From d1dd06ac594e6a0003124b4b2a0970e1bf498e6f Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sat, 20 Jul 2024 10:03:14 +0000 Subject: [PATCH] Auto-Update: 2024-07-20T10:00:18.875747+00:00 --- CVE-2024/CVE-2024-375xx/CVE-2024-37563.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-375xx/CVE-2024-37565.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-379xx/CVE-2024-37918.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-379xx/CVE-2024-37919.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-379xx/CVE-2024-37920.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-379xx/CVE-2024-37922.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-379xx/CVE-2024-37936.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-379xx/CVE-2024-37943.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-379xx/CVE-2024-37944.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-379xx/CVE-2024-37946.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-379xx/CVE-2024-37947.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-379xx/CVE-2024-37948.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-379xx/CVE-2024-37949.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-379xx/CVE-2024-37950.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-379xx/CVE-2024-37951.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-379xx/CVE-2024-37953.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-379xx/CVE-2024-37954.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-379xx/CVE-2024-37955.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-379xx/CVE-2024-37956.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-379xx/CVE-2024-37957.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-379xx/CVE-2024-37958.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-379xx/CVE-2024-37959.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-379xx/CVE-2024-37960.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-379xx/CVE-2024-37961.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-386xx/CVE-2024-38669.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-386xx/CVE-2024-38670.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-386xx/CVE-2024-38671.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-386xx/CVE-2024-38672.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-386xx/CVE-2024-38673.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-386xx/CVE-2024-38674.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-386xx/CVE-2024-38675.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-386xx/CVE-2024-38676.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-386xx/CVE-2024-38677.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-386xx/CVE-2024-38678.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-386xx/CVE-2024-38679.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-386xx/CVE-2024-38680.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-386xx/CVE-2024-38681.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-386xx/CVE-2024-38682.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-386xx/CVE-2024-38683.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-386xx/CVE-2024-38684.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-386xx/CVE-2024-38685.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-386xx/CVE-2024-38686.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-386xx/CVE-2024-38687.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-386xx/CVE-2024-38689.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-386xx/CVE-2024-38694.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-386xx/CVE-2024-38696.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-386xx/CVE-2024-38697.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-386xx/CVE-2024-38698.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-387xx/CVE-2024-38703.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-387xx/CVE-2024-38705.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-387xx/CVE-2024-38710.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-387xx/CVE-2024-38711.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-387xx/CVE-2024-38712.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-387xx/CVE-2024-38713.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-387xx/CVE-2024-38718.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-387xx/CVE-2024-38720.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-387xx/CVE-2024-38722.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-387xx/CVE-2024-38725.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-387xx/CVE-2024-38738.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-387xx/CVE-2024-38739.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-387xx/CVE-2024-38741.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-387xx/CVE-2024-38750.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-387xx/CVE-2024-38757.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-387xx/CVE-2024-38758.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-387xx/CVE-2024-38767.json | 56 ++++++++++++++++ CVE-2024/CVE-2024-64xx/CVE-2024-6497.json | 68 +++++++++++++++++++ CVE-2024/CVE-2024-66xx/CVE-2024-6635.json | 60 +++++++++++++++++ CVE-2024/CVE-2024-66xx/CVE-2024-6636.json | 60 +++++++++++++++++ CVE-2024/CVE-2024-66xx/CVE-2024-6637.json | 60 +++++++++++++++++ README.md | 35 ++++++++-- _state.csv | 73 ++++++++++++++++++++- 71 files changed, 3988 insertions(+), 8 deletions(-) create mode 100644 CVE-2024/CVE-2024-375xx/CVE-2024-37563.json create mode 100644 CVE-2024/CVE-2024-375xx/CVE-2024-37565.json create mode 100644 CVE-2024/CVE-2024-379xx/CVE-2024-37918.json create mode 100644 CVE-2024/CVE-2024-379xx/CVE-2024-37919.json create mode 100644 CVE-2024/CVE-2024-379xx/CVE-2024-37920.json create mode 100644 CVE-2024/CVE-2024-379xx/CVE-2024-37922.json create mode 100644 CVE-2024/CVE-2024-379xx/CVE-2024-37936.json create mode 100644 CVE-2024/CVE-2024-379xx/CVE-2024-37943.json create mode 100644 CVE-2024/CVE-2024-379xx/CVE-2024-37944.json create mode 100644 CVE-2024/CVE-2024-379xx/CVE-2024-37946.json create mode 100644 CVE-2024/CVE-2024-379xx/CVE-2024-37947.json create mode 100644 CVE-2024/CVE-2024-379xx/CVE-2024-37948.json create mode 100644 CVE-2024/CVE-2024-379xx/CVE-2024-37949.json create mode 100644 CVE-2024/CVE-2024-379xx/CVE-2024-37950.json create mode 100644 CVE-2024/CVE-2024-379xx/CVE-2024-37951.json create mode 100644 CVE-2024/CVE-2024-379xx/CVE-2024-37953.json create mode 100644 CVE-2024/CVE-2024-379xx/CVE-2024-37954.json create mode 100644 CVE-2024/CVE-2024-379xx/CVE-2024-37955.json create mode 100644 CVE-2024/CVE-2024-379xx/CVE-2024-37956.json create mode 100644 CVE-2024/CVE-2024-379xx/CVE-2024-37957.json create mode 100644 CVE-2024/CVE-2024-379xx/CVE-2024-37958.json create mode 100644 CVE-2024/CVE-2024-379xx/CVE-2024-37959.json create mode 100644 CVE-2024/CVE-2024-379xx/CVE-2024-37960.json create mode 100644 CVE-2024/CVE-2024-379xx/CVE-2024-37961.json create mode 100644 CVE-2024/CVE-2024-386xx/CVE-2024-38669.json create mode 100644 CVE-2024/CVE-2024-386xx/CVE-2024-38670.json create mode 100644 CVE-2024/CVE-2024-386xx/CVE-2024-38671.json create mode 100644 CVE-2024/CVE-2024-386xx/CVE-2024-38672.json create mode 100644 CVE-2024/CVE-2024-386xx/CVE-2024-38673.json create mode 100644 CVE-2024/CVE-2024-386xx/CVE-2024-38674.json create mode 100644 CVE-2024/CVE-2024-386xx/CVE-2024-38675.json create mode 100644 CVE-2024/CVE-2024-386xx/CVE-2024-38676.json create mode 100644 CVE-2024/CVE-2024-386xx/CVE-2024-38677.json create mode 100644 CVE-2024/CVE-2024-386xx/CVE-2024-38678.json create mode 100644 CVE-2024/CVE-2024-386xx/CVE-2024-38679.json create mode 100644 CVE-2024/CVE-2024-386xx/CVE-2024-38680.json create mode 100644 CVE-2024/CVE-2024-386xx/CVE-2024-38681.json create mode 100644 CVE-2024/CVE-2024-386xx/CVE-2024-38682.json create mode 100644 CVE-2024/CVE-2024-386xx/CVE-2024-38683.json create mode 100644 CVE-2024/CVE-2024-386xx/CVE-2024-38684.json create mode 100644 CVE-2024/CVE-2024-386xx/CVE-2024-38685.json create mode 100644 CVE-2024/CVE-2024-386xx/CVE-2024-38686.json create mode 100644 CVE-2024/CVE-2024-386xx/CVE-2024-38687.json create mode 100644 CVE-2024/CVE-2024-386xx/CVE-2024-38689.json create mode 100644 CVE-2024/CVE-2024-386xx/CVE-2024-38694.json create mode 100644 CVE-2024/CVE-2024-386xx/CVE-2024-38696.json create mode 100644 CVE-2024/CVE-2024-386xx/CVE-2024-38697.json create mode 100644 CVE-2024/CVE-2024-386xx/CVE-2024-38698.json create mode 100644 CVE-2024/CVE-2024-387xx/CVE-2024-38703.json create mode 100644 CVE-2024/CVE-2024-387xx/CVE-2024-38705.json create mode 100644 CVE-2024/CVE-2024-387xx/CVE-2024-38710.json create mode 100644 CVE-2024/CVE-2024-387xx/CVE-2024-38711.json create mode 100644 CVE-2024/CVE-2024-387xx/CVE-2024-38712.json create mode 100644 CVE-2024/CVE-2024-387xx/CVE-2024-38713.json create mode 100644 CVE-2024/CVE-2024-387xx/CVE-2024-38718.json create mode 100644 CVE-2024/CVE-2024-387xx/CVE-2024-38720.json create mode 100644 CVE-2024/CVE-2024-387xx/CVE-2024-38722.json create mode 100644 CVE-2024/CVE-2024-387xx/CVE-2024-38725.json create mode 100644 CVE-2024/CVE-2024-387xx/CVE-2024-38738.json create mode 100644 CVE-2024/CVE-2024-387xx/CVE-2024-38739.json create mode 100644 CVE-2024/CVE-2024-387xx/CVE-2024-38741.json create mode 100644 CVE-2024/CVE-2024-387xx/CVE-2024-38750.json create mode 100644 CVE-2024/CVE-2024-387xx/CVE-2024-38757.json create mode 100644 CVE-2024/CVE-2024-387xx/CVE-2024-38758.json create mode 100644 CVE-2024/CVE-2024-387xx/CVE-2024-38767.json create mode 100644 CVE-2024/CVE-2024-64xx/CVE-2024-6497.json create mode 100644 CVE-2024/CVE-2024-66xx/CVE-2024-6635.json create mode 100644 CVE-2024/CVE-2024-66xx/CVE-2024-6636.json create mode 100644 CVE-2024/CVE-2024-66xx/CVE-2024-6637.json diff --git a/CVE-2024/CVE-2024-375xx/CVE-2024-37563.json b/CVE-2024/CVE-2024-375xx/CVE-2024-37563.json new file mode 100644 index 00000000000..e4f65e4e1ff --- /dev/null +++ b/CVE-2024/CVE-2024-375xx/CVE-2024-37563.