diff --git a/cves/2023/44xxx/CVE-2023-44258.json b/cves/2023/44xxx/CVE-2023-44258.json new file mode 100644 index 000000000000..42b14a195a0e --- /dev/null +++ b/cves/2023/44xxx/CVE-2023-44258.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-44258", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2023-09-27T12:39:26.099Z", + "datePublished": "2025-01-02T11:59:46.069Z", + "dateUpdated": "2025-01-02T11:59:46.069Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T11:59:46.069Z" + }, + "title": "WordPress Schema App Structured Data plugin <= 1.23.1 - Broken Access Control + CSRF vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "Schema App", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "schema-app-structured-data-for-schemaorg", + "product": "Schema App Structured Data", + "versions": [ + { + "lessThanOrEqual": "1.23.1", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "1.23.2", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in Schema App Schema App Structured Data allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Schema App Structured Data: from n/a through 1.23.1.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in Schema App Schema App Structured Data allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects Schema App Structured Data: from n/a through 1.23.1.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/schema-app-structured-data-for-schemaorg/vulnerability/wordpress-schema-app-structured-data-plugin-1-22-3-csrf-broken-access-control-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 5.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "No patched version is available. No reply from the vendor." + } + ], + "value": "No patched version is available. No reply from the vendor." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Rio Darmawan (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2023/44xxx/CVE-2023-44988.json b/cves/2023/44xxx/CVE-2023-44988.json new file mode 100644 index 000000000000..1bc25ff40b2e --- /dev/null +++ b/cves/2023/44xxx/CVE-2023-44988.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-44988", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2023-10-02T09:38:08.907Z", + "datePublished": "2025-01-02T11:59:46.731Z", + "dateUpdated": "2025-01-02T11:59:46.731Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T11:59:46.731Z" + }, + "title": "WordPress WP Custom Admin Interface plugin <= 7.32 - Broken Access Control vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "Martin Gibson", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "wp-custom-admin-interface", + "product": "WP Custom Admin Interface", + "versions": [ + { + "lessThanOrEqual": "7.32", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "7.33", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in Martin Gibson WP Custom Admin Interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through 7.32.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in Martin Gibson WP Custom Admin Interface allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects WP Custom Admin Interface: from n/a through 7.32.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/wp-custom-admin-interface/vulnerability/wordpress-wp-custom-admin-interface-plugin-7-32-broken-access-control-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress WP Custom Admin Interface plugin to the latest available version (at least 7.33)." + } + ], + "value": "Update the WordPress WP Custom Admin Interface plugin to the latest available version (at least 7.33)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Abdi Pranata (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2023/45xxx/CVE-2023-45002.json b/cves/2023/45xxx/CVE-2023-45002.json new file mode 100644 index 000000000000..5753b92f3166 --- /dev/null +++ b/cves/2023/45xxx/CVE-2023-45002.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-45002", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2023-10-02T10:33:37.983Z", + "datePublished": "2025-01-02T11:59:47.346Z", + "dateUpdated": "2025-01-02T11:59:47.346Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T11:59:47.346Z" + }, + "title": "WordPress WP User Frontend plugin <= 3.6.8 - Broken Access Control vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "weDevs", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "wp-user-frontend", + "product": "WP User Frontend", + "versions": [ + { + "lessThanOrEqual": "3.6.8", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "3.6.9", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in weDevs WP User Frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through 3.6.8.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in weDevs WP User Frontend allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects WP User Frontend: from n/a through 3.6.8.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/wp-user-frontend/vulnerability/wordpress-wp-user-frontend-plugin-3-6-8-broken-access-control-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress WP User Frontend plugin to the latest available version (at least 3.6.9)." + } + ], + "value": "Update the WordPress WP User Frontend plugin to the latest available version (at least 3.6.9)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Abdi Pranata (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2023/45xxx/CVE-2023-45045.json b/cves/2023/45xxx/CVE-2023-45045.json new file mode 100644 index 000000000000..d747d8dcd9a1 --- /dev/null +++ b/cves/2023/45xxx/CVE-2023-45045.json @@ -0,0 +1,123 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-45045", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2023-10-03T13:30:39.402Z", + "datePublished": "2025-01-02T11:59:47.939Z", + "dateUpdated": "2025-01-02T11:59:47.939Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T11:59:47.939Z" + }, + "title": "WordPress WP Custom Widget area plugin <= 1.2.5 - Broken Access Control vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "Kishor Khambu", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "wp-custom-widget-area", + "product": "WP Custom Widget area", + "versions": [ + { + "lessThanOrEqual": "1.2.5", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in Kishor Khambu WP Custom Widget area allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Widget area: from n/a through 1.2.5.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in Kishor Khambu WP Custom Widget area allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects WP Custom Widget area: from n/a through 1.2.5.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/wp-custom-widget-area/vulnerability/wordpress-wp-custom-widget-area-plugin-1-2-5-broken-access-control-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 5.4, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Abdi Pranata (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2023/45xxx/CVE-2023-45061.json b/cves/2023/45xxx/CVE-2023-45061.json new file mode 100644 index 000000000000..b1d4563fb1a9 --- /dev/null +++ b/cves/2023/45xxx/CVE-2023-45061.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-45061", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2023-10-03T13:31:00.205Z", + "datePublished": "2025-01-02T11:59:48.514Z", + "dateUpdated": "2025-01-02T11:59:48.514Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T11:59:48.514Z" + }, + "title": "WordPress WP Job Openings plugin <= 3.4.1 - Broken Access Control vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "AWSM Innovations", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "wp-job-openings", + "product": "WP Job Openings", + "versions": [ + { + "lessThanOrEqual": "3.4.1", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "3.4.2", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in AWSM Innovations WP Job Openings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Openings: from n/a through 3.4.1.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in AWSM Innovations WP Job Openings allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects WP Job Openings: from n/a through 3.4.1.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/wp-job-openings/vulnerability/wordpress-wp-job-openings-plugin-3-4-1-broken-access-control-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 5.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress WP Job Openings plugin to the latest available version (at least 3.4.2)." + } + ], + "value": "Update the WordPress WP Job Openings plugin to the latest available version (at least 3.4.2)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Revan Arifio (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2023/45xxx/CVE-2023-45101.json b/cves/2023/45xxx/CVE-2023-45101.json new file mode 100644 index 000000000000..2900f19d8e2b --- /dev/null +++ b/cves/2023/45xxx/CVE-2023-45101.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-45101", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2023-10-04T14:11:49.847Z", + "datePublished": "2025-01-02T11:59:49.130Z", + "dateUpdated": "2025-01-02T11:59:49.130Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T11:59:49.130Z" + }, + "title": "WordPress Customer Reviews for WooCommerce plugin <= 5.36.0 - Broken Access Control vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "CusRev", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "customer-reviews-woocommerce", + "product": "Customer Reviews for WooCommerce", + "versions": [ + { + "lessThanOrEqual": "5.36.0", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "5.36.1", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in CusRev Customer Reviews for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Customer Reviews for WooCommerce: from n/a through 5.36.0.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in CusRev Customer Reviews for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects Customer Reviews for WooCommerce: from n/a through 5.36.0.