admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 19:16:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-05-17T08:00:38.024454+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-05-17 08:03:30 +00:00
parent 19293664ea
commit 9563f8598c
53 changed files with 6025 additions and 3416 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CVE-2022/CVE-2022-402xx/CVE-2022-40218.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2022-40218",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-05-08T12:15:07.650",
"lastModified": "2024-05-08T13:15:00.690",
"lastModified": "2024-05-17T07:15:46.360",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.This issue affects Advance WordPress Search Plugin: from n/a through 1.1.4.\n\n"
"value": "Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.This issue affects Advance WordPress Search Plugin: from n/a through 1.1.4."
},
{
"lang": "es",

55
CVE-2022/CVE-2022-445xx/CVE-2022-44581.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-44581",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-05-17T07:15:46.667",
"lastModified": "2024-05-17T07:15:46.667",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Insecure Storage of Sensitive Information vulnerability in WPMU DEV Defender Security allows : Screen Temporary Files for Sensitive Information.This issue affects Defender Security: from n/a through 3.3.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-922"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/defender-security/wordpress-defender-security-plugin-3-3-2-broken-authentication-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2022/CVE-2022-450xx/CVE-2022-45070.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-45070",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-05-17T07:15:47.107",
"lastModified": "2024-05-17T07:15:47.107",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in FmeAddons Conditional Checkout Fields for WooCommerce.This issue affects Conditional Checkout Fields for WooCommerce: from n/a through 1.2.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/conditional-checkout-fields-for-woocommerce/wordpress-conditional-checkout-fields-for-woocommerce-plugin-1-2-1-broken-authentication-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2022/CVE-2022-453xx/CVE-2022-45368.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-45368",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-05-17T07:15:47.460",
"lastModified": "2024-05-17T07:15:47.460",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Lenderd 1003 Mortgage Application allows Relative Path Traversal.This issue affects 1003 Mortgage Application: from n/a through 1.75."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.1,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/1003-mortgage-application/wordpress-1003-mortgage-application-plugin-1-73-local-file-inclusion?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2022/CVE-2022-453xx/CVE-2022-45374.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-45374",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-05-17T07:15:47.833",
"lastModified": "2024-05-17T07:15:47.833",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in YARPP allows PHP Local File Inclusion.This issue affects YARPP: from n/a through 5.30.4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.1,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/yet-another-related-posts-plugin/wordpress-yet-another-related-posts-plugin-yarpp-plugin-5-30-2-local-file-inclusion?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-236xx/CVE-2023-23645.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-23645",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-05-17T07:15:48.193",
"lastModified": "2024-05-17T07:15:48.193",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Control of Generation of Code ('Code Injection') vulnerability in MainWP MainWP Code Snippets Extension allows Code Injection.This issue affects MainWP Code Snippets Extension: from n/a through 4.0.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/mainwp-code-snippets-extension/wordpress-mainwp-code-snippets-extension-plugin-4-0-2-subscriber-arbitrary-php-code-injection-execution-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-237xx/CVE-2023-23700.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-23700",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-05-17T07:15:48.563",
"lastModified": "2024-05-17T07:15:48.563",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OceanWP allows PHP Local File Inclusion.This issue affects OceanWP: from n/a through 3.4.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/oceanwp/wordpress-oceanwp-theme-3-4-1-authenticated-local-file-inclusion-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-238xx/CVE-2023-23872.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-23872",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-05-17T07:15:48.920",
"lastModified": "2024-05-17T07:15:48.920",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in German Mesky GMAce allows Path Traversal.This issue affects GMAce: from n/a through 1.5.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/gmace/wordpress-gmace-plugin-1-5-2-arbitrary-file-download-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-238xx/CVE-2023-23888.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-23888",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-05-17T07:15:49.270",
"lastModified": "2024-05-17T07:15:49.270",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Rank Math Rank Math SEO allows Path Traversal.This issue affects Rank Math SEO: from n/a through 1.0.107.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/seo-by-rank-math/wordpress-rank-math-seo-plugin-1-0-107-2-local-file-inclusion-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-239xx/CVE-2023-23988.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-23988",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-05-17T07:15:49.640",
