From fa3ee274b0e735d6ccafdd66b1e343abea22d783 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sun, 7 Apr 2024 20:03:28 +0000 Subject: [PATCH] Auto-Update: 2024-04-07T20:00:38.365929+00:00 --- CVE-2024/CVE-2024-221xx/CVE-2024-22155.json | 55 ++++++++++++ CVE-2024/CVE-2024-312xx/CVE-2024-31233.json | 55 ++++++++++++ CVE-2024/CVE-2024-312xx/CVE-2024-31234.json | 55 ++++++++++++ CVE-2024/CVE-2024-312xx/CVE-2024-31236.json | 55 ++++++++++++ CVE-2024/CVE-2024-312xx/CVE-2024-31241.json | 55 ++++++++++++ CVE-2024/CVE-2024-312xx/CVE-2024-31255.json | 55 ++++++++++++ CVE-2024/CVE-2024-312xx/CVE-2024-31256.json | 55 ++++++++++++ CVE-2024/CVE-2024-312xx/CVE-2024-31257.json | 55 ++++++++++++ CVE-2024/CVE-2024-312xx/CVE-2024-31258.json | 55 ++++++++++++ CVE-2024/CVE-2024-312xx/CVE-2024-31260.json | 55 ++++++++++++ CVE-2024/CVE-2024-312xx/CVE-2024-31277.json | 55 ++++++++++++ CVE-2024/CVE-2024-312xx/CVE-2024-31280.json | 55 ++++++++++++ CVE-2024/CVE-2024-312xx/CVE-2024-31286.json | 55 ++++++++++++ CVE-2024/CVE-2024-312xx/CVE-2024-31288.json | 55 ++++++++++++ CVE-2024/CVE-2024-312xx/CVE-2024-31291.json | 55 ++++++++++++ CVE-2024/CVE-2024-312xx/CVE-2024-31292.json | 55 ++++++++++++ CVE-2024/CVE-2024-312xx/CVE-2024-31296.json | 55 ++++++++++++ CVE-2024/CVE-2024-313xx/CVE-2024-31306.json | 55 ++++++++++++ CVE-2024/CVE-2024-313xx/CVE-2024-31308.json | 55 ++++++++++++ CVE-2024/CVE-2024-313xx/CVE-2024-31344.json | 55 ++++++++++++ CVE-2024/CVE-2024-313xx/CVE-2024-31345.json | 55 ++++++++++++ CVE-2024/CVE-2024-313xx/CVE-2024-31346.json | 55 ++++++++++++ CVE-2024/CVE-2024-313xx/CVE-2024-31348.json | 55 ++++++++++++ CVE-2024/CVE-2024-313xx/CVE-2024-31349.json | 55 ++++++++++++ CVE-2024/CVE-2024-34xx/CVE-2024-3428.json | 92 +++++++++++++++++++++ README.md | 37 +++++++-- _state.csv | 33 +++++++- 27 files changed, 1470 insertions(+), 12 deletions(-) create mode 100644 CVE-2024/CVE-2024-221xx/CVE-2024-22155.json create mode 100644 CVE-2024/CVE-2024-312xx/CVE-2024-31233.json create mode 100644 CVE-2024/CVE-2024-312xx/CVE-2024-31234.json create mode 100644 CVE-2024/CVE-2024-312xx/CVE-2024-31236.json create mode 100644 CVE-2024/CVE-2024-312xx/CVE-2024-31241.json create mode 100644 CVE-2024/CVE-2024-312xx/CVE-2024-31255.json create mode 100644 CVE-2024/CVE-2024-312xx/CVE-2024-31256.json create mode 100644 CVE-2024/CVE-2024-312xx/CVE-2024-31257.json create mode 100644 CVE-2024/CVE-2024-312xx/CVE-2024-31258.json create mode 100644 CVE-2024/CVE-2024-312xx/CVE-2024-31260.json create mode 100644 CVE-2024/CVE-2024-312xx/CVE-2024-31277.json create mode 100644 CVE-2024/CVE-2024-312xx/CVE-2024-31280.json create mode 100644 CVE-2024/CVE-2024-312xx/CVE-2024-31286.json create mode 100644 CVE-2024/CVE-2024-312xx/CVE-2024-31288.json create mode 100644 CVE-2024/CVE-2024-312xx/CVE-2024-31291.json create mode 100644 CVE-2024/CVE-2024-312xx/CVE-2024-31292.json create mode 100644 CVE-2024/CVE-2024-312xx/CVE-2024-31296.json create mode 100644 CVE-2024/CVE-2024-313xx/CVE-2024-31306.json create mode 100644 CVE-2024/CVE-2024-313xx/CVE-2024-31308.json create mode 100644 CVE-2024/CVE-2024-313xx/CVE-2024-31344.json create mode 100644 CVE-2024/CVE-2024-313xx/CVE-2024-31345.json create mode 100644 CVE-2024/CVE-2024-313xx/CVE-2024-31346.json create mode 100644 CVE-2024/CVE-2024-313xx/CVE-2024-31348.json create mode 100644 CVE-2024/CVE-2024-313xx/CVE-2024-31349.json create mode 100644 CVE-2024/CVE-2024-34xx/CVE-2024-3428.json diff --git a/CVE-2024/CVE-2024-221xx/CVE-2024-22155.json b/CVE-2024/CVE-2024-221xx/CVE-2024-22155.json new file mode 100644 index 00000000000..664c2441175 --- /dev/null +++ b/CVE-2024/CVE-2024-221xx/CVE-2024-22155.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-22155", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-04-07T18:15:08.573", + "lastModified": "2024-04-07T18:15:08.573", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 8.5.2.