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/customer-reviews-woocommerce/vulnerability/wordpress-customer-reviews-for-woocommerce-plugin-5-36-0-broken-access-control-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Customer Reviews for WooCommerce plugin to the latest available version (at least 5.36.1)." + } + ], + "value": "Update the WordPress Customer Reviews for WooCommerce plugin to the latest available version (at least 5.36.1)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Abdi Pranata (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2023/45xxx/CVE-2023-45104.json b/cves/2023/45xxx/CVE-2023-45104.json new file mode 100644 index 000000000000..c87eca44deef --- /dev/null +++ b/cves/2023/45xxx/CVE-2023-45104.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-45104", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2023-10-04T14:11:49.848Z", + "datePublished": "2025-01-02T11:59:49.780Z", + "dateUpdated": "2025-01-02T11:59:49.780Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T11:59:49.780Z" + }, + "title": "WordPress BetterLinks plugin <= 1.6.0 - Broken Access Control vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "WPDeveloper", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "betterlinks", + "product": "BetterLinks", + "versions": [ + { + "lessThanOrEqual": "1.6.0", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "1.6.1", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in WPDeveloper BetterLinks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BetterLinks: from n/a through 1.6.0.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in WPDeveloper BetterLinks allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects BetterLinks: from n/a through 1.6.0.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/betterlinks/vulnerability/wordpress-betterlinks-plugin-1-6-0-broken-access-control-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 7.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress BetterLinks plugin to the latest available version (at least 1.6.1)." + } + ], + "value": "Update the WordPress BetterLinks plugin to the latest available version (at least 1.6.1)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Nguyen Anh Tien (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2023/45xxx/CVE-2023-45110.json b/cves/2023/45xxx/CVE-2023-45110.json new file mode 100644 index 000000000000..7d145965e8c4 --- /dev/null +++ b/cves/2023/45xxx/CVE-2023-45110.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-45110", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2023-10-04T14:11:49.849Z", + "datePublished": "2025-01-02T11:59:50.374Z", + "dateUpdated": "2025-01-02T11:59:50.374Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T11:59:50.374Z" + }, + "title": "WordPress Bold Timeline Lite plugin <= 1.1.9 - Broken Access Control vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "BoldThemes", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "bold-timeline-lite", + "product": "Bold Timeline Lite", + "versions": [ + { + "lessThanOrEqual": "1.1.9", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "1.2.0", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in BoldThemes Bold Timeline Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bold Timeline Lite: from n/a through 1.1.9.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in BoldThemes Bold Timeline Lite allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects Bold Timeline Lite: from n/a through 1.1.9.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/bold-timeline-lite/vulnerability/wordpress-bold-timeline-lite-plugin-1-1-9-broken-access-control-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Bold Timeline Lite plugin to the latest available version (at least 1.2.0)." + } + ], + "value": "Update the WordPress Bold Timeline Lite plugin to the latest available version (at least 1.2.0)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Abdi Pranata (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2023/45xxx/CVE-2023-45271.json b/cves/2023/45xxx/CVE-2023-45271.json new file mode 100644 index 000000000000..8118859d70a1 --- /dev/null +++ b/cves/2023/45xxx/CVE-2023-45271.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-45271", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2023-10-06T13:05:32.934Z", + "datePublished": "2025-01-02T11:59:50.933Z", + "dateUpdated": "2025-01-02T11:59:50.933Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T11:59:50.933Z" + }, + "title": "WordPress ProductX – Gutenberg WooCommerce Blocks plugin <= 2.7.8 - Broken Access Control vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "WowStore Team", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "product-blocks", + "product": "ProductX – Gutenberg WooCommerce Blocks", + "versions": [ + { + "lessThanOrEqual": "2.7.8", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "3.0.0", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in WowStore Team ProductX – Gutenberg WooCommerce Blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ProductX – Gutenberg WooCommerce Blocks: from n/a through 2.7.8.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in WowStore Team ProductX – Gutenberg WooCommerce Blocks allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects ProductX – Gutenberg WooCommerce Blocks: from n/a through 2.7.8.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/product-blocks/vulnerability/wordpress-productx-gutenberg-woocommerce-blocks-plugin-2-7-8-broken-access-control-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress ProductX – Gutenberg WooCommerce Blocks plugin to the latest available version (at least 3.0.0)." + } + ], + "value": "Update the WordPress ProductX – Gutenberg WooCommerce Blocks plugin to the latest available version (at least 3.0.0)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Abdi Pranata (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2023/45xxx/CVE-2023-45275.json b/cves/2023/45xxx/CVE-2023-45275.json new file mode 100644 index 000000000000..54129eaf1d21 --- /dev/null +++ b/cves/2023/45xxx/CVE-2023-45275.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-45275", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2023-10-06T13:05:32.934Z", + "datePublished": "2025-01-02T11:59:51.535Z", + "dateUpdated": "2025-01-02T11:59:51.535Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T11:59:51.535Z" + }, + "title": "WordPress Contact Form builder with drag & drop plugin <= 2.3.28 - Broken Access Control vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "Kali Forms", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "kali-forms", + "product": "Contact Form builder with drag & drop - Kali Forms", + "versions": [ + { + "lessThanOrEqual": "2.3.28", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "2.3.29", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in Kali Forms Contact Form builder with drag & drop - Kali Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form builder with drag & drop - Kali Forms: from n/a through 2.3.28.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in Kali Forms Contact Form builder with drag & drop - Kali Forms allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects Contact Form builder with drag & drop - Kali Forms: from n/a through 2.3.28.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/kali-forms/vulnerability/wordpress-contact-form-builder-with-drag-drop-plugin-2-3-27-broken-access-control-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 6.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "No patched version is available." + } + ], + "value": "No patched version is available." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Rafshanzani Suhada (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2023/45xxx/CVE-2023-45631.json b/cves/2023/45xxx/CVE-2023-45631.json new file mode 100644 index 000000000000..2ca534c0b1f7 --- /dev/null +++ b/cves/2023/45xxx/CVE-2023-45631.json @@ -0,0 +1,123 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-45631", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2023-10-10T07:47:54.381Z", + "datePublished": "2025-01-02T11:59:52.114Z", + "dateUpdated": "2025-01-02T11:59:52.114Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T11:59:52.114Z" + }, + "title": "WordPress Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3 - Broken Access Control vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "wpdevart", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "gallery-album", + "product": "Responsive Image Gallery, Gallery Album", + "versions": [ + { + "lessThanOrEqual": "2.0.3", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in wpdevart Responsive Image Gallery, Gallery Album allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in wpdevart Responsive Image Gallery, Gallery Album allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/gallery-album/vulnerability/wordpress-gallery-image-and-video-gallery-with-thumbnails-plugin-2-0-3-broken-access-control-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "thiennv (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2023/45xxx/CVE-2023-45636.json b/cves/2023/45xxx/CVE-2023-45636.json new file mode 100644 index 000000000000..a37d91908f69 --- /dev/null +++ b/cves/2023/45xxx/CVE-2023-45636.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-45636", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2023-10-10T07:47:54.382Z", + "datePublished": "2025-01-02T11:59:52.682Z", + "dateUpdated": "2025-01-02T11:59:52.682Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T11:59:52.682Z" + }, + "title": "WordPress Backup & Migration plugin <= 1.4.1 - Broken Access Control vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "WebToffee", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "wp-migration-duplicator", + "product": "WordPress Backup & Migration", + "versions": [ + { + "lessThanOrEqual": "1.4.1", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "1.4.2", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in WebToffee WordPress Backup & Migration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Backup & Migration: from n/a through 1.4.1.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in WebToffee WordPress Backup & Migration allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects WordPress Backup & Migration: from n/a through 1.4.1.