"lastModified": "2024-05-17T07:15:49.640",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in Joseph C Dolson My Tickets.This issue affects My Tickets: from n/a through 1.9.11."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/my-tickets/wordpress-my-tickets-plugin-1-9-11-payment-bypass-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-239xx/CVE-2023-23990.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-23990",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-05-17T07:15:50.020",
"lastModified": "2024-05-17T07:15:50.020",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Privilege Management vulnerability in Qube One Ltd. Redirection for Contact Form 7 wpcf7-redirect allows Privilege Escalation.This issue affects Redirection for Contact Form 7: from n/a through 2.7.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wpcf7-redirect/wordpress-redirection-for-contact-form-7-plugin-2-7-0-privilege-escalation-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-243xx/CVE-2023-24379.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-24379",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-05-17T07:15:50.417",
"lastModified": "2024-05-17T07:15:50.417",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Web-Settler Landing Page Builder \u2013 Free Landing Page Templates allows Path Traversal.This issue affects Landing Page Builder \u2013 Free Landing Page Templates: from n/a through 3.1.9.9."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/ultimate-landing-page/wordpress-landing-page-builder-free-landing-page-templates-plugin-3-1-9-8-local-file-inclusion-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-250xx/CVE-2023-25050.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25050",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-05-17T07:15:50.773",
"lastModified": "2024-05-17T07:15:50.773",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Vova Anokhin Shortcodes Ultimate allows Absolute Path Traversal.This issue affects Shortcodes Ultimate: from n/a through 5.12.6."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/shortcodes-ultimate/wordpress-shortcodes-ultimate-plugin-5-12-6-arbitrary-file-download-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-254xx/CVE-2023-25444.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25444",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-05-17T07:15:51.137",
"lastModified": "2024-05-17T07:15:51.137",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk \u2013 Best Help Desk & Support Plugin allows Using Malicious Files.This issue affects JS Help Desk \u2013 Best Help Desk & Support Plugin: from n/a through 2.7.7."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/js-support-ticket/wordpress-js-help-desk-best-help-desk-support-plugin-plugin-2-7-7-arbitrary-file-upload-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-257xx/CVE-2023-25701.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25701",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-05-17T07:15:51.513",
"lastModified": "2024-05-17T07:15:51.513",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Privilege Management vulnerability in WhatArmy WatchTowerHQ allows Privilege Escalation.This issue affects WatchTowerHQ: from n/a through 3.6.16."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/watchtowerhq/wordpress-watchtowerhq-plugin-3-6-16-privilege-escalation?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-260xx/CVE-2023-26009.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-26009",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-05-17T07:15:51.920",
"lastModified": "2024-05-17T07:15:51.920",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Privilege Management vulnerability in favethemes Houzez Login Register allows Privilege Escalation.This issue affects Houzez Login Register: from n/a through 2.6.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/houzez-login-register/wordpress-houzez-login-register-plugin-2-6-3-privilege-escalation?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-265xx/CVE-2023-26526.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-26526",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-05-17T07:15:52.517",
"lastModified": "2024-05-17T07:15:52.517",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Nota-Info Bookly allows Path Traversal, Manipulating Web Input to File System Calls.This issue affects Bookly: from n/a through 21.7.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.1,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/bookly-responsive-appointment-booking-tool/wordpress-bookly-plugin-21-7-1-authenticated-arbitrary-file-deletion-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-265xx/CVE-2023-26540.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-26540",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-05-17T07:15:52.960",
"lastModified": "2024-05-17T07:15:52.960",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Privilege Management vulnerability in Favethemes Houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 2.7.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/houzez/wordpress-houzez-theme-2-7-1-privilege-escalation?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-321xx/CVE-2023-32110.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32110",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-05-17T07:15:53.300",
"lastModified": "2024-05-17T07:15:53.300",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in artbees JupiterX allows PHP Local File Inclusion.This issue affects JupiterX: from n/a through 3.0.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/jupiterx/wordpress-jupiterx-theme-3-0-0-subscriber-local-file-inclusion-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-321xx/CVE-2023-32129.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32129",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-05-17T07:15:53.643",
"lastModified": "2024-05-17T07:15:53.643",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in Sparkle WP Editorialmag editorialmag.This issue affects Editorialmag: from n/a through 1.1.9."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/editorialmag/wordpress-editorialmag-theme-1-1-9-authenticated-arbitrary-plugin-activation?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-322xx/CVE-2023-32244.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32244",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-05-17T07:15:53.987",