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-37563", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-20T09:15:03.410", + "lastModified": "2024-07-20T09:15:03.410", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in TOCHAT.BE allows Stored XSS.This issue affects TOCHAT.BE: from n/a through 1.3.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/tochat-be/wordpress-tochat-be-plugin-1-3-0-unauthenticated-stored-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-375xx/CVE-2024-37565.json b/CVE-2024/CVE-2024-375xx/CVE-2024-37565.json new file mode 100644 index 00000000000..9c695b2d43a --- /dev/null +++ b/CVE-2024/CVE-2024-375xx/CVE-2024-37565.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-37565", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-20T09:15:03.780", + "lastModified": "2024-07-20T09:15:03.780", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in TemeGUM Gum Elementor Addon allows Stored XSS.This issue affects Gum Elementor Addon: from n/a through 1.3.5." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/gum-elementor-addon/wordpress-gum-elementor-addon-plugin-1-3-5-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-379xx/CVE-2024-37918.json b/CVE-2024/CVE-2024-379xx/CVE-2024-37918.json new file mode 100644 index 00000000000..219bdcf9abb --- /dev/null +++ b/CVE-2024/CVE-2024-379xx/CVE-2024-37918.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-37918", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-20T09:15:04.097", + "lastModified": "2024-07-20T09:15:04.097", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPCone.Com ConeBlog \u2013 WordPress Blog Widgets allows Stored XSS.This issue affects ConeBlog \u2013 WordPress Blog Widgets: from n/a through 1.4.8." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/coneblog-widgets/wordpress-coneblog-plugin-1-4-8-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-379xx/CVE-2024-37919.json b/CVE-2024/CVE-2024-379xx/CVE-2024-37919.json new file mode 100644 index 00000000000..4bf2ae3469e --- /dev/null +++ b/CVE-2024/CVE-2024-379xx/CVE-2024-37919.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-37919", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-20T09:15:04.400", + "lastModified": "2024-07-20T09:15:04.400", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pratik Chaskar Timeline Module for Beaver Builder allows Stored XSS.This issue affects Timeline Module for Beaver Builder: from n/a through 1.1.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/timeline-for-beaver-builder/wordpress-timeline-module-for-beaver-builder-plugin-1-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-379xx/CVE-2024-37920.json b/CVE-2024/CVE-2024-379xx/CVE-2024-37920.json new file mode 100644 index 00000000000..806d9510d82 --- /dev/null +++ b/CVE-2024/CVE-2024-379xx/CVE-2024-37920.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-37920", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-20T09:15:04.723", + "lastModified": "2024-07-20T09:15:04.723", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Repute InfoSystems ARForms Form Builder allows Reflected XSS.This issue affects ARForms Form Builder: from n/a through 1.6.7." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/arforms-form-builder/wordpress-arforms-form-builder-plugin-1-6-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-379xx/CVE-2024-37922.json b/CVE-2024/CVE-2024-379xx/CVE-2024-37922.json new file mode 100644 index 00000000000..b167d2acf46 --- /dev/null +++ b/CVE-2024/CVE-2024-379xx/CVE-2024-37922.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-37922", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-20T09:15:05.063", + "lastModified": "2024-07-20T09:15:05.063", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Leap13 Premium Addons for Elementor allows Stored XSS.This issue affects Premium Addons for Elementor: from n/a through 4.10.34." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/premium-addons-for-elementor/wordpress-premium-addons-for-elementor-plugin-4-10-34-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-379xx/CVE-2024-37936.json b/CVE-2024/CVE-2024-379xx/CVE-2024-37936.json new file mode 100644 index 00000000000..8882a64670e --- /dev/null +++ b/CVE-2024/CVE-2024-379xx/CVE-2024-37936.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-37936", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-20T09:15:05.423", + "lastModified": "2024-07-20T09:15:05.423", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in labibahmed Tabs For WPBakery Page Builder allows Stored XSS.This issue affects Tabs For WPBakery Page Builder: from n/a through 1.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/tabs-for-visual-composer/wordpress-tabs-for-wpbakery-page-builder-plugin-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-379xx/CVE-2024-37943.json b/CVE-2024/CVE-2024-379xx/CVE-2024-37943.json new file mode 100644 index 00000000000..db0d182e51a --- /dev/null +++ b/CVE-2024/CVE-2024-379xx/CVE-2024-37943.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-37943", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-20T09:15:05.720", + "lastModified": "2024-07-20T09:15:05.720", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in YITH YITH WooCommerce Ajax Product Filter allows Reflected XSS.This issue affects YITH WooCommerce Ajax Product Filter: from n/a through 5.1.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/yith-woocommerce-ajax-navigation/wordpress-yith-woocommerce-ajax-product-filter-plugin-5-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-379xx/CVE-2024-37944.json b/CVE-2024/CVE-2024-379xx/CVE-2024-37944.json new file mode 100644 index 00000000000..5a2ba82c2ba --- /dev/null +++ b/CVE-2024/CVE-2024-379xx/CVE-2024-37944.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-37944", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-20T09:15:06.017", + "lastModified": "2024-07-20T09:15:06.017", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Travel Engine allows Stored XSS.This issue affects WP Travel Engine: from n/a through 5.9.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-travel-engine/wordpress-wp-travel-engine-tour-booking-plugin-tour-operator-software-plugin-5-9-1-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-379xx/CVE-2024-37946.json b/CVE-2024/CVE-2024-379xx/CVE-2024-37946.json new file mode 100644 index 00000000000..91a38d4ed20 --- /dev/null +++ b/CVE-2024/CVE-2024-379xx/CVE-2024-37946.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-37946", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-20T09:15:06.327", + "lastModified": "2024-07-20T09:15:06.327", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in weDevs ReCaptcha Integration for WordPress allows Stored XSS.This issue affects ReCaptcha Integration for WordPress: from n/a through 1.2.5." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-recaptcha-integration/wordpress-recaptcha-integration-for-wordpress-plugin-1-2-5-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-379xx/CVE-2024-37947.json b/CVE-2024/CVE-2024-379xx/CVE-2024-37947.json new file mode 100644 index 00000000000..21137a2f489 --- /dev/null +++ b/CVE-2024/CVE-2024-379xx/CVE-2024-37947.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-37947", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-20T09:15:06.693", + "lastModified": "2024-07-20T09:15:06.693", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themeum Tutor LMS allows Stored XSS.This issue affects Tutor LMS: from n/a through 2.7.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/tutor/wordpress-tutor-lms-plugin-2-7-2-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-379xx/CVE-2024-37948.json b/CVE-2024/CVE-2024-379xx/CVE-2024-37948.json new file mode 100644 index 00000000000..0b3d4c24669 --- /dev/null +++ b/CVE-2024/CVE-2024-379xx/CVE-2024-37948.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-37948", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-20T09:15:07.000", + "lastModified": "2024-07-20T09:15:07.000", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PootlePress Caxton \u2013 Create Pro page layouts in Gutenberg allows Stored XSS.This issue affects Caxton \u2013 Create Pro page layouts in Gutenberg: from n/a through 1.30.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/caxton/wordpress-caxton-create-pro-page-layouts-in-gutenberg-plugin-1-30-1-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-379xx/CVE-2024-37949.json b/CVE-2024/CVE-2024-379xx/CVE-2024-37949.json new file mode 100644 index 00000000000..601bdf1866b --- /dev/null +++ b/CVE-2024/CVE-2024-379xx/CVE-2024-37949.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-37949", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-20T09:15:07.277", + "lastModified": "2024-07-20T09:15:07.277", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CyberChimps Responsive Mobile allows Stored XSS.This issue affects Responsive Mobile: from n/a through 1.15.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/responsive-mobile/wordpress-responsive-mobile-theme-1-15-1-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-379xx/CVE-2024-37950.json b/CVE-2024/CVE-2024-379xx/CVE-2024-37950.json new file mode 100644 index 00000000000..0a5d0a91bfd --- /dev/null +++ b/CVE-2024/CVE-2024-379xx/CVE-2024-37950.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-37950", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-20T09:15:07.577", + "lastModified": "2024-07-20T09:15:07.577", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CodexHelp Master Popups allows Stored XSS.This issue affects Master Popups: from n/a through 1.0.