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/wp-migration-duplicator/vulnerability/wordpress-wordpress-backup-migration-plugin-1-4-1-broken-access-control-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 5.4, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress WordPress Backup & Migration plugin to the latest available version (at least 1.4.2)." + } + ], + "value": "Update the WordPress WordPress Backup & Migration plugin to the latest available version (at least 1.4.2)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Abdi Pranata (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2023/45xxx/CVE-2023-45649.json b/cves/2023/45xxx/CVE-2023-45649.json new file mode 100644 index 000000000000..e148b079f616 --- /dev/null +++ b/cves/2023/45xxx/CVE-2023-45649.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-45649", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2023-10-10T12:38:22.831Z", + "datePublished": "2025-01-02T11:59:53.263Z", + "dateUpdated": "2025-01-02T11:59:53.263Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T11:59:53.263Z" + }, + "title": "WordPress Appointment Hour Booking plugin <= 1.4.23 - Broken Access Control vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "CodePeople", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "appointment-hour-booking", + "product": "Appointment Hour Booking", + "versions": [ + { + "lessThanOrEqual": "1.4.23", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "1.4.24", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in CodePeople Appointment Hour Booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Appointment Hour Booking: from n/a through 1.4.23.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in CodePeople Appointment Hour Booking allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects Appointment Hour Booking: from n/a through 1.4.23.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/appointment-hour-booking/vulnerability/wordpress-appointment-hour-booking-plugin-1-4-23-broken-access-control-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 5.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Appointment Hour Booking plugin to the latest available version (at least 1.4.24)." + } + ], + "value": "Update the WordPress Appointment Hour Booking plugin to the latest available version (at least 1.4.24)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "konagash (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2023/45xxx/CVE-2023-45760.json b/cves/2023/45xxx/CVE-2023-45760.json new file mode 100644 index 000000000000..356b19146d35 --- /dev/null +++ b/cves/2023/45xxx/CVE-2023-45760.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-45760", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2023-10-12T12:45:14.808Z", + "datePublished": "2025-01-02T11:59:53.833Z", + "dateUpdated": "2025-01-02T11:59:53.833Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T11:59:53.833Z" + }, + "title": "WordPress wpDiscuz plugin <= 7.6.3 - Broken Access Control vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "gVectors Team", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "wpdiscuz", + "product": "wpDiscuz", + "versions": [ + { + "lessThanOrEqual": "7.6.3", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "7.6.4", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in gVectors Team wpDiscuz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpDiscuz: from n/a through 7.6.3.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in gVectors Team wpDiscuz allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects wpDiscuz: from n/a through 7.6.3.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/wpdiscuz/vulnerability/wordpress-wpdiscuz-plugin-7-6-3-broken-access-control-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress wpDiscuz plugin to the latest available version (at least 7.6.4)." + } + ], + "value": "Update the WordPress wpDiscuz plugin to the latest available version (at least 7.6.4)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "RE-ALTER (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2023/45xxx/CVE-2023-45765.json b/cves/2023/45xxx/CVE-2023-45765.json new file mode 100644 index 000000000000..7bff08c06117 --- /dev/null +++ b/cves/2023/45xxx/CVE-2023-45765.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-45765", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2023-10-12T12:45:14.808Z", + "datePublished": "2025-01-02T11:59:54.423Z", + "dateUpdated": "2025-01-02T11:59:54.423Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T11:59:54.423Z" + }, + "title": "WordPress WP ERP plugin <= 1.12.6 - Broken Access Control vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "weDevs", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "erp", + "product": "WP ERP", + "versions": [ + { + "lessThanOrEqual": "1.12.6", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "1.12.7", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in weDevs WP ERP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP ERP: from n/a through 1.12.6.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in weDevs WP ERP allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects WP ERP: from n/a through 1.12.6.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/erp/vulnerability/wordpress-wp-erp-plugin-1-12-6-broken-access-control-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress WP ERP plugin to the latest available version (at least 1.12.7)." + } + ], + "value": "Update the WordPress WP ERP plugin to the latest available version (at least 1.12.7)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Abdi Pranata (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2023/45xxx/CVE-2023-45766.json b/cves/2023/45xxx/CVE-2023-45766.json new file mode 100644 index 000000000000..427476a21e01 --- /dev/null +++ b/cves/2023/45xxx/CVE-2023-45766.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-45766", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2023-10-12T12:45:14.808Z", + "datePublished": "2025-01-02T11:59:55.392Z", + "dateUpdated": "2025-01-02T11:59:55.392Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T11:59:55.392Z" + }, + "title": "WordPress Poll Maker plugin <= 4.7.1 - Broken Access Control vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "Poll Maker Team", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "poll-maker", + "product": "Poll Maker", + "versions": [ + { + "lessThanOrEqual": "4.7.1", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "4.7.2", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in Poll Maker Team Poll Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through 4.7.1.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in Poll Maker Team Poll Maker allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects Poll Maker: from n/a through 4.7.1.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/poll-maker/vulnerability/wordpress-poll-maker-plugin-4-7-1-broken-access-control-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 5.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Poll Maker plugin to the latest available version (at least 4.7.2)." + } + ], + "value": "Update the WordPress Poll Maker plugin to the latest available version (at least 4.7.2)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Revan Arifio (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2023/45xxx/CVE-2023-45828.json b/cves/2023/45xxx/CVE-2023-45828.json new file mode 100644 index 000000000000..30e0946072e4 --- /dev/null +++ b/cves/2023/45xxx/CVE-2023-45828.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-45828", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2023-10-13T13:20:17.574Z", + "datePublished": "2025-01-02T11:59:56.028Z", + "dateUpdated": "2025-01-02T11:59:56.028Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T11:59:56.028Z" + }, + "title": "WordPress RumbleTalk Live Group Chat plugin <= 6.2.5 - Broken Access Control vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "RumbleTalk Ltd", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "rumbletalk-chat-a-chat-with-themes", + "product": "RumbleTalk Live Group Chat", + "versions": [ + { + "lessThanOrEqual": "6.2.5", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "6.2.6", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in RumbleTalk Ltd RumbleTalk Live Group Chat allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RumbleTalk Live Group Chat: from n/a through 6.2.5.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in RumbleTalk Ltd RumbleTalk Live Group Chat allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects RumbleTalk Live Group Chat: from n/a through 6.2.5.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/rumbletalk-chat-a-chat-with-themes/vulnerability/wordpress-rumbletalk-live-group-chat-plugin-6-1-9-broken-access-control-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 5.4, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "No patched version is available." + } + ], + "value": "No patched version is available." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Mika (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2023/46xxx/CVE-2023-46073.json b/cves/2023/46xxx/CVE-2023-46073.json new file mode 100644 index 000000000000..c828b99fdaf3 --- /dev/null +++ b/cves/2023/46xxx/CVE-2023-46073.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-46073", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2023-10-16T11:02:06.897Z", + "datePublished": "2025-01-02T11:59:56.618Z", + "dateUpdated": "2025-01-02T11:59:56.618Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T11:59:56.618Z" + }, + "title": "WordPress DX Delete Attached Media plugin <= 2.0.5.1 - Broken Access Control vulnerability + CSRF", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "nofearinc", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "dx-delete-attached-media", + "product": "DX Delete Attached Media", + "versions": [ + { + "lessThanOrEqual": "2.0.5.1", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "2.0.6", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in nofearinc DX Delete Attached Media allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DX Delete Attached Media: from n/a through 2.0.5.1.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in nofearinc DX Delete Attached Media allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects DX Delete Attached Media: from n/a through 2.0.5.1.