"lastModified": "2024-05-17T07:15:53.987",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Privilege Management vulnerability in XTemos Woodmart Core allows Privilege Escalation.This issue affects Woodmart Core: from n/a through 1.0.36."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woodmart-core/wordpress-woodmart-core-plugin-1-0-36-privilege-escalation?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-322xx/CVE-2023-32297.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32297",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-05-17T07:15:54.340",
"lastModified": "2024-05-17T07:15:54.340",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in LWS LWS Affiliation allows PHP Local File Inclusion.This issue affects LWS Affiliation: from n/a through 2.2.6."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.2,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/lws-affiliation/wordpress-lws-affiliation-plugin-2-2-6-local-file-inclusion-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-333xx/CVE-2023-33310.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-33310",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-05-17T07:15:54.703",
"lastModified": "2024-05-17T07:15:54.703",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Valiano Unite Gallery Lite allows PHP Local File Inclusion.This issue affects Unite Gallery Lite: from n/a through 1.7.59."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/unite-gallery-lite/wordpress-unite-gallery-lite-plugin-1-7-59-local-file-inclusion-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-333xx/CVE-2023-33321.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-33321",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-05-17T07:15:55.047",
"lastModified": "2024-05-17T07:15:55.047",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in Metagauss EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through 2.8.6."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/eventprime-event-calendar-management/wordpress-eventprime-plugin-2-8-6-sensitive-data-exposure?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

8
CVE-2023/CVE-2023-333xx/CVE-2023-33327.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-33327",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-05-14T22:15:08.573",
"lastModified": "2024-05-15T16:40:19.330",
"lastModified": "2024-05-17T07:15:55.450",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Privilege Management vulnerability in Teplitsa of social technologies Leyka allows Privilege Escalation.This issue affects Leyka: from n/a through 3.30.2.\n\n"
"value": "Improper Privilege Management vulnerability in Teplitsa of social technologies Leyka allows Privilege Escalation.This issue affects Leyka: from n/a through 3.30.2."
},
{
"lang": "es",
"value": "La vulnerabilidad de gesti\u00f3n de privilegios inadecuada en Teplitsa de las tecnolog\u00edas sociales de Leyka permite la escalada de privilegios. Este problema afecta a Leyka: desde n/a hasta 3.30.2."
}
],
"metrics": {

55
CVE-2023/CVE-2023-341xx/CVE-2023-34186.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-34186",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-05-17T07:15:55.603",
"lastModified": "2024-05-17T07:15:55.603",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in Imran Sayed Headless CMS.This issue affects Headless CMS: from n/a through 2.0.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/headless-cms/wordpress-headless-cms-plugin-2-0-3-broken-authentication-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-358xx/CVE-2023-35881.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-35881",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-05-17T07:15:55.957",
"lastModified": "2024-05-17T07:15:55.957",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WooCommerce WooCommerce One Page Checkout allows PHP Local File Inclusion.This issue affects WooCommerce One Page Checkout: from n/a through 2.3.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woocommerce-one-page-checkout/wordpress-woocommerce-one-page-checkout-plugin-2-3-0-local-file-inclusion-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-373xx/CVE-2023-37385.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-37385",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-05-17T07:15:56.300",
"lastModified": "2024-05-17T07:15:56.300",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting allows PHP Local File Inclusion.This issue affects Consulting: from n/a through 6.5.6."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/consulting/wordpress-consulting-theme-6-3-6-local-file-inclusion?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-373xx/CVE-2023-37389.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-37389",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-05-17T07:15:56.667",
"lastModified": "2024-05-17T07:15:56.667",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Privilege Management vulnerability in SAASPROJECT Booking Package Booking Package allows Privilege Escalation.This issue affects Booking Package: from n/a through 1.5.98."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/booking-package/wordpress-booking-package-saasproject-plugin-1-5-98-unauthenticated-privilege-escalation-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-378xx/CVE-2023-37866.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-37866",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-05-17T07:15:57.023",
"lastModified": "2024-05-17T07:15:57.023",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Privilege Management vulnerability in Crocoblock JetFormBuilder allows Privilege Escalation.This issue affects JetFormBuilder: from n/a through 3.0.8."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/jetformbuilder/wordpress-jetformbuilder-plugin-3-0-8-authenticated-privilege-escalation-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-378xx/CVE-2023-37888.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-37888",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-05-17T07:15:57.393",
