-12458.json) (`2024-12-14T05:15:11.060`)
- [CVE-2024-12459](CVE-2024/CVE-2024-124xx/CVE-2024-12459.json) (`2024-12-14T06:15:19.487`)
- [CVE-2024-12474](CVE-2024/CVE-2024-124xx/CVE-2024-12474.json) (`2024-12-14T06:15:19.627`)
- [CVE-2024-12501](CVE-2024/CVE-2024-125xx/CVE-2024-12501.json) (`2024-12-14T06:15:19.770`)
- [CVE-2024-12502](CVE-2024/CVE-2024-125xx/CVE-2024-12502.json) (`2024-12-14T05:15:11.260`)
- [CVE-2024-12517](CVE-2024/CVE-2024-125xx/CVE-2024-12517.json) (`2024-12-14T05:15:11.453`)
- [CVE-2024-12523](CVE-2024/CVE-2024-125xx/CVE-2024-12523.json) (`2024-12-14T05:15:11.640`)
- [CVE-2024-12555](CVE-2024/CVE-2024-125xx/CVE-2024-12555.json) (`2024-12-14T05:15:11.827`)
- [CVE-2024-12578](CVE-2024/CVE-2024-125xx/CVE-2024-12578.json) (`2024-12-14T05:15:12.000`)
- [CVE-2024-9698](CVE-2024/CVE-2024-96xx/CVE-2024-9698.json) (`2024-12-14T05:15:12.987`)
### CVEs modified in the last Commit
Recently modified CVEs: `1`
Recently modified CVEs: `0`
- [CVE-2024-50623](CVE-2024/CVE-2024-506xx/CVE-2024-50623.json) (`2024-12-14T02:00:02.073`)
## Download and Usage

41
_state.csv
View File

@ -222938,7 +222938,7 @@ CVE-2023-29471,0,0,72b13cb96b5651ca7898f495eb65cda22ef4f5f9064813e6aa6721de200f1
CVE-2023-29473,0,0,962b25368971eecc0256cc5b0b5fd386654955c54f9062b5d68c4eba7d43005e,2024-11-21T07:57:08.040000
CVE-2023-29474,0,0,4d49bb7998baa32821ffa2bda0888222ce3e7ecfecd2a3e20e56cc265682b2cc,2024-11-21T07:57:08.170000
CVE-2023-29475,0,0,33c83edd70229d4c831ae9bdd415364683573ea08af12a4ddc98823fa2c19e92,2024-11-21T07:57:08.320000
CVE-2023-29476,1,1,c552ab9c8deba3b35895b2328a155a527925be4b99b0449fd5edf1a549a3beec,2024-12-14T02:15:05.010000
CVE-2023-29476,0,0,c552ab9c8deba3b35895b2328a155a527925be4b99b0449fd5edf1a549a3beec,2024-12-14T02:15:05.010000
CVE-2023-29478,0,0,26a52af1e5d65e98c54e4beb2236d3bd1d72cbaf6c697669c6c21aef239832ad,2024-11-21T07:57:08.477000
CVE-2023-29479,0,0,75350b83cbe774edaed33a6f0ed3e2780cfb5405492749d3c46a0119080823c2,2024-11-21T07:57:08.613000
CVE-2023-2948,0,0,55ff93f2536f57f582b4c866dbe6ee94baa3d857520bccfc83121a8e8d3e0770,2024-11-21T07:59:37.673000
@ -243521,6 +243521,7 @@ CVE-2024-10637,0,0,93d08933ba9c4ceaffb9a190c50c42965d9f07240a31bdb136bdb3d17454c
CVE-2024-1064,0,0,7b760eef6fec23e7e81fb51d838ef1bddf15caed76d88b6ad1d3e688cbbd4a4b,2024-11-21T08:49:42.843000
CVE-2024-10640,0,0,a398cd6d72329485656ef5fe95883039ee9518985823ed26e6c02ea5501d6402,2024-11-12T13:56:24.513000
CVE-2024-10645,0,0,4bf8393d98652382c145c8e94d665dfa0043fae11a672b2399957f22677ef320,2024-11-18T17:11:17.393000