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/dx-delete-attached-media/vulnerability/wordpress-dx-delete-attached-media-plugin-2-0-5-1-broken-access-control-vulnerability-csrf?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 5.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "No patched version is available." + } + ], + "value": "No patched version is available." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Abdi Pranata (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2023/46xxx/CVE-2023-46079.json b/cves/2023/46xxx/CVE-2023-46079.json new file mode 100644 index 000000000000..ebab89a9747d --- /dev/null +++ b/cves/2023/46xxx/CVE-2023-46079.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-46079", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2023-10-16T11:02:30.483Z", + "datePublished": "2025-01-02T11:59:57.191Z", + "dateUpdated": "2025-01-02T11:59:57.191Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T11:59:57.191Z" + }, + "title": "WordPress Ashe Extra plugin <= 1.2.9 - Broken Access Control + CSRF vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "WP Royal", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "ashe-extra", + "product": "Ashe Extra", + "versions": [ + { + "lessThanOrEqual": "1.2.9", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "1.2.92", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in WP Royal Ashe Extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ashe Extra: from n/a through 1.2.9.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in WP Royal Ashe Extra allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects Ashe Extra: from n/a through 1.2.9.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/ashe-extra/vulnerability/wordpress-ashe-extra-plugin-1-2-6-broken-access-control-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 5.4, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "No patched version is available." + } + ], + "value": "No patched version is available." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Jonas Höbenreich (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2023/46xxx/CVE-2023-46080.json b/cves/2023/46xxx/CVE-2023-46080.json new file mode 100644 index 000000000000..677f8cc22fba --- /dev/null +++ b/cves/2023/46xxx/CVE-2023-46080.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-46080", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2023-10-16T11:02:30.484Z", + "datePublished": "2025-01-02T11:59:57.760Z", + "dateUpdated": "2025-01-02T11:59:57.760Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T11:59:57.760Z" + }, + "title": "WordPress ApplyOnline – Application Form Builder and Manager plugin <= 2.5.3 - Broken Access Control vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "Farhan Noor", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "apply-online", + "product": "ApplyOnline – Application Form Builder and Manager", + "versions": [ + { + "lessThanOrEqual": "2.5.3", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "2.5.4", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in Farhan Noor ApplyOnline – Application Form Builder and Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ApplyOnline – Application Form Builder and Manager: from n/a through 2.5.3.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in Farhan Noor ApplyOnline – Application Form Builder and Manager allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects ApplyOnline – Application Form Builder and Manager: from n/a through 2.5.3.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/apply-online/vulnerability/wordpress-applyonline-application-form-builder-and-manager-plugin-2-5-2-broken-access-control-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "No patched version is available." + } + ], + "value": "No patched version is available." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "thiennv (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2023/46xxx/CVE-2023-46082.json b/cves/2023/46xxx/CVE-2023-46082.json new file mode 100644 index 000000000000..4ac4513db8b6 --- /dev/null +++ b/cves/2023/46xxx/CVE-2023-46082.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-46082", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2023-10-16T11:02:30.484Z", + "datePublished": "2025-01-02T11:59:58.339Z", + "dateUpdated": "2025-01-02T11:59:58.339Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T11:59:58.339Z" + }, + "title": "WordPress Broken Link Checker | Finder plugin <= 2.4.2 - Broken Access Control vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "Cyberlord92", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "broken-link-finder", + "product": "Broken Link Checker | Finder", + "versions": [ + { + "lessThanOrEqual": "2.4.2", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "2.5.0", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in Cyberlord92 Broken Link Checker | Finder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Broken Link Checker | Finder: from n/a through 2.4.2.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in Cyberlord92 Broken Link Checker | Finder allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects Broken Link Checker | Finder: from n/a through 2.4.2.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/broken-link-finder/vulnerability/wordpress-broken-link-checker-finder-plugin-2-4-2-broken-access-control-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 5.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Broken Link Checker | Finder plugin to the latest available version (at least 2.5.0)." + } + ], + "value": "Update the WordPress Broken Link Checker | Finder plugin to the latest available version (at least 2.5.0)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Abdi Pranata (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2023/46xxx/CVE-2023-46083.json b/cves/2023/46xxx/CVE-2023-46083.json new file mode 100644 index 000000000000..e222919e2e8e --- /dev/null +++ b/cves/2023/46xxx/CVE-2023-46083.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-46083", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2023-10-16T11:02:30.484Z", + "datePublished": "2025-01-02T11:59:58.922Z", + "dateUpdated": "2025-01-02T11:59:58.922Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T11:59:58.922Z" + }, + "title": "WordPress Kali Forms plugin <= 2.3.27 - Broken Access Control vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "Kali Forms", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "kali-forms", + "product": "Contact Form builder with drag & drop - Kali Forms", + "versions": [ + { + "lessThanOrEqual": "2.3.27", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "2.3.28", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in Kali Forms Contact Form builder with drag & drop - Kali Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form builder with drag & drop - Kali Forms: from n/a through 2.3.27.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in Kali Forms Contact Form builder with drag & drop - Kali Forms allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects Contact Form builder with drag & drop - Kali Forms: from n/a through 2.3.27.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/kali-forms/vulnerability/wordpress-kali-forms-plugin-2-3-27-broken-access-control-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 5.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Contact Form builder with drag & drop - Kali Forms plugin to the latest available version (at least 2.3.28)." + } + ], + "value": "Update the WordPress Contact Form builder with drag & drop - Kali Forms plugin to the latest available version (at least 2.3.28)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Revan Arifio (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2023/46xxx/CVE-2023-46188.json b/cves/2023/46xxx/CVE-2023-46188.json new file mode 100644 index 000000000000..1607c4ed9b29 --- /dev/null +++ b/cves/2023/46xxx/CVE-2023-46188.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-46188", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2023-10-18T08:45:49.682Z", + "datePublished": "2025-01-02T11:59:59.522Z", + "dateUpdated": "2025-01-02T11:59:59.522Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T11:59:59.522Z" + }, + "title": "WordPress Freesoul Deactivate Plugins plugin <= 2.1.3 - Broken Access Control vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "Jose Mortellaro", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "freesoul-deactivate-plugins", + "product": "Freesoul Deactivate Plugins – Plugin manager and cleanup", + "versions": [ + { + "lessThanOrEqual": "2.1.3", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "2.1.4", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in Jose Mortellaro Freesoul Deactivate Plugins – Plugin manager and cleanup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Freesoul Deactivate Plugins – Plugin manager and cleanup: from n/a through 2.1.3.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in Jose Mortellaro Freesoul Deactivate Plugins – Plugin manager and cleanup allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects Freesoul Deactivate Plugins – Plugin manager and cleanup: from n/a through 2.1.3.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/freesoul-deactivate-plugins/vulnerability/wordpress-freesoul-deactivate-plugins-plugin-2-1-3-broken-access-control-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Freesoul Deactivate Plugins – Plugin manager and cleanup plugin to the latest available version (at least 2.1.4)." + } + ], + "value": "Update the WordPress Freesoul Deactivate Plugins – Plugin manager and cleanup plugin to the latest available version (at least 2.1.4)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Abdi Pranata (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2023/46xxx/CVE-2023-46195.json b/cves/2023/46xxx/CVE-2023-46195.json new file mode 100644 index 000000000000..dcbe7d84f1c4 --- /dev/null +++ b/cves/2023/46xxx/CVE-2023-46195.