"lastModified": "2024-05-17T07:15:57.393",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in By Averta Shortcodes and extra features for Phlox theme allows PHP Local File Inclusion.This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.14.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/auxin-elements/wordpress-phlox-core-elements-plugin-2-14-0-unauthenticated-local-file-inclusion-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-379xx/CVE-2023-37999.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-37999",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-05-17T07:15:57.750",
"lastModified": "2024-05-17T07:15:57.750",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Privilege Management vulnerability in HasThemes HT Mega allows Privilege Escalation.This issue affects HT Mega: from n/a through 2.2.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/ht-mega-for-elementor/wordpress-ht-mega-absolute-addons-for-elementor-plugin-2-2-0-unauthenticated-privilege-escalation-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-383xx/CVE-2023-38399.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-38399",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-05-17T07:15:58.127",
"lastModified": "2024-05-17T07:15:58.127",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Averta Phlox Portfolio allows PHP Local File Inclusion.This issue affects Phlox Portfolio: from n/a through 2.3.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/auxin-portfolio/wordpress-phlox-portfolio-plugin-2-3-1-unauthenticated-local-file-inclusion-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-391xx/CVE-2023-39163.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-39163",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-05-17T07:15:58.483",
"lastModified": "2024-05-17T07:15:58.483",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Averta Phlox Shop allows PHP Local File Inclusion.This issue affects Phlox Shop: from n/a through 2.0.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/auxin-shop/wordpress-phlox-shop-plugin-2-0-0-unauthenticated-local-file-inclusion-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-412xx/CVE-2023-41243.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-41243",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-05-17T07:15:58.823",
"lastModified": "2024-05-17T07:15:58.823",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Privilege Management vulnerability in WPvivid Team WPvivid Backup and Migration allows Privilege Escalation.This issue affects WPvivid Backup and Migration: from n/a through 0.9.90."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wpvivid-backuprestore/wordpress-wpvivid-backup-plugin-plugin-0-9-90-privilege-escalation-on-staging-environment-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-416xx/CVE-2023-41665.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-41665",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-05-17T07:15:59.170",
"lastModified": "2024-05-17T07:15:59.170",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Privilege Management vulnerability in GiveWP allows Privilege Escalation.This issue affects GiveWP: from n/a through 2.33.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/give/wordpress-givewp-plugin-2-33-0-givewp-manager-privilege-escalation-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-419xx/CVE-2023-41954.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-41954",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-05-17T07:15:59.533",
"lastModified": "2024-05-17T07:15:59.533",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Privilege Management vulnerability in ProfilePress Membership Team ProfilePress allows Privilege Escalation.This issue affects ProfilePress: from n/a through 4.13.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-user-avatar/wordpress-profilepress-plugin-4-13-1-unauthenticated-limited-privilege-escalation-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-419xx/CVE-2023-41955.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-41955",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-05-17T07:15:59.920",
"lastModified": "2024-05-17T07:15:59.920",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Privilege Management vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation.This issue affects Essential Addons for Elementor: from n/a through 5.8.8."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/essential-addons-for-elementor-lite/wordpress-essential-addons-for-elementor-plugin-5-8-8-contributor-privilege-escalation-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-419xx/CVE-2023-41956.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-41956",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-05-17T07:16:00.337",
"lastModified": "2024-05-17T07:16:00.337",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Authentication vulnerability in smp7, wp.Insider Simple Membership.This issue affects Simple Membership: from n/a through 4.3.4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/simple-membership/wordpress-simple-membership-plugin-4-3-4-authenticated-account-takeover-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-419xx/CVE-2023-41957.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-41957",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-05-17T07:16:00.693",
"lastModified": "2024-05-17T07:16:00.693",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Privilege Management vulnerability in smp7, wp.Insider Simple Membership allows Privilege Escalation.This issue affects Simple Membership: from n/a through 4.3.4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/simple-membership/wordpress-simple-membership-plugin-4-3-4-unauthenticated-membership-role-privilege-escalation-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

20
CVE-2024/CVE-2024-26xx/CVE-2024-2697.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-2697",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-05-17T06:15:51.443",
"lastModified": "2024-05-17T06:15:51.443",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The socialdriver-framework WordPress plugin before 2024.0.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins."