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/woocommerce/wordpress-woocommerce-plugin-8-5-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-312xx/CVE-2024-31233.json b/CVE-2024/CVE-2024-312xx/CVE-2024-31233.json new file mode 100644 index 00000000000..4c92fd7b531 --- /dev/null +++ b/CVE-2024/CVE-2024-312xx/CVE-2024-31233.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-31233", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-04-07T18:15:08.797", + "lastModified": "2024-04-07T18:15:08.797", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sizam Rehub.This issue affects Rehub: from n/a through 19.6.1.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 8.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/rehub-theme/wordpress-rehub-theme-19-6-1-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-312xx/CVE-2024-31234.json b/CVE-2024/CVE-2024-312xx/CVE-2024-31234.json new file mode 100644 index 00000000000..bf330aef026 --- /dev/null +++ b/CVE-2024/CVE-2024-312xx/CVE-2024-31234.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-31234", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-04-07T18:15:09.000", + "lastModified": "2024-04-07T18:15:09.000", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sizam REHub Framework.This issue affects REHub Framework: from n/a before 19.6.2.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 8.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/rehub-framework/wordpress-rehub-framework-plugin-19-6-2-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-312xx/CVE-2024-31236.json b/CVE-2024/CVE-2024-312xx/CVE-2024-31236.json new file mode 100644 index 00000000000..b15898a2eb1 --- /dev/null +++ b/CVE-2024/CVE-2024-312xx/CVE-2024-31236.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-31236", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-04-07T18:15:09.197", + "lastModified": "2024-04-07T18:15:09.197", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons allows Stored XSS.This issue affects Royal Elementor Addons: from n/a through 1.3.93.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/royal-elementor-addons/wordpress-royal-elementor-addons-plugin-1-3-93-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-312xx/CVE-2024-31241.json b/CVE-2024/CVE-2024-312xx/CVE-2024-31241.json new file mode 100644 index 00000000000..cbe71236482 --- /dev/null +++ b/CVE-2024/CVE-2024-312xx/CVE-2024-31241.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-31241", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-04-07T18:15:09.390", + "lastModified": "2024-04-07T18:15:09.390", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThimPress LearnPress Export Import.This issue affects LearnPress Export Import: from n/a through 4.0.3.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 7.6, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.3, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/learnpress-import-export/wordpress-learnpress-export-import-plugin-4-0-3-admin-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-312xx/CVE-2024-31255.json b/CVE-2024/CVE-2024-312xx/CVE-2024-31255.json new file mode 100644 index 00000000000..69b23442824 --- /dev/null +++ b/CVE-2024/CVE-2024-312xx/CVE-2024-31255.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-31255", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-04-07T18:15:09.590", + "lastModified": "2024-04-07T18:15:09.590", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ELEXtensions ELEX WooCommerce Dynamic Pricing and Discounts allows Reflected XSS.This issue affects ELEX WooCommerce Dynamic Pricing and Discounts: from n/a through 2.1.2.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/elex-woocommerce-dynamic-pricing-and-discounts/wordpress-elex-woocommerce-dynamic-pricing-and-discounts-plugin-2-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-312xx/CVE-2024-31256.json b/CVE-2024/CVE-2024-312xx/CVE-2024-31256.json new file mode 100644 index 00000000000..7dd09da1cea --- /dev/null +++ b/CVE-2024/CVE-2024-312xx/CVE-2024-31256.