CVE-2024-10646,1,1,e45d1f8fdd89ff224678b3d8ec1292abf73c3dab09c5f895176327459e536992,2024-12-14T06:15:18.863000
CVE-2024-10647,0,0,05b3aabb4778e43bb6f2ea80f3d833ac24d1ab3b06ce7337c8de9fe67f9f78b9,2024-11-08T21:20:50.847000
CVE-2024-1065,0,0,b15b37df186076da575ae1588759c677f2677d06b5081dbb99648fc8d071921c,2024-11-21T08:49:42.970000
CVE-2024-10651,0,0,daa7d277426e3cae52065dc92f7f81ece792840b77223c8e793cafff956732fc,2024-11-01T12:57:03.417000
@ -243563,6 +243564,7 @@ CVE-2024-10687,0,0,6c497ff4d74f30a44feef31d13c17a11a8c270f3524068fb7e386abf002a5
CVE-2024-10688,0,0,b0990f4bae54f7100b2ee118e88a2572e3be579f798c1aaa5b2c9018f627fe61,2024-11-12T13:56:24.513000
CVE-2024-10689,0,0,d069ff2e20ab3e0205a65d83c7c24eaf2130d3b8d4319f6462d60806ce50d068,2024-12-06T09:15:05.033000
CVE-2024-1069,0,0,e0471f0c714f902c31bc433a8b0d70841b0e8ce0fe684171f01f3f7a66ed02dc,2024-11-21T08:49:43.650000
CVE-2024-10690,1,1,680ed2e0e0b325730a60cd72b3b317c1a98b9f4bb4a82195dc43d2732de8104a,2024-12-14T06:15:19.057000
CVE-2024-10691,0,0,db2c0688a52bf60c2a1055a856c5f32b6875efacbb339285fcf0094be8a5d17a,2024-11-15T15:15:05.943000
CVE-2024-10692,0,0,f01a8e205d8fea2fad01369dcd74a3495c00798b203e3d01cba50d89c526a110,2024-12-06T09:15:05.190000
CVE-2024-10693,0,0,05b06d72893b9e51863e18abef44d1abb0966aa02409860216a6d0d41fe433e0,2024-11-12T13:56:24.513000
@ -243885,6 +243887,7 @@ CVE-2024-11091,0,0,e10ed02b8c734f63bf38922634dd4d6feedd7afb3a001442202f3ae94b73b
CVE-2024-11092,0,0,b91206ec3c41bca256cf01b32acc1f1febfdbc1197811dabd241031540a0a8e3,2024-11-18T17:11:17.393000
CVE-2024-11093,0,0,75c412f30032843f3314bfbffa1f4ccc597f106db7e3d715db1fe1117a610c10,2024-12-04T03:15:04.760000
CVE-2024-11094,0,0,3c10c73b0b74e2dcd7dc1bb2b608e53b5a4a259b7665b1d7fd0ba2c32a4aa9bb,2024-11-18T17:11:17.393000
CVE-2024-11095,1,1,f7b8fccb587034917b2a78a4aee6135d9bf74622e45dea07d6de5575a4ed2230,2024-12-14T05:15:06.370000
CVE-2024-11096,0,0,848470b7e9ce0e6444d8468a0c805a3b8618f6fe50aa33fb16c22f20835ecdc5,2024-11-23T01:21:10.177000
CVE-2024-11097,0,0,07224697bb24d4568b7e7004e3cb47ded8603c3dc7096a5ed16f2fb0ca4c99d1,2024-11-14T15:14:40.767000
CVE-2024-11098,0,0,c334ff4cb9e06070cf95a22dec635f393e41607649c5943710e2815292696fd4,2024-11-19T21:57:32.967000
@ -244153,6 +244156,7 @@ CVE-2024-11459,0,0,6dd26af0a0e7e7e90eb776c3742089e6ee3828fb2ec414203a8474ee177c3
CVE-2024-1146,0,0,865cccf5286117f469f85aa15c58e56edc5ee0a12f4a7d0a04014363eb757a05,2024-11-21T08:49:54.233000