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/c430b30d-61db-45f5-8499-91b491503b9c/",
"source": "contact@wpscan.com"
}
]
}

20
CVE-2024/CVE-2024-27xx/CVE-2024-2744.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-2744",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-05-17T06:15:51.583",
"lastModified": "2024-05-17T06:15:51.583",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The NextGEN Gallery WordPress plugin before 3.59.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed"
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/a5579c15-50ba-4618-95e4-04b2033d721f/",
"source": "contact@wpscan.com"
}
]
}

55
CVE-2024/CVE-2024-313xx/CVE-2024-31351.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-31351",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-05-17T07:16:01.080",
"lastModified": "2024-05-17T07:16:01.080",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in Copymatic Copymatic \u2013 AI Content Writer & Generator.This issue affects Copymatic \u2013 AI Content Writer & Generator: from n/a through 1.6."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/copymatic/wordpress-copymatic-plugin-1-6-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-328xx/CVE-2024-32800.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-32800",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-05-17T06:15:51.670",
"lastModified": "2024-05-17T06:15:51.670",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Felix Moira Popup More Popups allows Stored XSS.This issue affects Popup More Popups: from n/a through 2.3.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/popup-more/wordpress-popup-popup-more-popups-plugin-2-3-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

20
CVE-2024/CVE-2024-32xx/CVE-2024-3231.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-3231",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-05-17T06:15:53.140",
"lastModified": "2024-05-17T06:15:53.140",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Popup4Phone WordPress plugin through 1.3.2 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins."
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/81dbb5c0-ccdd-4af1-b2f2-71cb1b37fe93/",
"source": "contact@wpscan.com"
}
]
}

55
CVE-2024/CVE-2024-335xx/CVE-2024-33556.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-33556",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-05-17T07:16:01.450",
"lastModified": "2024-05-17T07:16:01.450",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in 8theme XStore Core.This issue affects XStore Core: from n/a through 5.3.8."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/et-core-plugin/wordpress-xstore-core-plugin-5-3-5-limited-arbitrary-file-upload-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-345xx/CVE-2024-34567.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-34567",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-05-17T06:15:52.007",
"lastModified": "2024-05-17T06:15:52.007",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in GhozyLab, Inc. Popup Builder allows Stored XSS.This issue affects Popup Builder: from n/a through 1.1.29."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/easy-notify-lite/wordpress-easy-notify-lite-plugin-1-1-29-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-345xx/CVE-2024-34575.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-34575",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-05-17T06:15:52.350",