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-31256", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-04-07T18:15:09.800", + "lastModified": "2024-04-07T18:15:09.800", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebinarPress allows Reflected XSS.This issue affects WebinarPress: from n/a through 1.33.9.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-webinarsystem/wordpress-webinarpress-plugin-1-33-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-312xx/CVE-2024-31257.json b/CVE-2024/CVE-2024-312xx/CVE-2024-31257.json new file mode 100644 index 00000000000..b092659049a --- /dev/null +++ b/CVE-2024/CVE-2024-312xx/CVE-2024-31257.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-31257", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-04-07T18:15:09.993", + "lastModified": "2024-04-07T18:15:09.993", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Formsite Formsite | Embed online forms to collect orders, registrations, leads, and surveys allows Stored XSS.This issue affects Formsite | Embed online forms to collect orders, registrations, leads, and surveys: from n/a through 1.6.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/formsite/wordpress-formsite-plugin-1-6-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-312xx/CVE-2024-31258.json b/CVE-2024/CVE-2024-312xx/CVE-2024-31258.json new file mode 100644 index 00000000000..eb46698fb3c --- /dev/null +++ b/CVE-2024/CVE-2024-312xx/CVE-2024-31258.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-31258", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-04-07T18:15:10.190", + "lastModified": "2024-04-07T18:15:10.190", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Micro.Company Form to Chat App allows Stored XSS.This issue affects Form to Chat App: from n/a through 1.1.6.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/form-to-chat/wordpress-form-to-chat-app-plugin-1-1-6-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-312xx/CVE-2024-31260.json b/CVE-2024/CVE-2024-312xx/CVE-2024-31260.json new file mode 100644 index 00000000000..07d4d5c614c --- /dev/null +++ b/CVE-2024/CVE-2024-312xx/CVE-2024-31260.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-31260", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-04-07T18:15:10.380", + "lastModified": "2024-04-07T18:15:10.380", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WisdmLabs Edwiser Bridge.This issue affects Edwiser Bridge: from n/a through 3.0.2.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 7.6, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.3, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/edwiser-bridge/wordpress-edwiser-bridge-wordpress-moodle-lms-integration-plugin-3-0-2-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-312xx/CVE-2024-31277.json b/CVE-2024/CVE-2024-312xx/CVE-2024-31277.json new file mode 100644 index 00000000000..29992f6fa72 --- /dev/null +++ b/CVE-2024/CVE-2024-312xx/CVE-2024-31277.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-31277", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-04-07T18:15:10.580", + "lastModified": "2024-04-07T18:15:10.580", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Deserialization of Untrusted Data vulnerability in PickPlugins Product Designer.This issue affects Product Designer: from n/a through 1.0.32.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 8.7, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.8 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/product-designer/wordpress-product-designer-plugin-1-0-32-php-object-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-312xx/CVE-2024-31280.json b/CVE-2024/CVE-2024-312xx/CVE-2024-31280.json new file mode 100644 index 00000000000..7c4999bfffa --- /dev/null +++ b/CVE-2024/CVE-2024-312xx/CVE-2024-31280.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-31280", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-04-07T18:15:10.827", + "lastModified": "2024-04-07T18:15:10.827", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.5.