CVE-2024-11460,0,0,1d600b6f0396c61d4024b3162e8907d3372001ca6a1fa402ef9e686641b362ef,2024-12-06T10:15:05.647000
CVE-2024-11461,0,0,e598452d44c671acacd0d9bb3b2f7ceb59d795e3e0bc7e2684d3f27a73f6a689,2024-12-03T08:15:06.043000
CVE-2024-11462,1,1,efbeda5009bab907007dfa71bb515c4ac1a0a4b29a8ee010be065ca2fb115720,2024-12-14T05:15:06.560000
CVE-2024-11463,0,0,ad17f3fab6bfb40a789d68c4383c6c0e1f14efa77f86cc521d310c195559f395,2024-11-23T04:15:08.893000
CVE-2024-11464,0,0,b8134ded04019f0dc322d50c830b80e3f3f841b43578bd4adfc4b4daf1965843,2024-12-07T12:15:19.567000
CVE-2024-11466,0,0,36ba29a0e83960f183cdc1bb8910604befb538a9ed8bdd074a88ef8b7f706e46,2024-12-04T08:15:06.523000
@ -244378,16 +244382,22 @@ CVE-2024-11745,0,0,96069305de6ef8812783ef245e2f61d86d985db42c36cad22c8d389adbd7e
CVE-2024-11747,0,0,3759ff4fc6bacdbc93b41c30e49e712686d53794386a1c516e9d37a83c4db995,2024-12-04T03:15:04.933000
CVE-2024-1175,0,0,f997875411f4ee3836569f05e6ded063f5984d7986ed98f909a5423e1a302ce0,2024-11-21T08:49:58
CVE-2024-11750,0,0,3c34e091d90fe18ed980ae2930740ab9280c6a3419c7de611ea99715b89180e0,2024-12-12T05:15:09.577000
CVE-2024-11751,1,1,67dbb8797b0431ee7206db6e4550daf24d2677d7c3589966da6466cb099d5323,2024-12-14T05:15:06.923000
CVE-2024-11752,1,1,a4aa7efab5660bcfc353a1c5a8f0dfda679d2d24c643d27ecb60451105256f87,2024-12-14T06:15:19.210000
CVE-2024-11754,0,0,7f899a763cc43644ced7e3eac1478b4e04aedec1f0a902ba54d937491193a54b,2024-12-13T09:15:05.630000
CVE-2024-11755,1,1,3c44b4bb7870d004a585df0ce40faad793baf73b2b10cc84f378f3b1b2a61e3d,2024-12-14T05:15:07.100000
CVE-2024-11757,0,0,f6e9cc66f398e537f819c502da6499dbb37805cac3d1aa532638955a25992311,2024-12-12T06:15:21.367000
CVE-2024-11759,1,1,2b8de3e7791e3b05831980a2041787c68738e0bd67b5212fe53cff122bfe76c2,2024-12-14T05:15:07.287000
CVE-2024-1176,0,0,ade3cc69c20caab05c727481cc0ec5f568a186d8a0d855f0f768d9d6ccfee82f,2024-11-21T08:49:58.123000
CVE-2024-11760,0,0,5cfb5d180120c1875ad31a782b3cbd78a6ea2212cd7c91767b7a154b08a9b37d,2024-12-12T09:15:05.040000
CVE-2024-11761,0,0,d23dfba4fec168c27495db29e782d019068846a5ade59e5c067fdb06c9bbac7b,2024-11-28T09:15:05.090000
CVE-2024-11763,1,1,2b2c0323b3c93139ab3dc406b2344ba6550636910350822782e7898bf1761b80,2024-12-14T05:15:07.457000
CVE-2024-11765,0,0,bbcbd7fc77b6a0fb82cd27e551903b294aa23044b4d11991ca37229d7ea8585b,2024-12-12T06:15:21.570000
CVE-2024-11766,0,0,ddbc95560ca1a03f1533d2e46b0802f8fb1d46853ac4aebc4f71e98f40f98426,2024-12-12T06:15:21.757000
CVE-2024-11767,0,0,9f5aa91d1c2761db892ed68721541ab721ab50e39e1c5b0b5c905b945a5ed2ca,2024-12-13T05:15:05.843000