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-46195", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2023-10-18T08:45:49.683Z", + "datePublished": "2025-01-02T12:00:04.881Z", + "dateUpdated": "2025-01-02T12:00:04.881Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:04.881Z" + }, + "title": "WordPress Headline Analyzer plugin <= 1.3.1 - Broken Access Control vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "CoSchedule", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "headline-analyzer", + "product": "Headline Analyzer", + "versions": [ + { + "lessThanOrEqual": "1.3.1", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "1.3.2", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in CoSchedule Headline Analyzer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Headline Analyzer: from n/a through 1.3.1.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in CoSchedule Headline Analyzer allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects Headline Analyzer: from n/a through 1.3.1.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/headline-analyzer/vulnerability/wordpress-headline-analyzer-plugin-1-3-1-broken-access-control-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 6.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "No patched version is available." + } + ], + "value": "No patched version is available." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Mika (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2023/46xxx/CVE-2023-46196.json b/cves/2023/46xxx/CVE-2023-46196.json new file mode 100644 index 000000000000..8e341a863f63 --- /dev/null +++ b/cves/2023/46xxx/CVE-2023-46196.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-46196", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2023-10-18T08:45:49.684Z", + "datePublished": "2025-01-02T12:00:11.708Z", + "dateUpdated": "2025-01-02T12:00:11.708Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:11.708Z" + }, + "title": "WordPress Social proof testimonials and reviews by Repuso plugin <= 4.97 - Broken Access Control vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "Repuso", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "social-testimonials-and-reviews-widget", + "product": "Social proof testimonials and reviews by Repuso", + "versions": [ + { + "lessThanOrEqual": "4.97", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "5.00", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in Repuso Social proof testimonials and reviews by Repuso allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social proof testimonials and reviews by Repuso: from n/a through 4.97.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in Repuso Social proof testimonials and reviews by Repuso allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects Social proof testimonials and reviews by Repuso: from n/a through 4.97.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/social-testimonials-and-reviews-widget/vulnerability/wordpress-social-proof-testimonials-and-reviews-by-repuso-plugin-4-97-broken-access-control-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Social proof testimonials and reviews by Repuso plugin to the latest available version (at least 5.00)." + } + ], + "value": "Update the WordPress Social proof testimonials and reviews by Repuso plugin to the latest available version (at least 5.00)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Abdi Pranata (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2023/46xxx/CVE-2023-46203.json b/cves/2023/46xxx/CVE-2023-46203.json new file mode 100644 index 000000000000..18e532be0de5 --- /dev/null +++ b/cves/2023/46xxx/CVE-2023-46203.json @@ -0,0 +1,123 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-46203", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2023-10-18T13:40:25.977Z", + "datePublished": "2025-01-02T12:00:15.778Z", + "dateUpdated": "2025-01-02T12:00:15.778Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:15.778Z" + }, + "title": "WordPress Just Custom Fields plugin <= 3.3.2 - Broken Access Control vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "JustCoded / Alex Prokopenko", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "just-custom-fields", + "product": "Just Custom Fields", + "versions": [ + { + "lessThanOrEqual": "3.3.2", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in JustCoded / Alex Prokopenko Just Custom Fields allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Just Custom Fields: from n/a through 3.3.2.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in JustCoded / Alex Prokopenko Just Custom Fields allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects Just Custom Fields: from n/a through 3.3.2.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/just-custom-fields/vulnerability/wordpress-just-custom-fields-plugin-3-3-2-broken-access-control-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Abdi Pranata (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2023/46xxx/CVE-2023-46206.json b/cves/2023/46xxx/CVE-2023-46206.json new file mode 100644 index 000000000000..cafe80371b65 --- /dev/null +++ b/cves/2023/46xxx/CVE-2023-46206.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-46206", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2023-10-18T13:40:25.978Z", + "datePublished": "2025-01-02T12:00:16.727Z", + "dateUpdated": "2025-01-02T12:00:16.727Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:16.727Z" + }, + "title": "WordPress MW WP Form plugin <= 4.4.5 - Broken Access Control vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "websoudan", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "mw-wp-form", + "product": "MW WP Form", + "versions": [ + { + "lessThanOrEqual": "4.4.5", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "5.0.0", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in websoudan MW WP Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MW WP Form: from n/a through 4.4.5.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in websoudan MW WP Form allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects MW WP Form: from n/a through 4.4.5.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/mw-wp-form/vulnerability/wordpress-mw-wp-form-plugin-4-4-5-broken-access-control-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 5.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress MW WP Form plugin to the latest available version (at least 5.0.0)." + } + ], + "value": "Update the WordPress MW WP Form plugin to the latest available version (at least 5.0.0)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Revan Arifio (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2023/46xxx/CVE-2023-46309.json b/cves/2023/46xxx/CVE-2023-46309.json new file mode 100644 index 000000000000..f4cbc9f73ad5 --- /dev/null +++ b/cves/2023/46xxx/CVE-2023-46309.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-46309", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2023-10-22T21:19:05.181Z", + "datePublished": "2025-01-02T12:00:17.479Z", + "dateUpdated": "2025-01-02T12:00:17.479Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:17.479Z" + }, + "title": "WordPress wpDiscuz plugin <= 7.6.10 - Broken Access Control vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "gVectors Team", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "wpdiscuz", + "product": "wpDiscuz", + "versions": [ + { + "lessThanOrEqual": "7.6.10", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "7.6.11", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in gVectors Team wpDiscuz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpDiscuz: from n/a through 7.6.10.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in gVectors Team wpDiscuz allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects wpDiscuz: from n/a through 7.6.10.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/wpdiscuz/vulnerability/wordpress-wpdiscuz-plugin-7-6-10-broken-access-control-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 5.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress wpDiscuz plugin to the latest available version (at least 7.6.11)." + } + ], + "value": "Update the WordPress wpDiscuz plugin to the latest available version (at least 7.6.11)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Revan Arifio (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2023/46xxx/CVE-2023-46605.json b/cves/2023/46xxx/CVE-2023-46605.json new file mode 100644 index 000000000000..6cb859503970 --- /dev/null +++ b/cves/2023/46xxx/CVE-2023-46605.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-46605", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2023-10-24T13:09:53.767Z", + "datePublished": "2025-01-02T12:00:18.293Z", + "dateUpdated": "2025-01-02T12:00:18.293Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:18.293Z" + }, + "title": "WordPress Convertful – Your Ultimate On-Site Conversion Tool plugin <= 2.5 - Broken Access Control vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "Ruslan Suhar", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "convertful", + "product": "Convertful – Your Ultimate On-Site Conversion Tool", + "versions": [ + { + "lessThanOrEqual": "2.5", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "2.6", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in Ruslan Suhar Convertful – Your Ultimate On-Site Conversion Tool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Convertful – Your Ultimate On-Site Conversion Tool: from n/a through 2.5.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in Ruslan Suhar Convertful – Your Ultimate On-Site Conversion Tool allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects Convertful – Your Ultimate On-Site Conversion Tool: from n/a through 2.5.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/convertful/vulnerability/wordpress-convertful-your-ultimate-on-site-conversion-tool-plugin-2-5-broken-access-control-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 5.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "No patched version is available." + } + ], + "value": "No patched version is available." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Mika (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2023/46xxx/CVE-2023-46606.json b/cves/2023/46xxx/CVE-2023-46606.json new file mode 100644 index 000000000000..cacd88ce156e --- /dev/null +++ b/cves/2023/46xxx/CVE-2023-46606.