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/master-popups-lite/wordpress-master-popups-plugin-1-0-3-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-379xx/CVE-2024-37951.json b/CVE-2024/CVE-2024-379xx/CVE-2024-37951.json new file mode 100644 index 00000000000..38c6ccc41f1 --- /dev/null +++ b/CVE-2024/CVE-2024-379xx/CVE-2024-37951.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-37951", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-20T09:15:07.893", + "lastModified": "2024-07-20T09:15:07.893", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Noor alam Magical Posts Display \u2013 Elementor & Gutenberg Posts Blocks allows Stored XSS.This issue affects Magical Posts Display \u2013 Elementor & Gutenberg Posts Blocks: from n/a through 1.2.38." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/magical-posts-display/wordpress-magical-posts-display-plugin-1-2-38-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-379xx/CVE-2024-37953.json b/CVE-2024/CVE-2024-379xx/CVE-2024-37953.json new file mode 100644 index 00000000000..99ca8d09c02 --- /dev/null +++ b/CVE-2024/CVE-2024-379xx/CVE-2024-37953.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-37953", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-20T09:15:08.197", + "lastModified": "2024-07-20T09:15:08.197", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MBE Worldwide S.P.A. MBE eShip allows Reflected XSS.This issue affects MBE eShip: from n/a through 2.1.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/mail-boxes-etc/wordpress-mbe-eship-plugin-2-1-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-379xx/CVE-2024-37954.json b/CVE-2024/CVE-2024-379xx/CVE-2024-37954.json new file mode 100644 index 00000000000..f24044caf61 --- /dev/null +++ b/CVE-2024/CVE-2024-379xx/CVE-2024-37954.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-37954", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-20T09:15:08.557", + "lastModified": "2024-07-20T09:15:08.557", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in marcelotorres Simple Responsive Slider allows Reflected XSS.This issue affects Simple Responsive Slider: from n/a through 0.2.2.5." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/simple-responsive-slider/wordpress-simple-responsive-slider-plugin-0-2-2-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-379xx/CVE-2024-37955.json b/CVE-2024/CVE-2024-379xx/CVE-2024-37955.json new file mode 100644 index 00000000000..0312d9439fb --- /dev/null +++ b/CVE-2024/CVE-2024-379xx/CVE-2024-37955.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-37955", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-20T09:15:08.917", + "lastModified": "2024-07-20T09:15:08.917", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Zakaria Binsaifullah GutSlider \u2013 All in One Block Slider allows Stored XSS.This issue affects GutSlider \u2013 All in One Block Slider: from n/a through 2.7.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/slider-blocks/wordpress-gutslider-all-in-one-block-slider-plugin-2-7-2-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-379xx/CVE-2024-37956.json b/CVE-2024/CVE-2024-379xx/CVE-2024-37956.json new file mode 100644 index 00000000000..95afdba557e --- /dev/null +++ b/CVE-2024/CVE-2024-379xx/CVE-2024-37956.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-37956", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-20T09:15:09.247", + "lastModified": "2024-07-20T09:15:09.247", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Vektor,Inc. VK All in One Expansion Unit allows Stored XSS.This issue affects VK All in One Expansion Unit: from n/a through 9.98.1.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/vk-all-in-one-expansion-unit/wordpress-vk-all-in-one-expansion-unit-plugin-9-97-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-379xx/CVE-2024-37957.json b/CVE-2024/CVE-2024-379xx/CVE-2024-37957.json new file mode 100644 index 00000000000..beed9bed17f --- /dev/null +++ b/CVE-2024/CVE-2024-379xx/CVE-2024-37957.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-37957", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-20T09:15:09.550", + "lastModified": "2024-07-20T09:15:09.550", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in bradmax Bradmax Player allows Stored XSS.This issue affects Bradmax Player: from n/a through 1.1.27." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/bradmax-player/wordpress-bradmax-player-plugin-1-1-27-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-379xx/CVE-2024-37958.json b/CVE-2024/CVE-2024-379xx/CVE-2024-37958.json new file mode 100644 index 00000000000..7b180591681 --- /dev/null +++ b/CVE-2024/CVE-2024-379xx/CVE-2024-37958.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-37958", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-20T09:15:09.860", + "lastModified": "2024-07-20T09:15:09.860", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Meks Meks Smart Author Widget allows Stored XSS.This issue affects Meks Smart Author Widget: from n/a through 1.1.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/meks-smart-author-widget/wordpress-meks-smart-author-widget-plugin-1-1-4-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-379xx/CVE-2024-37959.json b/CVE-2024/CVE-2024-379xx/CVE-2024-37959.json new file mode 100644 index 00000000000..0a0517ca1ec --- /dev/null +++ b/CVE-2024/CVE-2024-379xx/CVE-2024-37959.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-37959", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-20T09:15:10.187", + "lastModified": "2024-07-20T09:15:10.187", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Atlas Public Policy Power BI Embedded for WordPress allows Stored XSS.This issue affects Power BI Embedded for WordPress: from n/a through 1.1.7." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/embed-power-bi/wordpress-power-bi-embedded-for-wordpress-plugin-1-1-7-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-379xx/CVE-2024-37960.json b/CVE-2024/CVE-2024-379xx/CVE-2024-37960.json new file mode 100644 index 00000000000..b161439f7b8 --- /dev/null +++ b/CVE-2024/CVE-2024-379xx/CVE-2024-37960.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-37960", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-20T08:15:02.737", + "lastModified": "2024-07-20T08:15:02.737", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Chris Coyier CodePen Embedded Pens Shortcode allows Stored XSS.This issue affects CodePen Embedded Pens Shortcode: from n/a through 1.0.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/codepen-embedded-pen-shortcode/wordpress-codepen-embedded-pens-shortcode-plugin-1-0-0-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-379xx/CVE-2024-37961.json b/CVE-2024/CVE-2024-379xx/CVE-2024-37961.json new file mode 100644 index 00000000000..5d9e67028f1 --- /dev/null +++ b/CVE-2024/CVE-2024-379xx/CVE-2024-37961.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-37961", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-20T08:15:03.117", + "lastModified": "2024-07-20T08:15:03.117", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in codoc.Jp allows Stored XSS.This issue affects codoc: from n/a through 0.9.51.12." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/codoc/wordpress-codoc-plugin-0-9-51-12-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-386xx/CVE-2024-38669.json b/CVE-2024/CVE-2024-386xx/CVE-2024-38669.json new file mode 100644 index 00000000000..4ab241f19f9 --- /dev/null +++ b/CVE-2024/CVE-2024-386xx/CVE-2024-38669.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-38669", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-20T08:15:03.493", + "lastModified": "2024-07-20T08:15:03.493", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in a3rev Software WooCommerce Predictive Search allows Reflected XSS.This issue affects WooCommerce Predictive Search: from n/a through 6.0.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/woocommerce-predictive-search/wordpress-predictive-search-for-woocommerce-plugin-6-0-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-386xx/CVE-2024-38670.json b/CVE-2024/CVE-2024-386xx/CVE-2024-38670.json new file mode 100644 index 00000000000..148cf39a685 --- /dev/null +++ b/CVE-2024/CVE-2024-386xx/CVE-2024-38670.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-38670", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-20T08:15:03.800", + "lastModified": "2024-07-20T08:15:03.800", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Team Members allows Stored XSS.This issue affects Team Members: from n/a through 5.3.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/team-members/wordpress-team-members-plugin-5-3-3-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-386xx/CVE-2024-38671.json b/CVE-2024/CVE-2024-386xx/CVE-2024-38671.json new file mode 100644 index 00000000000..bab3e874808 --- /dev/null +++ b/CVE-2024/CVE-2024-386xx/CVE-2024-38671.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-38671", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-20T08:15:04.133", + "lastModified": "2024-07-20T08:15:04.133", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Martin Gibson WP GoToWebinar allows Stored XSS.This issue affects WP GoToWebinar: from n/a through 15.7." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-gotowebinar/wordpress-wp-gotowebinar-plugin-15-3-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-386xx/CVE-2024-38672.json b/CVE-2024/CVE-2024-386xx/CVE-2024-38672.json new file mode 100644 index 00000000000..30b72a2bcf8 --- /dev/null +++ b/CVE-2024/CVE-2024-386xx/CVE-2024-38672.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-38672", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-20T08:15:04.387", + "lastModified": "2024-07-20T08:15:04.387", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in namithjawahar AdPush allows Reflected XSS.This issue affects AdPush: from n/a through 1.50." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/adsense-plugin/wordpress-adpush-plugin-1-50-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-386xx/CVE-2024-38673.json b/CVE-2024/CVE-2024-386xx/CVE-2024-38673.json new file mode 100644 index 00000000000..f9129454599 --- /dev/null +++ b/CVE-2024/CVE-2024-386xx/CVE-2024-38673.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-38673", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-20T08:15:04.700", + "lastModified": "2024-07-20T08:15:04.700", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Obtain Infotech Multisite Content Copier/Updater allows Reflected XSS.This issue affects Multisite Content Copier/Updater: from n/a through 1.5.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-multisite-content-copier/wordpress-multisite-content-copier-updater-plugin-1-5-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-386xx/CVE-2024-38674.json b/CVE-2024/CVE-2024-386xx/CVE-2024-38674.json new file mode 100644 index 00000000000..662c11ac716 --- /dev/null +++ b/CVE-2024/CVE-2024-386xx/CVE-2024-38674.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-38674", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-20T08:15:04.980", + "lastModified": "2024-07-20T08:15:04.980", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SKT Themes SKT Addons for Elementor allows Stored XSS.This issue affects SKT Addons for Elementor: from n/a through 2.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/skt-addons-for-elementor/wordpress-skt-addons-for-elementor-plugin-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-386xx/CVE-2024-38675.json b/CVE-2024/CVE-2024-386xx/CVE-2024-38675.json new file mode 100644 index 00000000000..3903fe54569 --- /dev/null +++ b/CVE-2024/CVE-2024-386xx/CVE-2024-38675.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-38675", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-20T08:15:05.297", + "lastModified": "2024-07-20T08:15:05.297", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in LOOS,Inc. Arkhe Blocks allows Stored XSS.This issue affects Arkhe Blocks: from n/a through 2.22.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/arkhe-blocks/wordpress-arkhe-blocks-plugin-2-22-1-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-386xx/CVE-2024-38676.json b/CVE-2024/CVE-2024-386xx/CVE-2024-38676.json new file mode 100644 index 00000000000..04347e2f7f2 --- /dev/null +++ b/CVE-2024/CVE-2024-386xx/CVE-2024-38676.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-38676", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-20T08:15:05.620", + "lastModified": "2024-07-20T08:15:05.620", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Booking Ultra Pro allows Stored XSS.This issue affects Booking Ultra Pro: from n/a through 1.1.13." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/booking-ultra-pro/wordpress-booking-ultra-pro-appointments-booking-calendar-plugin-plugin-1-1-13-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-386xx/CVE-2024-38677.json b/CVE-2024/CVE-2024-386xx/CVE-2024-38677.json new file mode 100644 index 00000000000..f4c839a25de --- /dev/null +++ b/CVE-2024/CVE-2024-386xx/CVE-2024-38677.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-38677", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-20T08:15:05.930", + "lastModified": "2024-07-20T08:15:05.930", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Reviews.Co.Uk REVIEWS.Io allows Stored XSS.This issue affects REVIEWS.Io: from n/a through 1.2.7." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/reviewscouk-for-woocommerce/wordpress-reviews-io-plugin-1-2-7-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-386xx/CVE-2024-38678.json b/CVE-2024/CVE-2024-386xx/CVE-2024-38678.json new file mode 100644 index 00000000000..64808bebb69 --- /dev/null +++ b/CVE-2024/CVE-2024-386xx/CVE-2024-38678.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-38678", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-20T08:15:06.290", + "lastModified": "2024-07-20T08:15:06.290", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Calendar.Online Calendar.Online / Kalender.Digital allows Stored XSS.This issue affects Calendar.Online / Kalender.Digital: from n/a through 1.0.8." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/kalender-digital/wordpress-calendar-online-kalender-digital-plugin-plugin-1-0-8-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-386xx/CVE-2024-38679.json b/CVE-2024/CVE-2024-386xx/CVE-2024-38679.json new file mode 100644 index 00000000000..ea6141b50e6 --- /dev/null +++ b/CVE-2024/CVE-2024-386xx/CVE-2024-38679.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-38679", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-20T08:15:06.563", + "lastModified": "2024-07-20T08:15:06.563", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Yongki Agustinus Animated Typed JS Shortcode allows Stored XSS.This issue affects Animated Typed JS Shortcode: from n/a through 2.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/animated-typed-js-shortcode/wordpress-animated-typed-js-shortcode-plugin-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-386xx/CVE-2024-38680.json b/CVE-2024/CVE-2024-386xx/CVE-2024-38680.json new file mode 100644 index 00000000000..417ef8ce816 --- /dev/null +++ b/CVE-2024/CVE-2024-386xx/CVE-2024-38680.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-38680", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-20T08:15:06.840", + "lastModified": "2024-07-20T08:15:06.840", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Appmaker Appmaker \u2013 Convert WooCommerce to Android & iOS Native Mobile Apps allows Reflected XSS.This issue affects Appmaker \u2013 Convert WooCommerce to Android & iOS Native Mobile Apps: from n/a through 1.36.12." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/appmaker-woocommerce-mobile-app-manager/wordpress-appmaker-plugin-1-36-12-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-386xx/CVE-2024-38681.json b/CVE-2024/CVE-2024-386xx/CVE-2024-38681.json new file mode 100644 index 00000000000..be24c41706e --- /dev/null +++ b/CVE-2024/CVE-2024-386xx/CVE-2024-38681.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-38681", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-20T08:15:07.180", + "lastModified": "2024-07-20T08:15:07.180", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Noor alam Magical Addons For Elementor allows Stored XSS.This issue affects Magical Addons For Elementor: from n/a through 1.1.41." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/magical-addons-for-elementor/wordpress-magical-addons-for-elementor-plugin-1-1-41-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-386xx/CVE-2024-38682.json b/CVE-2024/CVE-2024-386xx/CVE-2024-38682.json new file mode 100644 index 00000000000..b0ec217c5de --- /dev/null +++ b/CVE-2024/CVE-2024-386xx/CVE-2024-38682.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-38682", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-20T08:15:07.477", + "lastModified": "2024-07-20T08:15:07.477", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Techeshta Post Layouts for Gutenberg allows Stored XSS.This issue affects Post Layouts for Gutenberg: from n/a through 1.2.7." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/post-layouts/wordpress-post-layouts-for-gutenberg-plugin-1-2-7-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-386xx/CVE-2024-38683.json b/CVE-2024/CVE-2024-386xx/CVE-2024-38683.json new file mode 100644 index 00000000000..ca8681665ae --- /dev/null +++ b/CVE-2024/CVE-2024-386xx/CVE-2024-38683.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-38683", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-20T08:15:07.800", + "lastModified": "2024-07-20T08:15:07.800", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in iThemelandCo WooCommerce Report allows Reflected XSS.This issue affects WooCommerce Report: from n/a through 1.4.5." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/ithemelandco-woo-report/wordpress-woocommerce-report-plugin-1-4-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-386xx/CVE-2024-38684.json b/CVE-2024/CVE-2024-386xx/CVE-2024-38684.json new file mode 100644 index 00000000000..916ff353122 --- /dev/null +++ b/CVE-2024/CVE-2024-386xx/CVE-2024-38684.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-38684", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-20T08:15:08.060", + "lastModified": "2024-07-20T08:15:08.060", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in FunnelKit SlingBlocks \u2013 Gutenberg Blocks by FunnelKit (Formerly WooFunnels) allows Stored XSS.This issue affects SlingBlocks \u2013 Gutenberg Blocks by FunnelKit (Formerly WooFunnels): from n/a through 1.4.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/slingblocks/wordpress-slingblocks-plugin-1-4-1-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-386xx/CVE-2024-38685.json b/CVE-2024/CVE-2024-386xx/CVE-2024-38685.json new file mode 100644 index 00000000000..add0909609e --- /dev/null +++ b/CVE-2024/CVE-2024-386xx/CVE-2024-38685.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-38685", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-20T08:15:08.353", + "lastModified": "2024-07-20T08:15:08.353", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SubscriptionPro WP Announcement allows Stored XSS.This issue affects WP Announcement: from n/a through 2.0.8." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/sp-announcement/wordpress-wp-announcement-plugin-2-0-8-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-386xx/CVE-2024-38686.json b/CVE-2024/CVE-2024-386xx/CVE-2024-38686.json new file mode 100644 index 00000000000..3cbe181b349 --- /dev/null +++ b/CVE-2024/CVE-2024-386xx/CVE-2024-38686.