CVE-2024-11769,0,0,7c09ce15e3c33c67c82c4f8389595c27e00e07d607e16c4d909baefd0cbdfd8b,2024-12-04T08:15:06.680000
CVE-2024-1177,0,0,50204f0e1e82280f8898460ad80abf26f09df69c8b4bae2f8e7f259925f88097,2024-11-21T08:49:58.233000
CVE-2024-11770,1,1,be8f578c9f82931df9c3ede6728bb383379d1438331426ab12c908c3c55de158,2024-12-14T05:15:07.627000
CVE-2024-11772,0,0,8798de1b89615d4c1d5ee148ccb63311b2f2b6f0733c8b34822ca99faf169909,2024-12-10T19:15:19.817000
CVE-2024-11773,0,0,1599f5d7cc145c0f3a3a46104ee78ba4948a77846b5397f39e14ea1e4596f3f5,2024-12-10T19:15:19.943000
CVE-2024-11779,0,0,6fca322440fa0ec10b198ba4bdeb9536ec459d93d5e90d5fff62b8f50b0b654d,2024-12-05T10:31:39.980000
@ -244445,21 +244455,34 @@ CVE-2024-11844,0,0,04412f8d1e89e121c8013622c692022d4f804bc36ac5e0beee05cf8987e8a
CVE-2024-1185,0,0,78290528f068dedb8140a9e577b3dd14843a1270282e7453db0a3904a48bc34c,2024-11-21T08:49:59.223000
CVE-2024-11853,0,0,34e99eba0841fa956ba4d7c4a308f8505540f1a8e5d486ec7f2fdd3d46494b2f,2024-12-03T08:15:06.710000
CVE-2024-11854,0,0,999afde0352966c3848f9613a3046f97c5bfc972302cd671fa92812a3b6bafdc,2024-12-04T12:15:19.250000
CVE-2024-11855,1,1,5d35cef65c50f384026d982a234c48ed6d96ccf2f5e255613fa577203521e596,2024-12-14T05:15:07.960000
CVE-2024-11856,0,0,d5dc91ea132c91646f44dabd18a1a6c06e1b122275ee7e71ea02b3d69779ae26,2024-12-02T03:15:13.713000
CVE-2024-1186,0,0,2e273a7149091b295fd44850226681809150a1697d95b70cddb9945c7f5d2c46,2024-11-21T08:49:59.387000
CVE-2024-11860,0,0,3a70209f793392595a3a51a4d60b0579da591107f99f2af8b8ca46fce7a60e47,2024-12-04T21:08:39.133000
CVE-2024-11862,0,0,7712aab25e9f815f730578195e7a4831741702c7ef40dfbc871d5c94d52129b1,2024-11-27T15:15:25.393000
CVE-2024-11865,1,1,ae09285f2ce0d086c792da11f99b57824d9ae85bbfd341ff49d5863d0884518f,2024-12-14T05:15:08.150000
CVE-2024-11866,0,0,f98849df3d1b11c4a74b976ef8b2271c79a4b31b45f414582e51d5b7f2d3bff7,2024-12-03T09:15:05.487000
CVE-2024-11867,1,1,3ac4d45639b41475108e1082a2d7e39a9d5b6272fcc963e9c725c33b0646b52a,2024-12-14T05:15:08.343000
CVE-2024-11868,0,0,6562d73f3ac693485a95f5a10095f9315239583a70a12d5f33afc1f56bd78bd9,2024-12-10T13:15:15.973000
CVE-2024-11869,1,1,e48cc574701113d7f3b1f69bba208f8cf94e0a3a2a057003d961c197ea7b294d,2024-12-14T05:15:08.533000
CVE-2024-1187,0,0,34bfab1d2868a509e17e58177c8ef1072428b9ace11ecd550f1c0daa57f2d37c,2024-11-21T08:49:59.543000
CVE-2024-11871,0,0,976d35a3661b679a05eeae2069fd06d52866cd44e028cc55c4f1072648e97292,2024-12-12T06:15:22.327000
CVE-2024-11872,0,0,b80fa2cdb2fa8f23b2eba6f57f5d714702c44d3760ac384daecd2f1c3b74b9c8,2024-12-12T01:40:20.537000