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-46606", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2023-10-24T13:09:53.767Z", + "datePublished": "2025-01-02T12:00:18.952Z", + "dateUpdated": "2025-01-02T12:00:18.952Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:18.952Z" + }, + "title": "WordPress AtomChat plugin <= 1.1.4 - Broken Access Control vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "AtomChat", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "atomchat", + "product": "AtomChat", + "versions": [ + { + "lessThanOrEqual": "1.1.4", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "1.1.5", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in AtomChat AtomChat allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AtomChat: from n/a through 1.1.4.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in AtomChat AtomChat allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects AtomChat: from n/a through 1.1.4.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/atomchat/vulnerability/wordpress-atomchat-plugin-1-1-4-broken-access-control-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 5.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "No patched version is available." + } + ], + "value": "No patched version is available." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Mika (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2023/46xxx/CVE-2023-46607.json b/cves/2023/46xxx/CVE-2023-46607.json new file mode 100644 index 000000000000..2e72a4a3b2d1 --- /dev/null +++ b/cves/2023/46xxx/CVE-2023-46607.json @@ -0,0 +1,123 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-46607", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2023-10-24T13:09:53.767Z", + "datePublished": "2025-01-02T12:00:19.580Z", + "dateUpdated": "2025-01-02T12:00:19.580Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:19.580Z" + }, + "title": "WordPress WP iCal Availability plugin <= 1.0.3 - Broken Access Control vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "WP iCal Availability", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "wp-ical-availability", + "product": "WP iCal Availability", + "versions": [ + { + "lessThanOrEqual": "1.0.3", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in WP iCal Availability WP iCal Availability allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP iCal Availability: from n/a through 1.0.3.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in WP iCal Availability WP iCal Availability allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects WP iCal Availability: from n/a through 1.0.3.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/wp-ical-availability/vulnerability/wordpress-wp-ical-availability-plugin-1-0-3-broken-access-control-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 5.4, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Abdi Pranata (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2023/46xxx/CVE-2023-46608.json b/cves/2023/46xxx/CVE-2023-46608.json new file mode 100644 index 000000000000..36b7ad02cb2e --- /dev/null +++ b/cves/2023/46xxx/CVE-2023-46608.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-46608", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2023-10-24T13:09:53.767Z", + "datePublished": "2025-01-02T12:00:20.249Z", + "dateUpdated": "2025-01-02T12:00:20.249Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:20.249Z" + }, + "title": "WordPress DoLogin Security plugin <= 3.7.1 - Multiple Broken Access Control vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "WPDO", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "dologin", + "product": "DoLogin Security", + "versions": [ + { + "lessThanOrEqual": "3.7.1", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "3.8", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in WPDO DoLogin Security allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DoLogin Security: from n/a through 3.7.1.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in WPDO DoLogin Security allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects DoLogin Security: from n/a through 3.7.1.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/dologin/vulnerability/wordpress-dologin-security-plugin-3-7-1-multiple-broken-access-control-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 5.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "No patched version is available." + } + ], + "value": "No patched version is available." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Mika (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2023/46xxx/CVE-2023-46609.json b/cves/2023/46xxx/CVE-2023-46609.json new file mode 100644 index 000000000000..0e1aad8c0b89 --- /dev/null +++ b/cves/2023/46xxx/CVE-2023-46609.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-46609", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2023-10-24T13:09:53.767Z", + "datePublished": "2025-01-02T12:00:20.875Z", + "dateUpdated": "2025-01-02T12:00:20.875Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:20.875Z" + }, + "title": "WordPress FeedFocal plugin <= 1.2.2 - Broken Access Control vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "FeedFocal", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "feedfocal", + "product": "FeedFocal", + "versions": [ + { + "lessThanOrEqual": "1.2.2", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "1.3.0", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in FeedFocal FeedFocal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FeedFocal: from n/a through 1.2.2.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in FeedFocal FeedFocal allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects FeedFocal: from n/a through 1.2.2.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/feedfocal/vulnerability/wordpress-feedfocal-plugin-1-2-1-broken-access-control-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 6.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "No patched version is available." + } + ], + "value": "No patched version is available." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Mika (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2023/46xxx/CVE-2023-46610.json b/cves/2023/46xxx/CVE-2023-46610.json new file mode 100644 index 000000000000..4a0aac971d21 --- /dev/null +++ b/cves/2023/46xxx/CVE-2023-46610.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-46610", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2023-10-24T13:09:53.767Z", + "datePublished": "2025-01-02T12:00:21.498Z", + "dateUpdated": "2025-01-02T12:00:21.498Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:21.498Z" + }, + "title": "WordPress Quill Forms plugin <= 3.3.0 - Broken Access Control + CSRF vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "quillforms.com", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "quillforms", + "product": "Quill Forms", + "versions": [ + { + "lessThanOrEqual": "3.3.0", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "3.4.0", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in quillforms.com Quill Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quill Forms: from n/a through 3.3.0.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in quillforms.com Quill Forms allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects Quill Forms: from n/a through 3.3.0.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/quillforms/vulnerability/wordpress-quill-forms-plugin-3-3-0-broken-access-control-csrf-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 6.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "No patched version is available." + } + ], + "value": "No patched version is available." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Abdi Pranata (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2023/46xxx/CVE-2023-46611.json b/cves/2023/46xxx/CVE-2023-46611.json new file mode 100644 index 000000000000..a2cbb79e844c --- /dev/null +++ b/cves/2023/46xxx/CVE-2023-46611.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-46611", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2023-10-24T13:09:53.768Z", + "datePublished": "2025-01-02T12:00:22.156Z", + "dateUpdated": "2025-01-02T12:00:22.156Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:22.156Z" + }, + "title": "WordPress YOP Poll plugin <= 6.5.28 - Vote Manipulation Due to Broken Captcha Control Vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-305", + "description": "CWE-305 Authentication Bypass by Primary Weakness", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-115", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-115 Authentication Bypass" + } + ] + } + ], + "affected": [ + { + "vendor": "yourownprogrammer", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "yop-poll", + "product": "YOP Poll", + "versions": [ + { + "lessThanOrEqual": "6.5.28", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "6.5.29", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Authentication Bypass by Primary Weakness vulnerability in yourownprogrammer YOP Poll allows Authentication Bypass.This issue affects YOP Poll: from n/a through 6.5.28.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Authentication Bypass by Primary Weakness vulnerability in yourownprogrammer YOP Poll allows Authentication Bypass.