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.9, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.1, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/church-admin/wordpress-church-admin-plugin-4-1-5-arbitrary-file-upload-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-312xx/CVE-2024-31286.json b/CVE-2024/CVE-2024-312xx/CVE-2024-31286.json new file mode 100644 index 00000000000..90b273d08d2 --- /dev/null +++ b/CVE-2024/CVE-2024-312xx/CVE-2024-31286.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-31286", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-04-07T18:15:11.030", + "lastModified": "2024-04-07T18:15:11.030", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a before 8.6.03.005.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.9, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.1, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-photo-album-plus/wordpress-wp-photo-album-plus-plugin-8-6-03-005-arbitrary-file-upload-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-312xx/CVE-2024-31288.json b/CVE-2024/CVE-2024-312xx/CVE-2024-31288.json new file mode 100644 index 00000000000..96f9bf1f654 --- /dev/null +++ b/CVE-2024/CVE-2024-312xx/CVE-2024-31288.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-31288", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-04-07T18:15:11.233", + "lastModified": "2024-04-07T18:15:11.233", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Server-Side Request Forgery (SSRF) vulnerability in RapidLoad RapidLoad Power-Up for Autoptimize.This issue affects RapidLoad Power-Up for Autoptimize: from n/a through 2.2.11.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/unusedcss/wordpress-rapidload-plugin-2-2-11-server-side-request-forgery-ssrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-312xx/CVE-2024-31291.json b/CVE-2024/CVE-2024-312xx/CVE-2024-31291.json new file mode 100644 index 00000000000..a55525e497b --- /dev/null +++ b/CVE-2024/CVE-2024-312xx/CVE-2024-31291.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-31291", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-04-07T18:15:11.437", + "lastModified": "2024-04-07T18:15:11.437", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.6.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-639" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/profilegrid-user-profiles-groups-and-communities/wordpress-profilegrid-plugin-5-7-6-idor-on-friend-request-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-312xx/CVE-2024-31292.json b/CVE-2024/CVE-2024-312xx/CVE-2024-31292.json new file mode 100644 index 00000000000..276bc26b178 --- /dev/null +++ b/CVE-2024/CVE-2024-312xx/CVE-2024-31292.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-31292", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-04-07T18:15:11.637", + "lastModified": "2024-04-07T18:15:11.637", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Moove Agency Import XML and RSS Feeds.This issue affects Import XML and RSS Feeds: from n/a through 2.1.5.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/import-xml-feed/wordpress-import-xml-and-rss-feeds-plugin-2-1-5-arbitrary-file-upload-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-312xx/CVE-2024-31296.json b/CVE-2024/CVE-2024-312xx/CVE-2024-31296.json new file mode 100644 index 00000000000..86016fb6afa --- /dev/null +++ b/CVE-2024/CVE-2024-312xx/CVE-2024-31296.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-31296", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-04-07T18:15:11.833", + "lastModified": "2024-04-07T18:15:11.833", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Authorization Bypass Through User-Controlled Key vulnerability in Repute Infosystems BookingPress.This issue affects BookingPress: from n/a through 1.0.81.