CVE-2024-11873,1,1,43fe50fba07be54821bde88d28e9848023239a3818ded353df905e4be8923bc6,2024-12-14T05:15:08.707000
CVE-2024-11875,0,0,e13ab6caf88b07161f8ab9c2faac65591dc29617aa1458f8ce261701bb4ec209,2024-12-12T05:15:10.317000
CVE-2024-11876,1,1,7dca70b5f035733977196a213c5fb6af280ec15c1e4f28c6b52544d4e4abf16e,2024-12-14T05:15:08.890000
CVE-2024-11877,1,1,0b34673f01d0d1e7e6d2a67dc1819f1f33a60d34a4311d2b4c1472795752b73d,2024-12-14T05:15:09.060000
CVE-2024-11879,1,1,8b1fe425c329588ef1ebe3acf2d107f6c7ec5bd8a31ce8d8d2ecd6a4e6c522e2,2024-12-14T05:15:09.257000
CVE-2024-1188,0,0,a65e9144328c7bf88ed9510065b2567c80bec907fa15019254b44a904bcf4c98,2024-11-21T08:49:59.690000
CVE-2024-11880,0,0,bc08b419001e69ecc8df6960919cacc77cc712a48473883e8526af3cf15bbb8b,2024-12-04T09:15:04.470000
CVE-2024-11882,0,0,c48c90c670d1a2eccb4501c03b0c98b70adb1ecf2e678cb940fa4caecf1f1150,2024-12-12T06:15:22.543000
CVE-2024-11883,1,1,43e4f153757375016f31f50ea51681bab5f5a66bc81238b0aaac8f3120da073c,2024-12-14T05:15:09.440000
CVE-2024-11884,1,1,55fb2df52f83e40f0fc8b2f5e152d287536f634f475dce9208a6bcb3453005b7,2024-12-14T05:15:09.640000
CVE-2024-11888,1,1,cf1efece56f5c2bebdcf90e50a83aeb70349857636d7051726174c5db5e8fbbd,2024-12-14T05:15:09.837000
CVE-2024-11889,1,1,3fc539f68ff9b477e6f4cef1e3e238111b97bac54b77c7c8d1194c7f132e59a4,2024-12-14T05:15:10.030000
CVE-2024-1189,0,0,3e2c1a3fc9f24eb6eaedd5adba4b6f521645b93b8971a5e9477fe83a4ee5ef97,2024-11-21T08:49:59.850000
CVE-2024-11891,0,0,578a2cae5ec7ece5e990100101ec59c11e1d6c126cc58bee0c300f9681e500b1,2024-12-12T05:15:10.670000
CVE-2024-11894,1,1,0c2059044c45af848fff3dd9292eb7e51685f6c7fbb508ad9b4173a086520faf,2024-12-14T05:15:10.227000
CVE-2024-11897,0,0,63c2369fafd5da048dd57864988be95602290ce10df0f51d423ab54c866c15e0,2024-12-04T03:15:05.380000
CVE-2024-11898,0,0,e843212abf00805a20f8b4b65b36c01f75cc2096cf65f2d0e7899f11eb517a82,2024-12-03T08:15:06.857000
CVE-2024-1190,0,0,234a49a5e7705658abf0b6e88d111180ae34b962c9b1fcba39bd09bd939fee39,2024-11-21T08:49:59.993000
@ -244684,18 +244707,25 @@ CVE-2024-1240,0,0,04799415e1f0377b54b78e2b8bdc0cc625bbd87f5e08d92014024c374e43cc
CVE-2024-12401,0,0,168ab50a00c8e055cc6b3c22c9a86d74152dd552dee0343c930d3f40f1bd1ecd,2024-12-12T09:15:05.790000
CVE-2024-12406,0,0,fa1ab7c597cd33fcacb317cf2fa610cdcf6468bc31d67d5c659a34b86d65b782,2024-12-12T05:15:12.210000
CVE-2024-1241,0,0,ba82bb77c28ed45b324839e72710669d8c2af006c45eeed23dee90a28ff67ea8,2024-11-21T08:50:08.490000