"lastModified": "2024-05-17T06:15:52.350",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in deTheme DethemeKit For Elementor allows Stored XSS.This issue affects DethemeKit For Elementor: from n/a through 2.1.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/dethemekit-for-elementor/wordpress-dethemekit-for-elementor-plugin-2-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-347xx/CVE-2024-34752.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-34752",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-05-17T06:15:52.620",
"lastModified": "2024-05-17T06:15:52.620",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PluginOps Landing Page Builder allows Reflected XSS.This issue affects Landing Page Builder: from n/a through 1.5.1.8."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/page-builder-add/wordpress-landing-page-builder-1-5-1-8-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-347xx/CVE-2024-34757.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-34757",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-05-17T06:15:52.890",
"lastModified": "2024-05-17T06:15:52.890",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Visualmodo Borderless \u2013 Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg allows Stored XSS.This issue affects Borderless \u2013 Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg: from n/a through 1.5.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/borderless/wordpress-borderless-widgets-elements-templates-and-toolkit-for-elementor-gutenberg-plugin-1-5-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

20
CVE-2024/CVE-2024-35xx/CVE-2024-3580.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-3580",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-05-17T06:15:53.227",
"lastModified": "2024-05-17T06:15:53.227",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Popup4Phone WordPress plugin through 1.3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/31f401c4-735a-4efb-b81f-ab98c00c526b/",
"source": "contact@wpscan.com"
}
]
}

63
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-05-17T04:01:13.676647+00:00
2024-05-17T08:00:38.024454+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-05-17T03:15:08.463000+00:00
2024-05-17T07:16:01.450000+00:00
```
### Last Data Feed Release
@ -33,45 +33,46 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
250281
250330
```
### CVEs added in the last Commit
Recently added CVEs: `1`
Recently added CVEs: `49`
- [CVE-2024-3551](CVE-2024/CVE-2024-35xx/CVE-2024-3551.json) (`2024-05-17T03:15:08.463`)
- [CVE-2023-35881](CVE-2023/CVE-2023-358xx/CVE-2023-35881.json) (`2024-05-17T07:15:55.957`)
- [CVE-2023-37385](CVE-2023/CVE-2023-373xx/CVE-2023-37385.json) (`2024-05-17T07:15:56.300`)
- [CVE-2023-37389](CVE-2023/CVE-2023-373xx/CVE-2023-37389.json) (`2024-05-17T07:15:56.667`)
- [CVE-2023-37866](CVE-2023/CVE-2023-378xx/CVE-2023-37866.json) (`2024-05-17T07:15:57.023`)
- [CVE-2023-37888](CVE-2023/CVE-2023-378xx/CVE-2023-37888.json) (`2024-05-17T07:15:57.393`)
- [CVE-2023-37999](CVE-2023/CVE-2023-379xx/CVE-2023-37999.json) (`2024-05-17T07:15:57.750`)
- [CVE-2023-38399](CVE-2023/CVE-2023-383xx/CVE-2023-38399.json) (`2024-05-17T07:15:58.127`)
- [CVE-2023-39163](CVE-2023/CVE-2023-391xx/CVE-2023-39163.json) (`2024-05-17T07:15:58.483`)
- [CVE-2023-41243](CVE-2023/CVE-2023-412xx/CVE-2023-41243.json) (`2024-05-17T07:15:58.823`)
- [CVE-2023-41665](CVE-2023/CVE-2023-416xx/CVE-2023-41665.json) (`2024-05-17T07:15:59.170`)
- [CVE-2023-41954](CVE-2023/CVE-2023-419xx/CVE-2023-41954.json) (`2024-05-17T07:15:59.533`)
- [CVE-2023-41955](CVE-2023/CVE-2023-419xx/CVE-2023-41955.json) (`2024-05-17T07:15:59.920`)
- [CVE-2023-41956](CVE-2023/CVE-2023-419xx/CVE-2023-41956.json) (`2024-05-17T07:16:00.337`)
- [CVE-2023-41957](CVE-2023/CVE-2023-419xx/CVE-2023-41957.json) (`2024-05-17T07:16:00.693`)