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-38686", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-20T08:15:08.650", + "lastModified": "2024-07-20T08:15:08.650", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pluginic FancyPost \u2013 Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor allows Stored XSS.This issue affects FancyPost \u2013 Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor: from n/a through 5.3.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/post-block/wordpress-fancypost-plugin-5-3-1-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-386xx/CVE-2024-38687.json b/CVE-2024/CVE-2024-386xx/CVE-2024-38687.json new file mode 100644 index 00000000000..ab5a6140ec9 --- /dev/null +++ b/CVE-2024/CVE-2024-386xx/CVE-2024-38687.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-38687", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-20T08:15:08.950", + "lastModified": "2024-07-20T08:15:08.950", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Techfyd Sky Addons for Elementor allows Stored XSS.This issue affects Sky Addons for Elementor: from n/a through 2.5.5." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/sky-elementor-addons/wordpress-sky-addons-for-elementor-plugin-2-5-4-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-386xx/CVE-2024-38689.json b/CVE-2024/CVE-2024-386xx/CVE-2024-38689.json new file mode 100644 index 00000000000..353064ed1f4 --- /dev/null +++ b/CVE-2024/CVE-2024-386xx/CVE-2024-38689.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-38689", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-20T08:15:09.287", + "lastModified": "2024-07-20T08:15:09.287", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Garrett Grimm Simple Popup allows Stored XSS.This issue affects Simple Popup: from n/a through 4.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/simple-popup-plugin/wordpress-simple-popup-plugin-4-4-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-386xx/CVE-2024-38694.json b/CVE-2024/CVE-2024-386xx/CVE-2024-38694.json new file mode 100644 index 00000000000..e76081f8a61 --- /dev/null +++ b/CVE-2024/CVE-2024-386xx/CVE-2024-38694.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-38694", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-20T08:15:09.637", + "lastModified": "2024-07-20T08:15:09.637", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Moloni allows Reflected XSS.This issue affects Moloni: from n/a through 4.7.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/moloni/wordpress-moloni-plugin-4-7-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-386xx/CVE-2024-38696.json b/CVE-2024/CVE-2024-386xx/CVE-2024-38696.json new file mode 100644 index 00000000000..4710fb7b26b --- /dev/null +++ b/CVE-2024/CVE-2024-386xx/CVE-2024-38696.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-38696", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-20T08:15:10.003", + "lastModified": "2024-07-20T08:15:10.003", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Zoho CRM Zoho CRM Lead Magnet allows Reflected XSS.This issue affects Zoho CRM Lead Magnet: from n/a through 1.7.8.8." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/zoho-crm-forms/wordpress-zoho-crm-lead-magnet-plugin-1-7-8-8-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-386xx/CVE-2024-38697.json b/CVE-2024/CVE-2024-386xx/CVE-2024-38697.json new file mode 100644 index 00000000000..51b571299f1 --- /dev/null +++ b/CVE-2024/CVE-2024-386xx/CVE-2024-38697.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-38697", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-20T08:15:10.293", + "lastModified": "2024-07-20T08:15:10.293", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ali Rahimi Goftino allows Stored XSS.This issue affects Goftino: from n/a through 1.6." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/goftino/wordpress-goftino-plugin-1-6-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-386xx/CVE-2024-38698.json b/CVE-2024/CVE-2024-386xx/CVE-2024-38698.json new file mode 100644 index 00000000000..fb3fed23b99 --- /dev/null +++ b/CVE-2024/CVE-2024-386xx/CVE-2024-38698.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-38698", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-20T08:15:10.577", + "lastModified": "2024-07-20T08:15:10.577", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SKT Themes SKT Skill Bar allows Stored XSS.This issue affects SKT Skill Bar: from n/a through 2.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/skt-skill-bar/wordpress-skt-skill-bar-plugin-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-387xx/CVE-2024-38703.json b/CVE-2024/CVE-2024-387xx/CVE-2024-38703.json new file mode 100644 index 00000000000..fa5067c7f40 --- /dev/null +++ b/CVE-2024/CVE-2024-387xx/CVE-2024-38703.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-38703", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-20T08:15:10.903", + "lastModified": "2024-07-20T08:15:10.903", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Xylus Themes WP Event Aggregator allows Stored XSS.This issue affects WP Event Aggregator: from n/a through 1.7.9." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-event-aggregator/wordpress-wp-event-aggregator-plugin-1-7-9-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-387xx/CVE-2024-38705.json b/CVE-2024/CVE-2024-387xx/CVE-2024-38705.json new file mode 100644 index 00000000000..b18f229a69c --- /dev/null +++ b/CVE-2024/CVE-2024-387xx/CVE-2024-38705.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-38705", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-20T08:15:11.243", + "lastModified": "2024-07-20T08:15:11.243", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ElementInvader ElementInvader Addons for Elementor allows Stored XSS.This issue affects ElementInvader Addons for Elementor: from n/a through 1.2.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/elementinvader-addons-for-elementor/wordpress-elementinvader-addons-for-elementor-plugin-1-2-4-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-387xx/CVE-2024-38710.json b/CVE-2024/CVE-2024-387xx/CVE-2024-38710.json new file mode 100644 index 00000000000..338a3bea85b --- /dev/null +++ b/CVE-2024/CVE-2024-387xx/CVE-2024-38710.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-38710", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-20T08:15:11.600", + "lastModified": "2024-07-20T08:15:11.600", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jewel Theme Master Addons for Elementor allows Stored XSS.This issue affects Master Addons for Elementor: from n/a through 2.0.6.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/master-addons/wordpress-master-addons-free-widgets-hover-effects-toggle-conditions-animations-for-elementor-plugin-2-0-6-2-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-387xx/CVE-2024-38711.json b/CVE-2024/CVE-2024-387xx/CVE-2024-38711.json new file mode 100644 index 00000000000..1b5848200ae --- /dev/null +++ b/CVE-2024/CVE-2024-387xx/CVE-2024-38711.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-38711", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-20T08:15:11.903", + "lastModified": "2024-07-20T08:15:11.903", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Yannick Lefebvre Link Library allows Reflected XSS.This issue affects Link Library: from n/a through 7.7.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/link-library/wordpress-link-library-plugin-7-7-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-387xx/CVE-2024-38712.json b/CVE-2024/CVE-2024-387xx/CVE-2024-38712.json new file mode 100644 index 00000000000..aa6086db31a --- /dev/null +++ b/CVE-2024/CVE-2024-387xx/CVE-2024-38712.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-38712", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-20T08:15:12.240", + "lastModified": "2024-07-20T08:15:12.240", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Qode Interactive Qi Blocks allows Stored XSS.This issue affects Qi Blocks: from n/a through 1.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/qi-blocks/wordpress-qi-blocks-plugin-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-387xx/CVE-2024-38713.json b/CVE-2024/CVE-2024-387xx/CVE-2024-38713.json new file mode 100644 index 00000000000..3bd241ac8da --- /dev/null +++ b/CVE-2024/CVE-2024-387xx/CVE-2024-38713.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-38713", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-20T08:15:12.550", + "lastModified": "2024-07-20T08:15:12.550", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus allows Stored XSS.This issue affects WP Photo Album Plus: from n/a through 8.8.02.002." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-photo-album-plus/wordpress-wp-photo-album-plus-plugin-8-8-01-007-authenticated-stored-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-387xx/CVE-2024-38718.json b/CVE-2024/CVE-2024-387xx/CVE-2024-38718.json new file mode 100644 index 00000000000..6cf5261174e --- /dev/null +++ b/CVE-2024/CVE-2024-387xx/CVE-2024-38718.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-38718", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-20T08:15:12.840", + "lastModified": "2024-07-20T08:15:12.840", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in clicklabs\u00ae Medienagentur Download Button for Elementor allows Stored XSS.This issue affects Download Button for Elementor: from n/a through 1.2.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/download-button-for-elementor/wordpress-download-button-for-elementor-plugin-1-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-387xx/CVE-2024-38720.json b/CVE-2024/CVE-2024-387xx/CVE-2024-38720.json new file mode 100644 index 00000000000..c61cede5dbe --- /dev/null +++ b/CVE-2024/CVE-2024-387xx/CVE-2024-38720.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-38720", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-20T08:15:13.110", + "lastModified": "2024-07-20T08:15:13.110", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in EazyDocs eazydocs allows Stored XSS.This issue affects EazyDocs: from n/a through 2.5.