CVE-2024-12411,1,1,faa57e401cbedaab2f4e5924eb0f23c481682b4036a2a6c473ed5d5855c9b86e,2024-12-14T05:15:10.437000
CVE-2024-12414,0,0,c6c62afd8231ad84f0cfbacb9824eb7ef75ee3eec91768b77318c01a4a7a2e2c,2024-12-13T09:15:08.070000
CVE-2024-12417,0,0,18cff6407a68203c614d63ed63995a1bbdcb09f8d67d032b1540cb6d37a1cca3,2024-12-13T09:15:08.353000
CVE-2024-1242,0,0,d730388eb7530fa29fb11ce649456e01cfb020c8a1d70e87c977d44dc1314073,2024-11-21T08:50:08.620000
CVE-2024-12420,0,0,e390c38f4e88665e32a2cd62152aa860ec938ca2fa0dfcbdfe404f6557d8a750,2024-12-13T09:15:08.627000
CVE-2024-12421,0,0,ac4f95208439dcb1252d6283c443373564305334068386dd134a6484558faee1,2024-12-13T09:15:08.870000
CVE-2024-12422,1,1,05369736cfa99e7a93f623e0bf231830f42417dd4b9e28a7ca0096ebfd842f0b,2024-12-14T06:15:19.357000
CVE-2024-12441,0,0,8dc47fc0bc628e554cb5d5dec738cf187ea41d3428aede59fd0f61db8f834f33,2024-12-12T05:15:12.703000
CVE-2024-12447,1,1,c7d237797e5045bf7231fd7a8dd02f5534e2ad794fcb81ab9e39a8e990833ac6,2024-12-14T05:15:10.670000
CVE-2024-12448,1,1,11e50dbe77a1a32d7920e9e6082c85f472336b04f5fe27094dc25dc5df597595,2024-12-14T05:15:10.873000
CVE-2024-1245,0,0,95e8542ba13fb11ab7fe96b21acceb5168a3d85655e46eadbf4243e255ea26c4,2024-11-21T08:50:08.740000
CVE-2024-12458,1,1,2dff647285f20b176250357c056fba4cfb4d59ea24572e2cfd9d5f5ecb43bfcb,2024-12-14T05:15:11.060000
CVE-2024-12459,1,1,afa492c736eca842cbfac1bae4af71a966055505fb77debb49ea61411a663e1d,2024-12-14T06:15:19.487000
CVE-2024-1246,0,0,1f374a88e5f240286cc1247b0f1cf35c16b35bebd909ebb6b31cd5f41f473567,2024-11-21T08:50:08.877000
CVE-2024-12461,0,0,87132fe6ee9a0a857141b6cda632ed8c8a71393196330fb5b19b4b0c53e8baa3,2024-12-12T04:15:07.820000
CVE-2024-12463,0,0,16058c978a913956bb36aa3280bcad6d31dbd913cf9beb7eb08a9f5fffeecbb8,2024-12-12T05:15:13.197000
CVE-2024-12465,0,0,12688c9e12a4af7815fc2288834e09f6bf4fc2de624e4c07cbd62f7f14d587e0,2024-12-13T09:15:09.060000
CVE-2024-1247,0,0,87dd54613b1838220658d2242080e8fb0b79934df6e5afef144b61ee319c0ba1,2024-11-21T08:50:09.013000
CVE-2024-12474,1,1,bcf4da13bc4f1e0c625542bed8143ddc9b6abe063d1d53c5426da4c6de732659,2024-12-14T06:15:19.627000
CVE-2024-12479,0,0,71e9962db709a4fb365c50c76ea2678c0c0be3cc10bb9fad5f99b55609975bac,2024-12-13T17:10:45.860000
CVE-2024-12480,0,0,278aebffcfd2515ae9c7caddd55ce9bc13fc09babf1329c96da477d94bc16635,2024-12-13T17:11:08.800000
CVE-2024-12481,0,0,1070540f1746510f09883c64ab78c248209e68cbe0c912951863befef0b41f3e,2024-12-13T17:11:19.967000
@ -244712,9 +244742,13 @@ CVE-2024-12490,0,0,1555e4125b1bbd18e44ad154504a390e80c730aff0638a2c04280c85da66d