- [CVE-2024-2697](CVE-2024/CVE-2024-26xx/CVE-2024-2697.json) (`2024-05-17T06:15:51.443`)
- [CVE-2024-2744](CVE-2024/CVE-2024-27xx/CVE-2024-2744.json) (`2024-05-17T06:15:51.583`)
- [CVE-2024-31351](CVE-2024/CVE-2024-313xx/CVE-2024-31351.json) (`2024-05-17T07:16:01.080`)
- [CVE-2024-3231](CVE-2024/CVE-2024-32xx/CVE-2024-3231.json) (`2024-05-17T06:15:53.140`)
- [CVE-2024-32800](CVE-2024/CVE-2024-328xx/CVE-2024-32800.json) (`2024-05-17T06:15:51.670`)
- [CVE-2024-33556](CVE-2024/CVE-2024-335xx/CVE-2024-33556.json) (`2024-05-17T07:16:01.450`)
- [CVE-2024-34567](CVE-2024/CVE-2024-345xx/CVE-2024-34567.json) (`2024-05-17T06:15:52.007`)
- [CVE-2024-34575](CVE-2024/CVE-2024-345xx/CVE-2024-34575.json) (`2024-05-17T06:15:52.350`)
- [CVE-2024-34752](CVE-2024/CVE-2024-347xx/CVE-2024-34752.json) (`2024-05-17T06:15:52.620`)
- [CVE-2024-34757](CVE-2024/CVE-2024-347xx/CVE-2024-34757.json) (`2024-05-17T06:15:52.890`)
- [CVE-2024-3580](CVE-2024/CVE-2024-35xx/CVE-2024-3580.json) (`2024-05-17T06:15:53.227`)
### CVEs modified in the last Commit
Recently modified CVEs: `3378`
Recently modified CVEs: `2`
- [CVE-2024-4923](CVE-2024/CVE-2024-49xx/CVE-2024-4923.json) (`2024-05-17T02:40:42.537`)
- [CVE-2024-4925](CVE-2024/CVE-2024-49xx/CVE-2024-4925.json) (`2024-05-17T02:40:42.630`)
- [CVE-2024-4926](CVE-2024/CVE-2024-49xx/CVE-2024-4926.json) (`2024-05-17T02:40:42.723`)
- [CVE-2024-4927](CVE-2024/CVE-2024-49xx/CVE-2024-4927.json) (`2024-05-17T02:40:42.840`)
- [CVE-2024-4928](CVE-2024/CVE-2024-49xx/CVE-2024-4928.json) (`2024-05-17T02:40:42.943`)
- [CVE-2024-4929](CVE-2024/CVE-2024-49xx/CVE-2024-4929.json) (`2024-05-17T02:40:43.043`)
- [CVE-2024-4930](CVE-2024/CVE-2024-49xx/CVE-2024-4930.json) (`2024-05-17T02:40:43.147`)
- [CVE-2024-4931](CVE-2024/CVE-2024-49xx/CVE-2024-4931.json) (`2024-05-17T02:40:43.250`)
- [CVE-2024-4932](CVE-2024/CVE-2024-49xx/CVE-2024-4932.json) (`2024-05-17T02:40:43.357`)
- [CVE-2024-4933](CVE-2024/CVE-2024-49xx/CVE-2024-4933.json) (`2024-05-17T02:40:43.463`)
- [CVE-2024-4945](CVE-2024/CVE-2024-49xx/CVE-2024-4945.json) (`2024-05-17T02:40:43.560`)
- [CVE-2024-4946](CVE-2024/CVE-2024-49xx/CVE-2024-4946.json) (`2024-05-17T02:40:43.650`)
- [CVE-2024-4960](CVE-2024/CVE-2024-49xx/CVE-2024-4960.json) (`2024-05-17T02:40:43.877`)
- [CVE-2024-4961](CVE-2024/CVE-2024-49xx/CVE-2024-4961.json) (`2024-05-17T02:40:43.983`)
- [CVE-2024-4962](CVE-2024/CVE-2024-49xx/CVE-2024-4962.json) (`2024-05-17T02:40:44.093`)
- [CVE-2024-4963](CVE-2024/CVE-2024-49xx/CVE-2024-4963.json) (`2024-05-17T02:40:44.190`)
- [CVE-2024-4964](CVE-2024/CVE-2024-49xx/CVE-2024-4964.json) (`2024-05-17T02:40:44.293`)
- [CVE-2024-4965](CVE-2024/CVE-2024-49xx/CVE-2024-4965.json) (`2024-05-17T02:40:44.410`)
- [CVE-2024-4966](CVE-2024/CVE-2024-49xx/CVE-2024-4966.json) (`2024-05-17T02:40:44.507`)
- [CVE-2024-4967](CVE-2024/CVE-2024-49xx/CVE-2024-4967.json) (`2024-05-17T02:40:44.603`)
- [CVE-2024-4968](CVE-2024/CVE-2024-49xx/CVE-2024-4968.json) (`2024-05-17T02:40:44.693`)
- [CVE-2024-4972](CVE-2024/CVE-2024-49xx/CVE-2024-4972.json) (`2024-05-17T02:40:44.783`)
- [CVE-2024-4973](CVE-2024/CVE-2024-49xx/CVE-2024-4973.json) (`2024-05-17T02:40:44.873`)
- [CVE-2024-4974](CVE-2024/CVE-2024-49xx/CVE-2024-4974.json) (`2024-05-17T02:40:44.973`)
- [CVE-2024-4975](CVE-2024/CVE-2024-49xx/CVE-2024-4975.json) (`2024-05-17T02:40:45.073`)
- [CVE-2022-40218](CVE-2022/CVE-2022-402xx/CVE-2022-40218.json) (`2024-05-17T07:15:46.360`)
- [CVE-2023-33327](CVE-2023/CVE-2023-333xx/CVE-2023-33327.json) (`2024-05-17T07:15:55.450`)
## Download and Usage

6811
_state.csv
View File

File diff suppressed because it is too large Load Diff