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/eazydocs/wordpress-eazydocs-plugin-2-5-0-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-387xx/CVE-2024-38722.json b/CVE-2024/CVE-2024-387xx/CVE-2024-38722.json new file mode 100644 index 00000000000..146742975ee --- /dev/null +++ b/CVE-2024/CVE-2024-387xx/CVE-2024-38722.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-38722", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-20T08:15:13.393", + "lastModified": "2024-07-20T08:15:13.393", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins Job Board Manager allows Stored XSS.This issue affects Job Board Manager: from n/a through 2.1.57." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/job-board-manager/wordpress-job-board-manager-plugin-2-1-57-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-387xx/CVE-2024-38725.json b/CVE-2024/CVE-2024-387xx/CVE-2024-38725.json new file mode 100644 index 00000000000..2170052d42d --- /dev/null +++ b/CVE-2024/CVE-2024-387xx/CVE-2024-38725.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-38725", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-20T08:15:13.660", + "lastModified": "2024-07-20T08:15:13.660", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Webstix Admin Dashboard RSS Feed allows Stored XSS.This issue affects Admin Dashboard RSS Feed: from n/a through 3.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/admin-dashboard-rss-feed/wordpress-admin-dashboard-rss-feed-plugin-3-1-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-387xx/CVE-2024-38738.json b/CVE-2024/CVE-2024-387xx/CVE-2024-38738.json new file mode 100644 index 00000000000..4d87588845f --- /dev/null +++ b/CVE-2024/CVE-2024-387xx/CVE-2024-38738.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-38738", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-20T08:15:13.953", + "lastModified": "2024-07-20T08:15:13.953", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Marian Kadanka Change From Email allows Stored XSS.This issue affects Change From Email: from n/a through 1.2.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-from-email/wordpress-change-from-email-plugin-1-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-387xx/CVE-2024-38739.json b/CVE-2024/CVE-2024-387xx/CVE-2024-38739.json new file mode 100644 index 00000000000..c98c171a62e --- /dev/null +++ b/CVE-2024/CVE-2024-387xx/CVE-2024-38739.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-38739", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-20T08:15:14.277", + "lastModified": "2024-07-20T08:15:14.277", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in FameThemes OnePress allows Stored XSS.This issue affects OnePress: from n/a through 2.3.8." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/onepress/wordpress-onepress-theme-2-3-8-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-387xx/CVE-2024-38741.json b/CVE-2024/CVE-2024-387xx/CVE-2024-38741.json new file mode 100644 index 00000000000..b25fbc69058 --- /dev/null +++ b/CVE-2024/CVE-2024-387xx/CVE-2024-38741.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-38741", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-20T08:15:14.643", + "lastModified": "2024-07-20T08:15:14.643", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Noor-E-Alam Amazing Hover Effects allows Stored XSS.This issue affects Amazing Hover Effects: from n/a through 2.4.9." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/amazing-hover-effects/wordpress-amazing-hover-effects-plugin-2-4-9-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-387xx/CVE-2024-38750.json b/CVE-2024/CVE-2024-387xx/CVE-2024-38750.json new file mode 100644 index 00000000000..8ea822a7768 --- /dev/null +++ b/CVE-2024/CVE-2024-387xx/CVE-2024-38750.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-38750", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-20T08:15:14.983", + "lastModified": "2024-07-20T08:15:14.983", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in digontoahsan Advanced post slider.This issue affects Advanced post slider: from n/a through 3.0.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/advanced-post-slider/wordpress-advanced-post-slider-plugin-3-0-0-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-387xx/CVE-2024-38757.json b/CVE-2024/CVE-2024-387xx/CVE-2024-38757.json new file mode 100644 index 00000000000..84fb35bb014 --- /dev/null +++ b/CVE-2024/CVE-2024-387xx/CVE-2024-38757.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-38757", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-20T08:15:15.283", + "lastModified": "2024-07-20T08:15:15.283", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Typebot allows Stored XSS.This issue affects Typebot: from n/a through 3.6.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/typebot/wordpress-typebot-plugin-3-6-0-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-387xx/CVE-2024-38758.json b/CVE-2024/CVE-2024-387xx/CVE-2024-38758.json new file mode 100644 index 00000000000..91f5f1dff2e --- /dev/null +++ b/CVE-2024/CVE-2024-387xx/CVE-2024-38758.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-38758", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-20T08:15:15.590", + "lastModified": "2024-07-20T08:15:15.590", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Server-Side Request Forgery (SSRF) vulnerability in WappPress Team WappPress.This issue affects WappPress: from n/a through 6.0.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wapppress-builds-android-app-for-website/wordpress-wapppress-plugin-6-0-4-blind-server-side-request-forgery-ssrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-387xx/CVE-2024-38767.json b/CVE-2024/CVE-2024-387xx/CVE-2024-38767.json new file mode 100644 index 00000000000..a54b750c7d6 --- /dev/null +++ b/CVE-2024/CVE-2024-387xx/CVE-2024-38767.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-38767", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-20T08:15:15.883", + "lastModified": "2024-07-20T08:15:15.883", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BannerSky.Com BSK PDF Manager allows Stored XSS.This issue affects BSK PDF Manager: from n/a through 3.6." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/bsk-pdf-manager/wordpress-bsk-pdf-manager-plugin-3-6-cross-site-scripting-xss-vulnerability-2?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-64xx/CVE-2024-6497.json b/CVE-2024/CVE-2024-64xx/CVE-2024-6497.json new file mode 100644 index 00000000000..f0ad986ab86 --- /dev/null +++ b/CVE-2024/CVE-2024-64xx/CVE-2024-6497.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2024-6497", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-07-20T09:15:10.530", + "lastModified": "2024-07-20T09:15:10.530", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018url\u2019 parameter in all versions up to, and including, 12.3.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/squirrly-seo/trunk/controllers/Api.php#L267", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3121853/", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/squirrly-seo/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bb3aa613-8f34-4d96-8ddf-41fcdcf65c59?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-66xx/CVE-2024-6635.json b/CVE-2024/CVE-2024-66xx/CVE-2024-6635.json new file mode 100644 index 00000000000..27e1e260367 --- /dev/null +++ b/CVE-2024/CVE-2024-66xx/CVE-2024-6635.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-6635", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-07-20T08:15:16.177", + "lastModified": "2024-07-20T08:15:16.177", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.7.3. This is due to insufficient controls in the 'woo_slg_login_email' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, excluding an administrator, if they know the email of user." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-288" + } + ] + } + ], + "references": [ + { + "url": "https://codecanyon.net/item/social-login-wordpress-woocommerce-plugin/8495883", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/37836722-eb25-4393-8cdf-91057642ba3f?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-66xx/CVE-2024-6636.json b/CVE-2024/CVE-2024-66xx/CVE-2024-6636.json new file mode 100644 index 00000000000..40015b09ed2 --- /dev/null +++ b/CVE-2024/CVE-2024-66xx/CVE-2024-6636.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-6636", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-07-20T08:15:16.510", + "lastModified": "2024-07-20T08:15:16.510", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'woo_slg_login_email' function in all versions up to, and including, 2.7.3. This makes it possible for unauthenticated attackers to change the default role to Administrator while registering for an account." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://codecanyon.net/item/social-login-wordpress-woocommerce-plugin/8495883", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/77ea4ba8-6c13-494a-92e3-12643003635b?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-66xx/CVE-2024-6637.json b/CVE-2024/CVE-2024-66xx/CVE-2024-6637.json new file mode 100644 index 00000000000..85e06635358 --- /dev/null +++ b/CVE-2024/CVE-2024-66xx/CVE-2024-6637.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-6637", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-07-20T08:15:16.840", + "lastModified": "2024-07-20T08:15:16.840", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthenticated privilege escalation in all versions up to, and including, 2.7.3. This is due to a lack of brute force controls on a weak one-time password. This makes it possible for unauthenticated attackers to brute force the one-time password for any user, except an Administrator, if they know the email of user." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-305" + } + ] + } + ], + "references": [ + { + "url": "https://codecanyon.net/item/social-login-wordpress-woocommerce-plugin/8495883", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/10d92d5e-1c23-4f6a-bfab-0756876190a5?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 01795c32a9b..494ad86cb90 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-07-20T08:00:17.882747+00:00 +2024-07-20T10:00:18.875747+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-07-20T07:15:02.410000+00:00 +2024-07-20T09:15:10.530000+00:00 ``` ### Last Data Feed Release @@ -33,15 +33,38 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -257531 +257600 ``` ### CVEs added in the last Commit -Recently added CVEs: `2` +Recently added CVEs: `69` -- [CVE-2024-6489](CVE-2024/CVE-2024-64xx/CVE-2024-6489.json) (`2024-07-20T07:15:01.963`) -- [CVE-2024-6491](CVE-2024/CVE-2024-64xx/CVE-2024-6491.json) (`2024-07-20T07:15:02.410`) +- [CVE-2024-38694](CVE-2024/CVE-2024-386xx/CVE-2024-38694.json) (`2024-07-20T08:15:09.637`) +- [CVE-2024-38696](CVE-2024/CVE-2024-386xx/CVE-2024-38696.json) (`2024-07-20T08:15:10.003`) +- [CVE-2024-38697](CVE-2024/CVE-2024-386xx/CVE-2024-38697.json) (`2024-07-20T08:15:10.293`) +- [CVE-2024-38698](CVE-2024/CVE-2024-386xx/CVE-2024-38698.json) (`2024-07-20T08:15:10.577`) +- [CVE-2024-38703](CVE-2024/CVE-2024-387xx/CVE-2024-38703.json) (`2024-07-20T08:15:10.903`) +- [CVE-2024-38705](CVE-2024/CVE-2024-387xx/CVE-2024-38705.json) (`2024-07-20T08:15:11.243`) +- [CVE-2024-38710](CVE-2024/CVE-2024-387xx/CVE-2024-38710.json) (`2024-07-20T08:15:11.600`) +- [CVE-2024-38711](CVE-2024/CVE-2024-387xx/CVE-2024-38711.json) (`2024-07-20T08:15:11.903`) +- [CVE-2024-38712](CVE-2024/CVE-2024-387xx/CVE-2024-38712.json) (`2024-07-20T08:15:12.240`) +- [CVE-2024-38713](CVE-2024/CVE-2024-387xx/CVE-2024-38713.json) (`2024-07-20T08:15:12.550`) +- [CVE-2024-38718](CVE-2024/CVE-2024-387xx/CVE-2024-38718.json) (`2024-07-20T08:15:12.840`) +- [CVE-2024-38720](CVE-2024/CVE-2024-387xx/CVE-2024-38720.json) (`2024-07-20T08:15:13.110`) +- [CVE-2024-38722](CVE-2024/CVE-2024-387xx/CVE-2024-38722.json) (`2024-07-20T08:15:13.393`) +- [CVE-2024-38725](CVE-2024/CVE-2024-387xx/CVE-2024-38725.json) (`2024-07-20T08:15:13.660`) +- [CVE-2024-38738](CVE-2024/CVE-2024-387xx/CVE-2024-38738.json) (`2024-07-20T08:15:13.953`) +- [CVE-2024-38739](CVE-2024/CVE-2024-387xx/CVE-2024-38739.json) (`2024-07-20T08:15:14.277`) +- [CVE-2024-38741](CVE-2024/CVE-2024-387xx/CVE-2024-38741.json) (`2024-07-20T08:15:14.643`) +- [CVE-2024-38750](CVE-2024/CVE-2024-387xx/CVE-2024-38750.json) (`2024-07-20T08:15:14.983`) +- [CVE-2024-38757](CVE-2024/CVE-2024-387xx/CVE-2024-38757.json) (`2024-07-20T08:15:15.283`) +- [CVE-2024-38758](CVE-2024/CVE-2024-387xx/CVE-2024-38758.json) (`2024-07-20T08:15:15.590`) +- [CVE-2024-38767](CVE-2024/CVE-2024-387xx/CVE-2024-38767.json) (`2024-07-20T08:15:15.883`) +- [CVE-2024-6497](CVE-2024/CVE-2024-64xx/CVE-2024-6497.json) (`2024-07-20T09:15:10.530`) +- [CVE-2024-6635](CVE-2024/CVE-2024-66xx/CVE-2024-6635.json) (`2024-07-20T08:15:16.177`) +- [CVE-2024-6636](CVE-2024/CVE-2024-66xx/CVE-2024-6636.json) (`2024-07-20T08:15:16.510`) +- [CVE-2024-6637](CVE-2024/CVE-2024-66xx/CVE-2024-6637.json) (`2024-07-20T08:15:16.840`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index a8080dc54ca..164d831cf16 100644 --- a/_state.csv +++ b/_state.csv @@ -254181,7 +254181,9 @@ CVE-2024-37554,0,0,f21873c8cc723d73a5be37e43f70a0cc0c9c1c460efddd02b4e8ae7999da0 CVE-2024-37555,0,0,1644327e39d431b11dca9e571309a66e1f1bfd16300400fc24b3c08e5496ae7a,2024-07-17T18:11:44.260000 CVE-2024-3756,0,0,9f6325e6bf8bb208b4e2ee6674c7d5cde657d33007cb72c8f23cf7232b49431b,2024-07-03T02:06:32.530000 CVE-2024-37560,0,0,6a6c51fd8ffab166572e38f12a64292826710da41d309700e65eba27d6039e12,2024-07-12T16:34:58.687000 +CVE-2024-37563,1,1,a7bcd96a6802b29647c5e435ca1284679a741b47b6a577c5570f8fbd48279954,2024-07-20T09:15:03.410000 CVE-2024-37564,0,0,e7a776936a19636d3a76b462e4343d760a6a25be8bce1ad25bb7880ea2c1908a,2024-07-12T16:34:58.687000 +CVE-2024-37565,1,1,cd29cd59b4dcb71dc162aeacd38887a129251b9b27b2c600691182e5d9abdecb,2024-07-20T09:15:03.780000 CVE-2024-37568,0,0,fb5ce381c9f9e372e24500708a838fda77fe0bec0aaac1b460d65214b55c9ccf,2024-06-20T09:15:12.253000 CVE-2024-37569,0,0,d72ceb83b037eeec35f3e81abfdf503a49618e4aba004fb3f45e6970df347f2e,2024-07-03T02:04:20.517000 CVE-2024-3757,0,0,d3e75f8205a45aeb6c1cb5b9efd4d99998e027f23a100dabf40ce218744ea3e8,2024-05-07T13:39:32.710000 @@ -254326,7 +254328,11 @@ CVE-2024-37903,0,0,886576036d4d085b682af52548aacb4c341112369e14bf61e8ca80c2c202d CVE-2024-37904,0,0,4a1838bfa872e93babcec91edc2a58b1f777ff60512a3a43aa04f02c821270dc,2024-06-20T12:44:01.637000 CVE-2024-37905,0,0,76667799c8b41a4c84b1440977b5297bf4074f7f71d64c5e6ed0abc93aad04a6,2024-07-01T12:37:24.220000 CVE-2024-3791,0,0,767a003f920bfca311025815b56da50ca1604fe6f1547763faa14f2481b1f8a4,2024-05-14T16:11:39.510000 +CVE-2024-37918,1,1,32fc6140ff59f194cab8b04bd04ec4f9840a13003bdb23779e98699158a5b546,2024-07-20T09:15:04.097000 +CVE-2024-37919,1,1,3184b87b3a8974c161a6849553093964d31196ee1b40e5cb1c07c452147f5488,2024-07-20T09:15:04.400000 CVE-2024-3792,0,0,b2d7f7e579eff1bf3cc457c41f5782185342411a77aac1022f0e4393ef1fd163,2024-05-14T16:11:39.510000 +CVE-2024-37920,1,1,28a286751285c13150b5183cf8a09220e454cefe5981b3150d3dd230b3a32662,2024-07-20T09:15:04.723000 +CVE-2024-37922,1,1,4eb196c3a938fc1f6159d9607039d2c19d4b17c6e47d7a16fae9ed22bce0a376,2024-07-20T09:15:05.063000 CVE-2024-37923,0,0,0f277f016f5fbeb4c94053f1c3c5921e348aa14bf063918224f804db2fff94d1,2024-07-09T18:19:14.047000 CVE-2024-37927,0,0,6e523e69f7c51373b280acd8113d97246ba05f65cbdcbcfc2f6c98d020f9522e,2024-07-12T16:34:58.687000 CVE-2024-37928,0,0,232529d3b572f04b7e3513c8e007b461ed8da07a2526f3a83d9072726dac3e46,2024-07-12T16:34:58.687000 @@ -254334,14 +254340,32 @@ CVE-2024-3793,0,0,45180ff35ea2c7285cdd371de1244c7a4424d1261f14c1bf7f3ac3169f3ba4 CVE-2024-37932,0,0,5186f998d9a20ac6689fba660a23d767e6b8122dd26478aa16c28fb3bf816f59,2024-07-12T16:34:58.687000 CVE-2024-37933,0,0,6cea39946c80320b897adc63858d22c978af7202b2ac51fc6671f69cbc85e40d,2024-07-12T16:34:58.687000 CVE-2024-37934,0,0,20d80f75e222e93cd8bf312483db42a7dd2efce13206dab8e3080dada5a4be9e,2024-07-09T18:19:14.047000 +CVE-2024-37936,1,1,3ad1e3cbe3d283d108caa8644f307d12ee9ad276ddec8e08d925e4623eac3723,2024-07-20T09:15:05.423000 CVE-2024-37938,0,0,cc9a715411959a9adf0fa6b35e0c67459ba5daf3ae5695e02407868365da117b,2024-07-12T16:34:58.687000 CVE-2024-37939,0,0,604cb2a00d25544d5799a7fe712ac053f6ec4e37643e0db1131b14ff154f8fac,2024-07-12T16:34:58.687000 CVE-2024-3794,0,0,6e44f3f929dcd0d4adad15596c58f782c4fb31b92a4af005c9d6cedb10aa1f60,2024-05-14T16:11:39.510000 CVE-2024-37940,0,0,86f6fa66e03c77c09146bd7af3f4907ca21521918b8ff60678da4bea49847c4a,2024-07-12T16:34:58.687000 CVE-2024-37941,0,0,5b6280375406c2cec157d83fbd019a06cd4baabd2cd1a87c9eb05f8e903dacbf,2024-07-12T16:34:58.687000 +CVE-2024-37943,1,1,c1a034a3f6e2ae2fb3739bc9edb8bf8089fcf4ab859e7f6947bb8860c588391a,2024-07-20T09:15:05.720000 +CVE-2024-37944,1,1,7bbf4d21b65d876d9b8ab99cfb04937ad172e1e582822b0c86e305fb9eb82b7e,2024-07-20T09:15:06.017000 +CVE-2024-37946,1,1,7eb60472e4b75ae01a1c1c6ce01fd726bc4cb2aa2eb9ab906df9c51c624d223a,2024-07-20T09:15:06.327000 +CVE-2024-37947,1,1,2b5b55ae377021c4e8000825642380ddf32c2548302faf02af9a894c62e0269e,2024-07-20T09:15:06.693000 +CVE-2024-37948,1,1,a09c80634ab7f315b64ab8ff24d19e4f0a3484b4a0651dc777fdf62d8aa29235,2024-07-20T09:15:07 +CVE-2024-37949,1,1,b6f1b64ef9c481d4aadc03b503350d5d73e7894ec09b7a462422a67bbc2e9b49,2024-07-20T09:15:07.277000 CVE-2024-3795,0,0,f16f2517dca7ca05b3c4907d5c002f230ac9e36a749d3bc6fea553bc4f317d0d,2024-05-14T16:11:39.510000 +CVE-2024-37950,1,1,170d19bb320dca2bdb20f7401b2fb1caf585566da7456231d363df38db09b55d,2024-07-20T09:15:07.577000 +CVE-2024-37951,1,1,3a7d607d72c29de2de38d3a852598b276eaa9d7269c02263ed37733ecd2d6fc1,2024-07-20T09:15:07.893000 CVE-2024-37952,0,0,07b8e150160469fa7f383cffb1cb86110c59692916e686f9bf6e4d8611de65a9,2024-07-09T18:19:14.047000 +CVE-2024-37953,1,1,3fe260bf8687975734722649faa30481d39a737c72037e426892887266db34b6,2024-07-20T09:15:08.197000 +CVE-2024-37954,1,1,6356a75bde5af041662fc573d110cb839feacd00b7f51ad2271cb640e30ed899,2024-07-20T09:15:08.557000 +CVE-2024-37955,1,1,e048b5d82cb847fc442ec6ad4924a7b5eaa3accc51f46f0bbd0c6d3c2225c6d4,2024-07-20T09:15:08.917000 +CVE-2024-37956,1,1,c50bc98b7c5e14b046b1326dc47f3ad6a48e663e77e2b6de13b4d1e8d0afdefe,2024-07-20T09:15:09.247000 +CVE-2024-37957,1,1,13a8567b5ff9088d8c7d8d368e6a3c609a3cc6f19fd489c9e0f730c7ac8c7651,2024-07-20T09:15:09.550000 +CVE-2024-37958,1,1,eb3fe45952ed5a6c30ef19eb3f0748dfacdd09c514130c660384e103271cdb7b,2024-07-20T09:15:09.860000 +CVE-2024-37959,1,1,53f8c3efa2aa1982d556a73b006e97dba81ba07d3b21a1fa34a8ea73edf73d24,2024-07-20T09:15:10.187000 CVE-2024-3796,0,0,5bae4d416035885a0192c05970d5fd8edbaa05fe9b0acf97b8394b245a69cda0,2024-05-14T16:11:39.510000 +CVE-2024-37960,1,1,e4ad7ebbd28fa70f9fe62f59c1a1bc42c331360a77900b35ea5cc8d3c50adf94,2024-07-20T08:15:02.737000 +CVE-2024-37961,1,1,c18a96dfbd5bc9b21bbc9242b323a0b1ee5abf4ad30fd4350f265ffe36d7c03b,2024-07-20T08:15:03.117000 CVE-2024-37969,0,0,9cda862f222f06c0ea4271cea0b4c27a650f00d5454026fb1e3657b35f8e92c3,2024-07-16T16:33:58.220000 CVE-2024-3797,0,0,151890f4e5d8e0d5473cf065c3613433333b9f328648ba8da91d4cb5eb80d846,2024-05-17T02:40:08.123000 CVE-2024-37970,0,0,f961697c7788754c6ab5d8c03485408f8bcc3bb1a7cce532aa01297f6de9ca2b,2024-07-16T16:34:31.423000 @@ -254733,26 +254757,67 @@ CVE-2024-38662,0,0,587269b0aade9b66f2b27453b59929a1dd57dcfa88975eb87dd718f6e7386 CVE-2024-38663,0,0,76edf2df49fecd967d78d8fa91a81453e6903492924f9f2a65b88c7cc552bf4f,2024-06-24T19:26:47.037000 CVE-2024-38664,0,0,418ee48bd44d13024e4f172458676dafa0328cf20a417e7f77e8ce1f228430db,2024-06-26T13:52:23.033000 