CVE-2024-12492,0,0,d916ae3db37806ef5451c78588e17d1a804f7c9a228c6c5f62bb3eeb89f366ac,2024-12-13T17:12:51.283000
CVE-2024-12497,0,0,2fa5c57c56d5261d14e7efca34ea444e21df46aee84c2eede506aff4e7856847,2024-12-13T17:13:18.457000
CVE-2024-1250,0,0,c54b18c5c3077dc882ddb080c03b243e2860ef906533ea0af6c558156b694109,2024-11-21T08:50:09.347000
CVE-2024-12501,1,1,5cbd9f9a342d7bd3b80b0e76e0f5058fb53e053502f02c282879631f5e242603,2024-12-14T06:15:19.770000
CVE-2024-12502,1,1,9df1e99058de0594df9a1e119549359f5b02524e122b46846c6476ea29e82157,2024-12-14T05:15:11.260000
CVE-2024-12503,0,0,e53e761e34d39e4e7df36516ec31d7b0a69f9ff2ae79d7b9e9b3c291572b84d0,2024-12-13T17:13:37.483000
CVE-2024-1251,0,0,55abf2dab54853ea7e8f2064ba1aa2b598c46c69f42989126a0631cc6933eb7c,2024-11-21T08:50:09.497000
CVE-2024-12517,1,1,468899f199d602580a1bce011d5d81c6e61db10c42b8285d87bc20145862442b,2024-12-14T05:15:11.453000
CVE-2024-1252,0,0,1e0330317f0d20e2dc4f408c2767288b043e4447c6e0251a866055642f0946ec,2024-11-21T08:50:09.700000
CVE-2024-12523,1,1,4d11c79c0a7bbf59aef6883f50a68fa29b12db1595dcca5fbdbdf864ec9292c7,2024-12-14T05:15:11.640000
CVE-2024-12526,0,0,efd9797a35c64433702cac295ed89d4a461222755ffa7c521c9224b9d71abe5e,2024-12-12T05:15:13.577000
CVE-2024-1253,0,0,9fbe74a1c11be637e33880cb418c7b8ba8d1c852d6613e52fe041fc1300d8ea2,2024-11-21T08:50:09.843000
CVE-2024-12536,0,0,a925f1a48eff74b537962fd623796390384e9d276d37e7a9cb0d9ba10f9464b0,2024-12-13T17:14:44.007000
@ -244722,12 +244756,14 @@ CVE-2024-1254,0,0,44df8e919ae544d26fc82110d33f6e7af1fff88011a3bcb100ca7209bc278c
CVE-2024-1255,0,0,d4be5ae93b9e5092a7e5ab21334a6f9f4c81c0431c6141ca4ea56d5a3455190b,2024-11-21T08:50:10.150000
CVE-2024-12552,0,0,fb797bda6a7925c8d7543e5704f2ad51014fa3335d6fe6df263bb53aa2925a54,2024-12-13T23:15:05.553000
CVE-2024-12553,0,0,a2255cbe7c81f26e6254fdbc6535a51f1e6a86b8a15e67572b76456e109cd8f4,2024-12-13T23:15:06.310000
CVE-2024-12555,1,1,0d42d0c8cac624be8352d225c1fedeed93d78abfe4d84ed9171ab1d4e5a1062b,2024-12-14T05:15:11.827000
CVE-2024-1256,0,0,ea8829298a5ced036094d7fead955f33827bc36bbc0a7f87a81ee1f95b95b282,2024-11-21T08:50:10.293000
CVE-2024-12564,0,0,0abcb221861e5fc99f1edf43c59fea9ce50a3b4bd68b4b9a5961d76741772172,2024-12-12T15:15:12.097000
CVE-2024-1257,0,0,7cc030c8f0ebfb33a80da788a5513945114551aaaa2999db4fa614a5f6b08a9b,2024-11-21T08:50:10.443000
CVE-2024-12570,0,0,55c8778ae52085a06019b95421840b0ea1343cca5de17e3c27e61710e2f13cc0,2024-12-12T12:15:22.660000
CVE-2024-12572,0,0,34129db9c33eecd2b2ac243db0a2f51d7be08fff7793d1c2147b501507591f87,2024-12-13T04:15:05.233000