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-639" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/bookingpress-appointment-booking/wordpress-bookingpress-plugin-1-0-81-insecure-direct-object-references-idor-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-313xx/CVE-2024-31306.json b/CVE-2024/CVE-2024-313xx/CVE-2024-31306.json new file mode 100644 index 00000000000..3be72bb1f83 --- /dev/null +++ b/CVE-2024/CVE-2024-313xx/CVE-2024-31306.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-31306", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-04-07T18:15:12.060", + "lastModified": "2024-04-07T18:15:12.060", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Stored XSS.This issue affects Essential Blocks for Gutenberg: from n/a through 4.5.3.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/essential-blocks/wordpress-essential-blocks-plugin-4-5-3-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-313xx/CVE-2024-31308.json b/CVE-2024/CVE-2024-313xx/CVE-2024-31308.json new file mode 100644 index 00000000000..ddb2a77c0c4 --- /dev/null +++ b/CVE-2024/CVE-2024-313xx/CVE-2024-31308.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-31308", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-04-07T18:15:12.253", + "lastModified": "2024-04-07T18:15:12.253", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Deserialization of Untrusted Data vulnerability in VJInfotech WP Import Export Lite.This issue affects WP Import Export Lite: from n/a through 3.9.26.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-import-export-lite/wordpress-wp-import-export-lite-wp-import-export-plugin-3-9-26-php-object-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-313xx/CVE-2024-31344.json b/CVE-2024/CVE-2024-313xx/CVE-2024-31344.json new file mode 100644 index 00000000000..49fb02b5352 --- /dev/null +++ b/CVE-2024/CVE-2024-313xx/CVE-2024-31344.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-31344", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-04-07T18:15:12.460", + "lastModified": "2024-04-07T18:15:12.460", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Phpbits Creative Studio Easy Login Styler \u2013 White Label Admin Login Page for WordPress allows Stored XSS.This issue affects Easy Login Styler \u2013 White Label Admin Login Page for WordPress: from n/a through 1.0.6.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/easy-login-styler/wordpress-easy-login-styler-plugin-1-0-6-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-313xx/CVE-2024-31345.json b/CVE-2024/CVE-2024-313xx/CVE-2024-31345.json new file mode 100644 index 00000000000..33fc76eb68c --- /dev/null +++ b/CVE-2024/CVE-2024-313xx/CVE-2024-31345.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-31345", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-04-07T18:15:12.650", + "lastModified": "2024-04-07T18:15:12.650", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Sukhchain Singh Auto Poster.This issue affects Auto Poster: from n/a through 1.2.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.3, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/auto-poster/wordpress-auto-poster-plugin-1-2-arbitrary-file-upload-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-313xx/CVE-2024-31346.json b/CVE-2024/CVE-2024-313xx/CVE-2024-31346.json new file mode 100644 index 00000000000..cc4cdf5a50f --- /dev/null +++ b/CVE-2024/CVE-2024-313xx/CVE-2024-31346.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-31346", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-04-07T18:15:12.840", + "lastModified": "2024-04-07T18:15:12.840", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Blocksmarket Gradient Text Widget for Elementor allows Stored XSS.This issue affects Gradient Text Widget for Elementor: from n/a through 1.0.1.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/gradient-text-widget-for-elementor/wordpress-gradient-text-widget-for-elementor-plugin-1-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-313xx/CVE-2024-31348.json b/CVE-2024/CVE-2024-313xx/CVE-2024-31348.json new file mode 100644 index 00000000000..e79ca00861a --- /dev/null +++ b/CVE-2024/CVE-2024-313xx/CVE-2024-31348.