CVE-2024-38667,0,0,4b5489473e44a31d8ebc57a7df1b1f90dd93f1295210f54d8df43808f9aac1bc,2024-06-26T13:53:56.883000 +CVE-2024-38669,1,1,6d1cf0a4e08f633bb312ab6a6d2f4737524581c5243bb1dc84d1f8e93e4fd7f3,2024-07-20T08:15:03.493000 CVE-2024-3867,0,0,3968b9e505102e62d9c9cd090501b1f1c2cd1651a087ff43068fc396f312a659,2024-04-16T17:15:11.113000 +CVE-2024-38670,1,1,6e1784dee87eb46dade5ed5aeb61f7291304b1369b60e0c57e6b6bd3ed8203d6,2024-07-20T08:15:03.800000 +CVE-2024-38671,1,1,cd49fd54a57f4c7529793d98f11f6bbe9138c8ab74fe754574013551090c0dfb,2024-07-20T08:15:04.133000 +CVE-2024-38672,1,1,59bfb33ebd239661dd586003b412eef12e64f72a3932e419d15cf36ed478ec24,2024-07-20T08:15:04.387000 +CVE-2024-38673,1,1,c88edb7c6d630d51195ae975c606a67dbc35634d8c2ddf42e4ae78438c9566e7,2024-07-20T08:15:04.700000 +CVE-2024-38674,1,1,11103e3a5714b92a1731ce14216f09cfb3a5357e4494ee49ddd09035fa56e63f,2024-07-20T08:15:04.980000 +CVE-2024-38675,1,1,448879d4079b9d27cd0a49324bc7128d2a8014da36ca9e0c63fe61fef4193c09,2024-07-20T08:15:05.297000 +CVE-2024-38676,1,1,09bb95ff6fbaf1a744d8f68ea360aa96c0275ff3c875880b1d0324005bb2decd,2024-07-20T08:15:05.620000 +CVE-2024-38677,1,1,a79b6457dc9f64f4df2c0b6be6109b1a2bbbb8a11868ea37eaa9829a7af124f4,2024-07-20T08:15:05.930000 +CVE-2024-38678,1,1,56f384f5e5e04b82c82e2e286d6208c9cbbf30d44cdd28b0b7cc89ea0e5cc34a,2024-07-20T08:15:06.290000 +CVE-2024-38679,1,1,4bc59db4c0efa707263bf6ffff78406b339f475302a9167bebcd93a37acebc58,2024-07-20T08:15:06.563000 CVE-2024-3868,0,0,e1417c1283c9e85e54c2c04c3fd7a3ee8c9b3d4b862f81817923323186a93622,2024-05-06T12:44:56.377000 +CVE-2024-38680,1,1,1add2744b16a587d14c3920e093a54a6a76d20c0a2d044aff0776ba551c2d67f,2024-07-20T08:15:06.840000 +CVE-2024-38681,1,1,3e20c763e7368809baf7ead27f517708b1681c7c885224422880a03b411185e2,2024-07-20T08:15:07.180000 +CVE-2024-38682,1,1,3fa297b14f714743095865990e3f7f3ad92162b583f21a105a333d9e68883198,2024-07-20T08:15:07.477000 +CVE-2024-38683,1,1,1c4fa236f23339a7de6a94bed8cd9e6bdbc579d21e19a26548cbcfac8a9aa2a7,2024-07-20T08:15:07.800000 +CVE-2024-38684,1,1,6346e7119c62a3770924e30552d9fb10d4bed34637ef3faaf2576fa56df8e906,2024-07-20T08:15:08.060000 +CVE-2024-38685,1,1,8567c2f0ea2ce139eec25a133afc6a744a08e4664f67a21140add5c8ef505fb0,2024-07-20T08:15:08.353000 +CVE-2024-38686,1,1,1fae0fd555fa9c757b2fd44bc0eb234d33a003ce85c49e96ce05adf2244bf14c,2024-07-20T08:15:08.650000 +CVE-2024-38687,1,1,42bdede22aacfccdd53c47d48773cb7bcebebbcc1bf8ccf63d5277328ad4d5f0,2024-07-20T08:15:08.950000 +CVE-2024-38689,1,1,6f222ef4d271601d91a6916b2983edbeb686bddec8e3bdfc40545302587f7364,2024-07-20T08:15:09.287000 CVE-2024-3869,0,0,48f9071a6f5d125b2c43fec069da722b087f824997b9c50ca7b95aad4aebfb77,2024-04-16T13:24:07.103000 +CVE-2024-38694,1,1,06b8f3beefa0b63daf8012ecdfd194d36ac68482307ea69b62bb529f728d1c15,2024-07-20T08:15:09.637000 +CVE-2024-38696,1,1,2421a2056350e158b045fdcfd5ee2cfc52b5364cb8fd12c5672666870c7a5e49,2024-07-20T08:15:10.003000 +CVE-2024-38697,1,1,c7df9198c48e1b93404f78a553cbae9908fd9b64d91d615b0e6d2b628f1637b3,2024-07-20T08:15:10.293000 +CVE-2024-38698,1,1,ae1f9f0670ebb125b44c9d5b572a52e491d8fc41585493253ce7e6c586730740,2024-07-20T08:15:10.577000 CVE-2024-3870,0,0,0a94fe58f68a2a55a9a615e303c503c3189a8068ab169c2fe45504536e49912a,2024-05-02T18:00:37.360000 CVE-2024-38700,0,0,43fd3d54f79d64b4230345287e538238d15593a18aa5b741846028808bc939a5,2024-07-12T16:34:58.687000 +CVE-2024-38703,1,1,cbc31e160215b11d6c81665f2cfc90b19ca0afac478f0e73eeb7b06599db8ab5,2024-07-20T08:15:10.903000 CVE-2024-38704,0,0,363e78266ace452afe93531a2a31abf9a1c39cf725e102eae181c90d0e9f4ccc,2024-07-12T16:34:58.687000 +CVE-2024-38705,1,1,e79580e8d482cfad7bb68041cc55807beed51f1c289ee5b22f4c2d6fa835df6c,2024-07-20T08:15:11.243000 CVE-2024-38706,0,0,c2d79b75813e1ae60084f66af8642c0ff2a146a3185a422c25f660bcab3514fe,2024-07-12T16:34:58.687000 CVE-2024-38709,0,0,54b6549207249cf38bb31dd8ffe60f8cf9f50c14dddbffdd004d04e2f71e7e86,2024-07-12T16:34:58.687000 CVE-2024-3871,0,0,90287ad4f5985e2858c6a2871acc4eb3b54c9c754d7a17300cf2ed0c74400b4f,2024-04-17T11:15:11.403000 +CVE-2024-38710,1,1,4642ab85c2feaff498856ed54cf198eee6c77c6c0f302658d93c49736e14ee43,2024-07-20T08:15:11.600000 +CVE-2024-38711,1,1,ede675991fbe77d70256dba4ab24c3764f032a713743fb994ddfcdbca2ae3ff4,2024-07-20T08:15:11.903000 +CVE-2024-38712,1,1,7f460892ace3f2e985366d5441d9d2c350241b9fae180a9fe83b8ffea9216ba3,2024-07-20T08:15:12.240000 +CVE-2024-38713,1,1,9dfb50b74cf6b3d4874c32a30caf1b13e63b73906421bea5d1cb23f72c79aa35,2024-07-20T08:15:12.550000 CVE-2024-38715,0,0,80664ed88537c5417585a28b4954b4d37833ab25f9b256630e91e16bab794a38,2024-07-12T16:34:58.687000 CVE-2024-38716,0,0,093825e0bcad59d1fcfa579b534812e6ad8becfdb497ac45fdd51395eafebb99,2024-07-12T16:34:58.687000 CVE-2024-38717,0,0,b419261359c698e03324dbb8ea2f4395aa22e4dc471400da4a0ea3bf6f64a243,2024-07-12T16:34:58.687000 +CVE-2024-38718,1,1,cede224cbf934c130cdad1b1f1be94652a4672ddce20ec497d62ffc3a102d245,2024-07-20T08:15:12.840000 CVE-2024-3872,0,0,e0746b0ccf3c2bc5c1cf6b271b7bc58e10aa7c45ec1e77f360e4d291ead633b8,2024-04-16T13:24:07.103000 +CVE-2024-38720,1,1,469f991daf2def7e67c3df3b986ef91a0370134c765c0980f7276c5692bc8f17,2024-07-20T08:15:13.110000 +CVE-2024-38722,1,1,066218e40377141819b1ff63ca569a312eddc226aaa8b47bec260e1974969f4c,2024-07-20T08:15:13.393000 +CVE-2024-38725,1,1,740f4776228a3736518184f3714f515cf8af37daa00bab08f41ffdb672b5cee1,2024-07-20T08:15:13.660000 CVE-2024-3873,0,0,9f41cb948a87fde9385789dcbf920beb2d5b41b44037ffd26229becab16e904c,2024-05-17T02:40:09.627000 CVE-2024-38734,0,0,79ff123a195fce7175b23db24326d028fd00478c9d98f76522812875add5613f,2024-07-12T16:34:58.687000 CVE-2024-38735,0,0,1f5c90d8bfd4fa649a448ed6b072bb6045e0905af17878a1b833dc9aafe0af6b,2024-07-12T16:34:58.687000 CVE-2024-38736,0,0,446ad8f9e80e45a41ef5a6fef6da4fe9df9204de144a025f28a19360718776b8,2024-07-12T16:34:58.687000 +CVE-2024-38738,1,1,8f4c3fc8ddc8d78107919f066ec1722ddb2259b5920eb97c5c0a9584d83cc24e,2024-07-20T08:15:13.953000 +CVE-2024-38739,1,1,79aafea3b22e7b4d5bbd135b122b6ccc1b0972c9867e20048f201ba46ad5eff9,2024-07-20T08:15:14.277000 CVE-2024-3874,0,0,f386620c295e4adf2d0e1bcb131bf4999519006b93485a0a9655b1dc65db42b9,2024-06-04T19:20:25.697000 +CVE-2024-38741,1,1,8d1e4d04e240b25faf01e9487a964c7e94d7be31ee17e3e8f631296764a43fdf,2024-07-20T08:15:14.643000 CVE-2024-3875,0,0,089beeefeb959936719f61ddb82cb79408bd763795142eb9b4bb9ae3be3050ea,2024-06-04T19:20:25.807000 +CVE-2024-38750,1,1,fc96849edc62ec29953a57b5998a806a4476d665c46017dbe2c4667a97e26202,2024-07-20T08:15:14.983000 +CVE-2024-38757,1,1,c3c6e803000a5bfbd42bff24fe35a1eb391a68eb9ed30a90480eba02bae7dcca,2024-07-20T08:15:15.283000 +CVE-2024-38758,1,1,7e7178bbfc79ba93da99a1864605c03d7146fe64b2705537cf017a1842c04325,2024-07-20T08:15:15.590000 CVE-2024-3876,0,0,fa4ed7cd6030846f7b483928213b8739ce66b301252f810372f8be541fb30194,2024-06-17T19:15:58.763000 +CVE-2024-38767,1,1,5ad0da711e375b5faa75cfeef9e50fe3656523a9e63748dcd031d21a52f712fd,2024-07-20T08:15:15.883000 CVE-2024-3877,0,0,4a72fb3a60020d6583c10cb3aed384330279f0439794d97578698eb4f04c72aa,2024-06-04T19:20:25.903000 CVE-2024-3878,0,0,5053df083f23b6f337fe4f8fdf53fe0df42d421dbd3425cfd92b488e4629a9db,2024-05-17T02:40:10.087000 CVE-2024-38780,0,0,ae16337cc2f7b6345cfbc91dc7be992225f0e3cd48711d005c1594aad3b12d58,2024-07-15T07:15:14.603000 @@ -257394,10 +257459,11 @@ CVE-2024-6471,0,0,f732e100289c893532526b33b46541a39ba52ce518f7e90d2f97ec4bb67cf8 CVE-2024-6484,0,0,bc633abd6bfb9da06585afdfb273066dfbc508847026385eb612d46f7c70ed29,2024-07-11T18:09:58.777000 CVE-2024-6485,0,0,b143d2f5de1cad2c57f83d18fe64abfe0ba2da69210341aec4863f07cdd850cb,2024-07-11T18:09:58.777000 CVE-2024-6488,0,0,0c5ecb49d7296b409f5d61bd70a5d017ad6f69068345855a00f0bd7c78566faa,2024-07-04T21:15:10.403000 -CVE-2024-6489,1,1,77837ba400c3690c0bd50e14fc77c874a4c9eb96e5f8e8743896d9be72ad8366,2024-07-20T07:15:01.963000 -CVE-2024-6491,1,1,2d4efed2380d6e5a21aafbc277c8c56df6c7c10e7a84627d2aaf270c5470b669,2024-07-20T07:15:02.410000 +CVE-2024-6489,0,0,77837ba400c3690c0bd50e14fc77c874a4c9eb96e5f8e8743896d9be72ad8366,2024-07-20T07:15:01.963000 +CVE-2024-6491,0,0,2d4efed2380d6e5a21aafbc277c8c56df6c7c10e7a84627d2aaf270c5470b669,2024-07-20T07:15:02.410000 CVE-2024-6492,0,0,82f79625038ad5debf137137104e45e1e353947b9c4b14df742baece7a047a71,2024-07-17T13:34:20.520000 CVE-2024-6495,0,0,0b63a825f2423d6e7ce9297b9249f183116fa1df04bb2bd344ba05222b36e9dd,2024-07-12T16:34:58.687000 +CVE-2024-6497,1,1,0a96a42e76e415edae93e1f489f04cc4c0b6b908e459e0f27c05f2f218d35692,2024-07-20T09:15:10.530000 CVE-2024-6501,0,0,45d58d6fcd90c3b83531e796541078a549af17f7a81eb1fbfe7d6944aa2bc8ac,2024-07-11T13:06:13.187000 CVE-2024-6504,0,0,12de06671a90020695ccfbcc739c1361cd1e9c3d2708a0b7d7abfdcce12f19fc,2024-07-18T12:28:43.707000 CVE-2024-6505,0,0,b8708084cd092b6ca88acb18ad5e80f748f8e2829ec040b8958bfe3c1fee2cd6,2024-07-08T15:41:17.883000 @@ -257453,6 +257519,9 @@ CVE-2024-6621,0,0,f5708b7519a1133fabc97c0209f19d7082b3f86d30fa6c319ccc36d4753af4 CVE-2024-6624,0,0,d641d0598d5f0d62f69b2f0bb30153f1263b9aa17a64dd7567b42517a1bc6027,2024-07-12T16:51:31.487000 CVE-2024-6625,0,0,b913737eefce9f28c47dc537f0edd398b1eeb297cd2eb30c69b59c3401317130,2024-07-12T12:49:07.030000 CVE-2024-6630,0,0,7742b604143993a9d769b9ab9c3e5aab85337a51e6772bb186961af80d29fee2,2024-07-10T18:15:05.407000 +CVE-2024-6635,1,1,a79180184950632c5e30b7fbd08d3c6de7979236d69a7557cf2dce565cef7253,2024-07-20T08:15:16.177000 +CVE-2024-6636,1,1,6c5c1289decd7ec99bfcf337def1efe1bfde6a5b4fed03c191a289434ea5b3ff,2024-07-20T08:15:16.510000 +CVE-2024-6637,1,1,88fd4028c11061cee2e8c6675200aa734c873a0d48e8ed2681671f5ab354ef3a,2024-07-20T08:15:16.840000 CVE-2024-6642,0,0,8d96c1180af1047f7b667e53dd25106a95583c9fef6033b783f527ef0b9e4e6b,2024-07-10T13:15:11.140000 CVE-2024-6643,0,0,c4eab211147138bb5613809a885f81bacb4eb0fc3c1e7955b1f331b632c0ef4a,2024-07-11T10:15:02.650000 CVE-2024-6644,0,0,0f2d20ba591a113ddb0330b932f8a246adf881e1931b22ed31564a539ff168f9,2024-07-11T13:05:54.930000