CVE-2024-12574,0,0,cd64e5c6acfbc2001e449c794a77f29c15120ff149ae10a4a58ebcc5a40e8b07,2024-12-13T05:15:07.310000
CVE-2024-12578,1,1,6076f52af563970ec8a3bc8e5f14a4b4d6997e85c1163c0f2b2e584e97943a1e,2024-12-14T05:15:12
CVE-2024-12579,0,0,3eeb6f5a7d75fd4b84c0338d8badc8feb93f7dfd7c0753fc05e5113ec1cad16f,2024-12-13T05:15:07.473000
CVE-2024-1258,0,0,debedad37d9addee2213fe56690e6af35567d54f911af42012dde5a258793ebd,2024-11-21T08:50:10.573000
CVE-2024-12581,0,0,63b42d274abe5ff6fab4e046f026b25c5bfe866ba46f47bdf0ce6ab1471cc5a7,2024-12-13T06:15:26.433000
@ -267784,7 +267820,7 @@ CVE-2024-50614,0,0,29f22ac93163ff1303a42a1fec38fde0552d285d63129bbab00c726fede4a
CVE-2024-50615,0,0,4d2a2e353be570a02fcdfff0b42fb37b106e2c1e8ab4e77f1c580e4daa183aa0,2024-10-30T20:35:37.310000
CVE-2024-50616,0,0,f16f40ce12577bc20e6d17ff8fa15bd5a1f69a543581dc34546ce7e8ac77217c,2024-10-30T20:35:38.380000
CVE-2024-5062,0,0,9128f70d0672705b0b285f525f62637be138c9786cd6adfa5de361b1c4e33225,2024-11-21T09:46:53.077000
CVE-2024-50623,0,1,ad8f07a26b24d1b2e14fd5c9afdee83dc8d3b5da971fda4bcc93b7953fe02d4a,2024-12-14T02:00:02.073000
CVE-2024-50623,0,0,ad8f07a26b24d1b2e14fd5c9afdee83dc8d3b5da971fda4bcc93b7953fe02d4a,2024-12-14T02:00:02.073000
CVE-2024-50624,0,0,425b4912ca74d0f19519cece63451f565c900b6a769644536a74ca4edcfab020,2024-10-30T21:35:12.223000
CVE-2024-50625,0,0,0615c3ce00402c7fcf7bd9b67896f95a07c8c57e2adb669aeb487631cfaa7e03,2024-12-12T02:06:32.647000
CVE-2024-50626,0,0,b58a9e7329930925a1ddf93a83d5b99f5db2eb97bc485eb0cfbf434a0322b898,2024-12-12T02:06:32.817000
@ -273568,6 +273604,7 @@ CVE-2024-9692,0,0,c09412d3ade796bbe36fcbdc283e7a2ecfb61423341d9a573b10de9b4af8a9
CVE-2024-9693,0,0,96c2aa2e3e432eefa572dcd34b83d0c8393d8a6c0331136462b7a8bf8e88cb01,2024-11-26T01:57:19.427000
CVE-2024-9694,0,0,300f71d40bb815a23c3a0bc83a96e03beb3f23d9fc0b94128148bd02f8e753bb,2024-12-03T03:15:05.123000
CVE-2024-9696,0,0,a1a81fef8596ef3bd11bad2b6e9730354c1de3321eb96ce84006b7785432034a,2024-11-25T20:42:32.327000
CVE-2024-9698,1,1,5e054552063d72935388ddd32b131dcd11fdbed005e2b702de11d6eef70e5de8,2024-12-14T05:15:12.987000
CVE-2024-9700,0,0,54706be18d7ec265f354329ca2254cb192086f991c0edb615b3764b07b3f375d,2024-11-25T19:57:41.387000
CVE-2024-9703,0,0,f74b8eb4f5c30abc9348d860f43a1acf838112c918b3b24a8823031e5bd757fc,2024-10-22T15:25:27.887000
CVE-2024-9704,0,0,447028db9bd5f1d3bac8b55d44bb1a06edbf3c8e5b267ad90ca35dbb527f8371,2024-11-25T19:19:22.113000

Can't render this file because it is too large.