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-31348", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-04-07T18:15:13.040", + "lastModified": "2024-04-07T18:15:13.040", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Testimonials allows Stored XSS.This issue affects Testimonials: from n/a through 3.0.5.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/super-testimonial/wordpress-super-testimonials-plugin-3-0-5-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-313xx/CVE-2024-31349.json b/CVE-2024/CVE-2024-313xx/CVE-2024-31349.json new file mode 100644 index 00000000000..24bca532cb6 --- /dev/null +++ b/CVE-2024/CVE-2024-313xx/CVE-2024-31349.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-31349", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-04-07T18:15:13.240", + "lastModified": "2024-04-07T18:15:13.240", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MailMunch MailMunch \u2013 Grow your Email List allows Stored XSS.This issue affects MailMunch \u2013 Grow your Email List: from n/a through 3.1.6.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/mailmunch/wordpress-mailmunch-grow-your-email-list-plugin-3-1-6-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-34xx/CVE-2024-3428.json b/CVE-2024/CVE-2024-34xx/CVE-2024-3428.json new file mode 100644 index 00000000000..7b732ecd76b --- /dev/null +++ b/CVE-2024/CVE-2024-34xx/CVE-2024-3428.json @@ -0,0 +1,92 @@ +{ + "id": "CVE-2024-3428", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-04-07T18:15:13.433", + "lastModified": "2024-04-07T18:15:13.433", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in SourceCodester Online Courseware 1.0 and classified as problematic. This vulnerability affects unknown code of the file edit.php. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259600." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 4.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/thisissuperann/Vul/blob/Online-Courseware/Online-Courseware-13.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.259600", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.259600", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.311607", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 45a50f2e248..d268764064f 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-04-07T18:00:38.410716+00:00 +2024-04-07T20:00:38.365929+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-04-07T17:15:09.630000+00:00 +2024-04-07T18:15:13.433000+00:00 ``` ### Last Data Feed Release @@ -33,17 +33,38 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -244324 +244349 ``` ### CVEs added in the last Commit -Recently added CVEs: `4` +Recently added CVEs: `25` -- [CVE-2024-3424](CVE-2024/CVE-2024-34xx/CVE-2024-3424.json) (`2024-04-07T16:15:07.620`) -- [CVE-2024-3425](CVE-2024/CVE-2024-34xx/CVE-2024-3425.json) (`2024-04-07T16:15:07.927`) -- [CVE-2024-3426](CVE-2024/CVE-2024-34xx/CVE-2024-3426.json) (`2024-04-07T17:15:09.393`) -- [CVE-2024-3427](CVE-2024/CVE-2024-34xx/CVE-2024-3427.json) (`2024-04-07T17:15:09.630`) +- [CVE-2024-22155](CVE-2024/CVE-2024-221xx/CVE-2024-22155.json) (`2024-04-07T18:15:08.573`) +- [CVE-2024-31233](CVE-2024/CVE-2024-312xx/CVE-2024-31233.json) (`2024-04-07T18:15:08.797`) +- [CVE-2024-31234](CVE-2024/CVE-2024-312xx/CVE-2024-31234.json) (`2024-04-07T18:15:09.000`) +- [CVE-2024-31236](CVE-2024/CVE-2024-312xx/CVE-2024-31236.json) (`2024-04-07T18:15:09.197`) +- [CVE-2024-31241](CVE-2024/CVE-2024-312xx/CVE-2024-31241.json) (`2024-04-07T18:15:09.390`) +- [CVE-2024-31255](CVE-2024/CVE-2024-312xx/CVE-2024-31255.json) (`2024-04-07T18:15:09.590`) +- [CVE-2024-31256](CVE-2024/CVE-2024-312xx/CVE-2024-31256.json) (`2024-04-07T18:15:09.800`) +- [CVE-2024-31257](CVE-2024/CVE-2024-312xx/CVE-2024-31257.json) (`2024-04-07T18:15:09.993`) +- [CVE-2024-31258](CVE-2024/CVE-2024-312xx/CVE-2024-31258.json) (`2024-04-07T18:15:10.190`) +- [CVE-2024-31260](CVE-2024/CVE-2024-312xx/CVE-2024-31260.json) (`2024-04-07T18:15:10.380`) +- [CVE-2024-31277](CVE-2024/CVE-2024-312xx/CVE-2024-31277.json) (`2024-04-07T18:15:10.580`) +- [CVE-2024-31280](CVE-2024/CVE-2024-312xx/CVE-2024-31280.json) (`2024-04-07T18:15:10.827`) +- [CVE-2024-31286](CVE-2024/CVE-2024-312xx/CVE-2024-31286.json) (`2024-04-07T18:15:11.030`) +- [CVE-2024-31288](CVE-2024/CVE-2024-312xx/CVE-2024-31288.json) (`2024-04-07T18:15:11.233`) +- [CVE-2024-31291](CVE-2024/CVE-2024-312xx/CVE-2024-31291.json) (`2024-04-07T18:15:11.437`) +- [CVE-2024-31292](CVE-2024/CVE-2024-312xx/CVE-2024-31292.json) (`2024-04-07T18:15:11.637`) +- [CVE-2024-31296](CVE-2024/CVE-2024-312xx/CVE-2024-31296.json) (`2024-04-07T18:15:11.833`) +- [CVE-2024-31306](CVE-2024/CVE-2024-313xx/CVE-2024-31306.json) (`2024-04-07T18:15:12.060`) +- [CVE-2024-31308](CVE-2024/CVE-2024-313xx/CVE-2024-31308.json) (`2024-04-07T18:15:12.253`) +- [CVE-2024-31344](CVE-2024/CVE-2024-313xx/CVE-2024-31344.json) (`2024-04-07T18:15:12.460`) +- [CVE-2024-31345](CVE-2024/CVE-2024-313xx/CVE-2024-31345.json) (`2024-04-07T18:15:12.650`) +- [CVE-2024-31346](CVE-2024/CVE-2024-313xx/CVE-2024-31346.json) (`2024-04-07T18:15:12.840`) +- [CVE-2024-31348](CVE-2024/CVE-2024-313xx/CVE-2024-31348.json) (`2024-04-07T18:15:13.040`) +- [CVE-2024-31349](CVE-2024/CVE-2024-313xx/CVE-2024-31349.json) (`2024-04-07T18:15:13.240`) +- [CVE-2024-3428](CVE-2024/CVE-2024-34xx/CVE-2024-3428.json) (`2024-04-07T18:15:13.433`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 876916fffbe..b9af02a0a1f 100644 --- a/_state.csv +++ b/_state.csv @@ -240374,6 +240374,7 @@ CVE-2024-22150,0,0,73a6449bdd862cb4aceb7dfcabf00926f0730684d1b40796cd1922a1d8912 CVE-2024-22152,0,0,77741f5ed7ba0cff2726117ba8b408bddeb0ad8028c0019d800ba91134fb10eb,2024-01-30T17:36:20.533000 CVE-2024-22153,0,0,183cafa541cc9d6796e6f60d4f84cc3fefe9e93bd9495a8b813ab36c05739148,2024-02-06T15:43:49.957000 CVE-2024-22154,0,0,c5d6f5ccc259910245679ed3525d0fea5ed728e2e4ec972b00aa2e1bbd5206eb,2024-01-31T20:20:56.647000 +CVE-2024-22155,1,1,3cc7c0c3c671826c7791bd404db62c634ca88b8e7a30c745686cfb4275482c8c,2024-04-07T18:15:08.573000 CVE-2024-22156,0,0,68e46e7ffbddadf814e0490a96df34ae26c80a5e219194d86915e32aa69a13ea,2024-03-26T17:09:53.043000 CVE-2024-22158,0,0,be5acba9413a4f0452950024099977323786ffce7bb9629de27484705b832f92,2024-02-06T15:25:24.303000 CVE-2024-22159,0,0,af65d98e1fc14c93d259c6b50b292b96d1dcf8bdc170ccb9c7a80ba7229999dc,2024-02-06T15:37:01.700000 @@ -244197,12 +244198,35 @@ CVE-2024-31213,0,0,19a0c401ca67e66e86518628c3bc67a57443f6d2510fb0e2e0eb2b07016e3 CVE-2024-31215,0,0,34a0a231f3970708fb3e5686678c657f48cd1675d27ab51eed18f5cf652dec67,2024-04-04T16:33:06.610000 CVE-2024-31218,0,0,2cc0c7155891260a2e304c7f7c9b9f864ea2df678ab0837aa91ce6bd7b753c89,2024-04-05T15:15:07.863000 CVE-2024-31220,0,0,8d197f4e82630274399fe6c2cf5db685f8a9989529d5618ae3648323da3da3fe,2024-04-05T15:15:08.060000 +CVE-2024-31233,1,1,01776c48338e2c3eab6d14190a3411779ae36b37bbb141038e67728efaf69c9a,2024-04-07T18:15:08.797000 +CVE-2024-31234,1,1,1fa31637e187c994b5d6f8d31633b9c52245dc14b1ef75120de91cf881de99c2,2024-04-07T18:15:09 +CVE-2024-31236,1,1,e30316997648dd95fa701bb0da95fa4c9d6a2e26dca12b212bba28299a961fd8,2024-04-07T18:15:09.197000 CVE-2024-3124,0,0,0636ee928c0356d73e2effbc159ce59d850c83e7a22c6ba92b3f50b98c28bb80,2024-04-01T15:53:18.060000 +CVE-2024-31241,1,1,2901218c92912727e14901241780463257de8d90db0cbd069ee263d804513b93,2024-04-07T18:15:09.390000 CVE-2024-3125,0,0,7c2049f0f2088c1a2b8c1e4ee00a5f848a0ae8a9d91f54f3eb97b0a3f7d4e8d6,2024-04-01T15:53:18.060000 +CVE-2024-31255,1,1,eb46a5989e0b46830f22a35338a338628ab0beb0355bccfeaed9221431cb3b9a,2024-04-07T18:15:09.590000 +CVE-2024-31256,1,1,8413e151ab331950a959325cc0c589a6d9060f28a579effd42ff401dd3d90971,2024-04-07T18:15:09.800000 +CVE-2024-31257,1,1,901967a65c60809d96e091786021432d29b487ffa3974b1fa3d186ea68be483a,2024-04-07T18:15:09.993000 +CVE-2024-31258,1,1,30aa297bfbe664aa9744535184dbc2aeee022bc364048b472ecf3b8fb7bcb762,2024-04-07T18:15:10.190000 +CVE-2024-31260,1,1,d3f0701c2d15bba63304b0e971e83cc9abc7ddd7788895b92561ae4fd214b6f3,2024-04-07T18:15:10.380000 +CVE-2024-31277,1,1,569c7b5fe02fe28370ac0838852be7774864d2677357c33c15fe2c4373d0189e,2024-04-07T18:15:10.580000 CVE-2024-3128,0,0,99e446b9358b3359d41455e79f935e7a2346ef504383103b90e3f03b87e0b1be,2024-04-01T15:53:18.060000 +CVE-2024-31280,1,1,99b9da848eb89c942f64e2f10071b1e792d06dcec7563e01650ea55d2f9e5f9c,2024-04-07T18:15:10.827000 +CVE-2024-31286,1,1,8e26962f33f5e5ffaef4b07c1e2430012e3c50344d51a1c5908c2dccc7185619,2024-04-07T18:15:11.030000 +CVE-2024-31288,1,1,0c78d7dcd5c6aa5fc600631a3d64ac591d59ea51d412d770f9e77d3bef1d08b3,2024-04-07T18:15:11.233000 CVE-2024-3129,0,0,27905c678ccde6c6c34478a63dd1fa6ed5863639c794da268ac6a9e07ad3aaf4,2024-04-02T12:50:42.233000 +CVE-2024-31291,1,1,99fc2f74979700b8807223808d052beeec793865508aada673263f865c83e360,2024-04-07T18:15:11.437000 +CVE-2024-31292,1,1,fd57ef1d59b9ce2b769954617c4d8a061083e57f2eb225aeaf7714922765699b,2024-04-07T18:15:11.637000 +CVE-2024-31296,1,1,5e8d386dc5bf780e2b327de394844fb2b248f6a7e0390d482727a0a74c7bec4e,2024-04-07T18:15:11.833000 CVE-2024-3130,0,0,f68ffdb025359112b42b29b07959a49895dfaeeef79aecb0f7981acd1536b04b,2024-04-01T12:49:00.877000 +CVE-2024-31306,1,1,2e2730db945a0d3c0caf2daf31b05192957297abd15dd210f41920a9dc1297ef,2024-04-07T18:15:12.060000 +CVE-2024-31308,1,1,d6f2bc4e2108ce47f9aa93f9ad37f0200c1dfa202162b0584433c31501c5a26e,2024-04-07T18:15:12.253000 CVE-2024-3131,0,0,2b79afbaf014f4ade09eea20b1cd97cb73297f40c06110081e5ce6e7cfad71a4,2024-04-02T12:50:42.233000 +CVE-2024-31344,1,1,d9aa4c9d47170a9732b4f35ecd33461f630a999322d6824007cb59daf6dbe35a,2024-04-07T18:15:12.460000 +CVE-2024-31345,1,1,e1f9f49ccf84accf5aaeed7b649a222014782f93072d4f5955eba12d83abf585,2024-04-07T18:15:12.650000 +CVE-2024-31346,1,1,bbcfa6a9022c6186c14f1f03f04a58f8387646566ec46a96da09b6d707e9b419,2024-04-07T18:15:12.840000 +CVE-2024-31348,1,1,ad7275da15911b4135ef07a24b64619101703c47460bd4b1d6378f7132e025ce,2024-04-07T18:15:13.040000 +CVE-2024-31349,1,1,9af1c1c7529d33bc6d7573e351321f4ec0e59398b9452646768e750db7e7de9c,2024-04-07T18:15:13.240000 CVE-2024-3135,0,0,91954ab6e8bf3cb2f93a640035369c46334c6e185515d1b835de2161b0fd8f69,2024-04-02T12:50:42.233000 CVE-2024-3137,0,0,85619be4f983f97db1d6302bec8264dd546f884b93dfcad5f6be85034ffe5dcb,2024-04-02T12:50:42.233000 CVE-2024-3138,0,0,b2250a42d544b358de2555f1c668a77223939f10414766861d02ac21eac35bc6,2024-04-02T12:50:42.233000 @@ -244319,7 +244343,8 @@ CVE-2024-3420,0,0,720c3fd5382253ca08ad331b18079caf490b53b497de7eb7a933efa0648375 CVE-2024-3421,0,0,a560b26aaea924bd323615f86acd3e3dc05cff9023c442c8367172e85c4ab4f1,2024-04-07T13:15:09.227000 CVE-2024-3422,0,0,f7098e0ea33e88216934e31cdd454d33a88a63a7202d06837972e1794c274c95,2024-04-07T14:15:07.867000 CVE-2024-3423,0,0,47d613e97d135ead157c8346f9e1010cd1b8dfede5f54337cc44b38aa442db01,2024-04-07T15:15:07.253000 -CVE-2024-3424,1,1,416b173107142151cbfbd145eee3c90740752edd3c3a6a049700502e94453f01,2024-04-07T16:15:07.620000 -CVE-2024-3425,1,1,fbd896882eb884331615ff7d4830f5df99e03c1ebca7ef125a9cf745a3b27fba,2024-04-07T16:15:07.927000 -CVE-2024-3426,1,1,815bcce939c5095048cd01f520734251cb30b1f9553afe5bcb883fdb66853062,2024-04-07T17:15:09.393000 -CVE-2024-3427,1,1,0fb37a1d882e36307a5014bd125121dde7186a40ad001542f5d84e1d4b2d82dd,2024-04-07T17:15:09.630000 +CVE-2024-3424,0,0,416b173107142151cbfbd145eee3c90740752edd3c3a6a049700502e94453f01,2024-04-07T16:15:07.620000 +CVE-2024-3425,0,0,fbd896882eb884331615ff7d4830f5df99e03c1ebca7ef125a9cf745a3b27fba,2024-04-07T16:15:07.927000 +CVE-2024-3426,0,0,815bcce939c5095048cd01f520734251cb30b1f9553afe5bcb883fdb66853062,2024-04-07T17:15:09.393000 +CVE-2024-3427,0,0,0fb37a1d882e36307a5014bd125121dde7186a40ad001542f5d84e1d4b2d82dd,2024-04-07T17:15:09.630000 +CVE-2024-3428,1,1,962773b87769090a144966347576470873b363adcd81e79e8c506879e17336ac,2024-04-07T18:15:13.433000