This issue affects YOP Poll: from n/a through 6.5.28.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/yop-poll/vulnerability/wordpress-yop-poll-plugin-6-5-28-vote-manipulation-due-to-broken-captcha-control-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 5.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress YOP Poll plugin to the latest available version (at least 6.5.29)." + } + ], + "value": "Update the WordPress YOP Poll plugin to the latest available version (at least 6.5.29)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "qilin_99 (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2023/46xxx/CVE-2023-46612.json b/cves/2023/46xxx/CVE-2023-46612.json new file mode 100644 index 000000000000..5a409963d078 --- /dev/null +++ b/cves/2023/46xxx/CVE-2023-46612.json @@ -0,0 +1,123 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-46612", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2023-10-24T13:09:53.768Z", + "datePublished": "2025-01-02T12:00:22.765Z", + "dateUpdated": "2025-01-02T12:00:22.765Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:22.765Z" + }, + "title": "WordPress Mediabay plugin <= 1.6 - Broken Access Control vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "codedrafty", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "mediabay-lite", + "product": "Mediabay", + "versions": [ + { + "lessThanOrEqual": "1.6", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in codedrafty Mediabay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mediabay: from n/a through 1.6.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in codedrafty Mediabay allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects Mediabay: from n/a through 1.6.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/mediabay-lite/vulnerability/wordpress-mediabay-plugin-1-6-broken-access-control-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "emad (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2023/46xxx/CVE-2023-46616.json b/cves/2023/46xxx/CVE-2023-46616.json new file mode 100644 index 000000000000..ea8457c5a8dd --- /dev/null +++ b/cves/2023/46xxx/CVE-2023-46616.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-46616", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2023-10-24T13:10:12.432Z", + "datePublished": "2025-01-02T12:00:23.490Z", + "dateUpdated": "2025-01-02T12:00:23.490Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:23.490Z" + }, + "title": "WordPress Draw Attention plugin <= 2.0.15 - Broken Access Control vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "NSquared", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "draw-attention", + "product": "Draw Attention", + "versions": [ + { + "lessThanOrEqual": "2.0.15", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "2.0.16", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in NSquared Draw Attention allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Draw Attention: from n/a through 2.0.15.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in NSquared Draw Attention allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects Draw Attention: from n/a through 2.0.15.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/draw-attention/vulnerability/wordpress-draw-attention-plugin-2-0-15-broken-access-control-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 5.4, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "No patched version is available." + } + ], + "value": "No patched version is available." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "thiennv (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2023/46xxx/CVE-2023-46628.json b/cves/2023/46xxx/CVE-2023-46628.json new file mode 100644 index 000000000000..e0873709be5c --- /dev/null +++ b/cves/2023/46xxx/CVE-2023-46628.json @@ -0,0 +1,123 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-46628", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2023-10-24T13:10:29.307Z", + "datePublished": "2025-01-02T12:00:24.152Z", + "dateUpdated": "2025-01-02T12:00:24.152Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:24.152Z" + }, + "title": "WordPress WP Word Count plugin <= 3.2.4 - Broken Access Control vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "RedLettuce Plugins", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "wp-word-count", + "product": "WP Word Count", + "versions": [ + { + "lessThanOrEqual": "3.2.4", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in RedLettuce Plugins WP Word Count allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Word Count: from n/a through 3.2.4.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in RedLettuce Plugins WP Word Count allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects WP Word Count: from n/a through 3.2.4.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/wp-word-count/vulnerability/wordpress-wp-word-count-plugin-3-2-4-broken-access-control-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Abdi Pranata (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2023/46xxx/CVE-2023-46631.json b/cves/2023/46xxx/CVE-2023-46631.json new file mode 100644 index 000000000000..236138b81732 --- /dev/null +++ b/cves/2023/46xxx/CVE-2023-46631.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-46631", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2023-10-24T13:10:29.308Z", + "datePublished": "2025-01-02T12:00:24.765Z", + "dateUpdated": "2025-01-02T12:00:24.765Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:24.765Z" + }, + "title": "WordPress Product Recommendation Quiz for eCommerce plugin <= 2.1.2 - Broken Access Control vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "RevenueHunt", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "product-recommendation-quiz-for-ecommerce", + "product": "Product Recommendation Quiz for eCommerce", + "versions": [ + { + "lessThanOrEqual": "2.1.2", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "2.2.0", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in RevenueHunt Product Recommendation Quiz for eCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Recommendation Quiz for eCommerce: from n/a through 2.1.2.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in RevenueHunt Product Recommendation Quiz for eCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects Product Recommendation Quiz for eCommerce: from n/a through 2.1.2.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/product-recommendation-quiz-for-ecommerce/vulnerability/wordpress-product-recommendation-quiz-for-ecommerce-plugin-2-1-0-broken-access-control-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 6.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "No patched version is available." + } + ], + "value": "No patched version is available." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Mika (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2023/46xxx/CVE-2023-46632.json b/cves/2023/46xxx/CVE-2023-46632.json new file mode 100644 index 000000000000..26b396ae08ef --- /dev/null +++ b/cves/2023/46xxx/CVE-2023-46632.json @@ -0,0 +1,123 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-46632", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2023-10-24T13:10:29.308Z", + "datePublished": "2025-01-02T12:00:25.390Z", + "dateUpdated": "2025-01-02T12:00:25.390Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:25.390Z" + }, + "title": "WordPress My Shortcodes plugin <= 2.3 - Broken Access Control vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "David Cramer", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "my-shortcodes", + "product": "My Shortcodes", + "versions": [ + { + "lessThanOrEqual": "2.3", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in David Cramer My Shortcodes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Shortcodes: from n/a through 2.3.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in David Cramer My Shortcodes allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects My Shortcodes: from n/a through 2.3.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/my-shortcodes/vulnerability/wordpress-my-shortcodes-plugin-2-3-broken-access-control-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Abdi Pranata (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2023/46xxx/CVE-2023-46633.json b/cves/2023/46xxx/CVE-2023-46633.json new file mode 100644 index 000000000000..2d4824ecf886 --- /dev/null +++ b/cves/2023/46xxx/CVE-2023-46633.json @@ -0,0 +1,123 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-46633", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2023-10-24T13:10:29.308Z", + "datePublished": "2025-01-02T12:00:25.979Z", + "dateUpdated": "2025-01-02T12:00:25.979Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:25.979Z" + }, + "title": "WordPress WP Glossary plugin <= 3.1.2 - Broken Access Control vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "TCBarrett", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "wp-glossary", + "product": "Glossary", + "versions": [ + { + "lessThanOrEqual": "3.1.2", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in TCBarrett Glossary allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Glossary: from n/a through 3.1.2.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in TCBarrett Glossary allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects Glossary: from n/a through 3.1.2.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/wp-glossary/vulnerability/wordpress-wp-glossary-plugin-3-1-2-broken-access-control-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 5.4, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Nguyen Xuan Chien (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2023/46xxx/CVE-2023-46635.json b/cves/2023/46xxx/CVE-2023-46635.json new file mode 100644 index 000000000000..89546260da9f --- /dev/null +++ b/cves/2023/46xxx/CVE-2023-46635.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-46635", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2023-10-24T13:10:46.641Z", + "datePublished": "2025-01-02T12:00:26.584Z", + "dateUpdated": "2025-01-02T12:00:26.584Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:26.584Z" + }, + "title": "WordPress YITH WooCommerce Product Add-Ons plugin <= 4.2.0 - Broken Access Control vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "YITH", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "yith-woocommerce-product-add-ons", + "product": "YITH WooCommerce Product Add-Ons", + "versions": [ + { + "lessThanOrEqual": "4.2.0", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "4.2.1", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in YITH YITH WooCommerce Product Add-Ons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.2.0.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in YITH YITH WooCommerce Product Add-Ons allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.2.0.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/yith-woocommerce-product-add-ons/vulnerability/wordpress-yith-woocommerce-product-add-ons-plugin-4-2-0-broken-access-control-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 5.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "No patched version is available. No reply from the vendor." + } + ], + "value": "No patched version is available. No reply from the vendor." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Elliot (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2023/46xxx/CVE-2023-46637.json b/cves/2023/46xxx/CVE-2023-46637.json new file mode 100644 index 000000000000..96b70d0c2d96 --- /dev/null +++ b/cves/2023/46xxx/CVE-2023-46637.json @@ -0,0 +1,123 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-46637", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2023-10-24T13:10:46.641Z", + "datePublished": "2025-01-02T12:00:27.182Z", + "dateUpdated": "2025-01-02T12:00:27.182Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:27.182Z" + }, + "title": "WordPress Generate Dummy Posts plugin <= 1.0.0 - Broken Access Control vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "Saurav Sharma", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "generate-dummy-posts", + "product": "Generate Dummy Posts", + "versions": [ + { + "lessThanOrEqual": "1.0.0", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in Saurav Sharma Generate Dummy Posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Generate Dummy Posts: from n/a through 1.0.0.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in Saurav Sharma Generate Dummy Posts allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects Generate Dummy Posts: from n/a through 1.0.0.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/generate-dummy-posts/vulnerability/wordpress-generate-dummy-posts-plugin-1-0-0-broken-access-control-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 5.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Abdi Pranata (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2023/46xxx/CVE-2023-46639.json b/cves/2023/46xxx/CVE-2023-46639.json new file mode 100644 index 000000000000..ba12f91fe9d5 --- /dev/null +++ b/cves/2023/46xxx/CVE-2023-46639.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-46639", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2023-10-24T13:10:46.642Z", + "datePublished": "2025-01-02T12:00:27.782Z", + "dateUpdated": "2025-01-02T12:00:27.782Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:27.782Z" + }, + "title": "WordPress kk Star Ratings plugin <= 5.4.5 - Broken Access Control vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "FeedbackWP", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "kk-star-ratings", + "product": "kk Star Ratings", + "versions": [ + { + "lessThanOrEqual": "5.4.5", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "5.4.6", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in FeedbackWP kk Star Ratings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects kk Star Ratings: from n/a through 5.4.5.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in FeedbackWP kk Star Ratings allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects kk Star Ratings: from n/a through 5.4.5.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/kk-star-ratings/vulnerability/wordpress-kk-star-ratings-plugin-5-4-5-broken-access-control-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 5.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress kk Star Ratings plugin to the latest available version (at least 5.4.6)." + } + ], + "value": "Update the WordPress kk Star Ratings plugin to the latest available version (at least 5.4.6)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Revan Arifio (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2023/46xxx/CVE-2023-46644.json b/cves/2023/46xxx/CVE-2023-46644.json new file mode 100644 index 000000000000..1c106718d617 --- /dev/null +++ b/cves/2023/46xxx/CVE-2023-46644.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-46644", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2023-10-24T13:10:46.644Z", + "datePublished": "2025-01-02T12:00:28.369Z", + "dateUpdated": "2025-01-02T12:00:28.369Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:28.369Z" + }, + "title": "WordPress WordPress CTA plugin <= 1.5.8 - Broken Access Control vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "WP CTA PRO", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "easy-sticky-sidebar", + "product": "WordPress CTA", + "versions": [ + { + "lessThanOrEqual": "1.5.8", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "1.5.9", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in WP CTA PRO WordPress CTA allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress CTA: from n/a through 1.5.8.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in WP CTA PRO WordPress CTA allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects WordPress CTA: from n/a through 1.5.8.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/easy-sticky-sidebar/vulnerability/wordpress-wordpress-cta-wordpress-call-to-action-sticky-cta-floating-buttons-floating-tab-plugin-plugin-1-5-6-broken-access-control-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 6.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "No patched version is available." + } + ], + "value": "No patched version is available." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Abdi Pranata (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2023/47xxx/CVE-2023-47179.json b/cves/2023/47xxx/CVE-2023-47179.json new file mode 100644 index 000000000000..1c48815fcab2 --- /dev/null +++ b/cves/2023/47xxx/CVE-2023-47179.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-47179", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2023-10-31T09:49:27.001Z", + "datePublished": "2025-01-02T12:00:28.951Z", + "dateUpdated": "2025-01-02T12:00:28.951Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:28.951Z" + }, + "title": "WordPress WooODT Lite plugin <= 2.4.6 - Arbitrary Site Option Update vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "ByConsole", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "byconsole-woo-order-delivery-time", + "product": "WooODT Lite", + "versions": [ + { + "lessThanOrEqual": "2.4.6", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "2.4.7", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in ByConsole WooODT Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooODT Lite: from n/a through 2.4.6.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in ByConsole WooODT Lite allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects WooODT Lite: from n/a through 2.4.6.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/byconsole-woo-order-delivery-time/vulnerability/wordpress-wooodt-lite-plugin-2-4-6-arbitrary-site-option-update-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 8.8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "No patched version is available. No reply from the vendor." + } + ], + "value": "No patched version is available. No reply from the vendor." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Abdi Pranata (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2023/47xxx/CVE-2023-47180.json b/cves/2023/47xxx/CVE-2023-47180.json new file mode 100644 index 000000000000..6a517ccc42d1 --- /dev/null +++ b/cves/2023/47xxx/CVE-2023-47180.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-47180", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2023-10-31T09:49:27.001Z", + "datePublished": "2025-01-02T12:00:29.545Z", + "dateUpdated": "2025-01-02T12:00:29.545Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:29.545Z" + }, + "title": "WordPress Finale Lite – Sales Countdown Timer & Discount for WooCommerce plugin <= 2.16.0 - Arbitrary Content Deletion vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "XLPlugins", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "finale-woocommerce-sales-countdown-timer-discount", + "product": "Finale Lite", + "versions": [ + { + "lessThanOrEqual": "2.16.0", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "2.17.0", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in XLPlugins Finale Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Finale Lite: from n/a through 2.16.0.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in XLPlugins Finale Lite allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects Finale Lite: from n/a through 2.16.0.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/finale-woocommerce-sales-countdown-timer-discount/vulnerability/wordpress-finale-lite-sales-countdown-timer-discount-for-woocommerce-plugin-2-16-0-arbitrary-content-deletion-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 6.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "No patched version is available." + } + ], + "value": "No patched version is available." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Mika (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2023/47xxx/CVE-2023-47183.json b/cves/2023/47xxx/CVE-2023-47183.json new file mode 100644 index 000000000000..12f807778faf --- /dev/null +++ b/cves/2023/47xxx/CVE-2023-47183.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-47183", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2023-10-31T14:57:50.539Z", + "datePublished": "2025-01-02T12:00:30.341Z", + "dateUpdated": "2025-01-02T12:00:30.341Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:30.341Z" + }, + "title": "WordPress GiveWP plugin <= 2.33.1 - Broken Access Control vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "GiveWP", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "give", + "product": "GiveWP", + "versions": [ + { + "lessThanOrEqual": "2.33.1", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "2.33.2", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in GiveWP GiveWP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GiveWP: from n/a through 2.33.1.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in GiveWP GiveWP allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects GiveWP: from n/a through 2.33.1.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/give/vulnerability/wordpress-givewp-plugin-2-33-1-broken-access-control-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 5.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress GiveWP plugin to the latest available version (at least 2.33.2)." + } + ], + "value": "Update the WordPress GiveWP plugin to the latest available version (at least 2.33.2)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Revan Arifio (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2023/47xxx/CVE-2023-47187.json b/cves/2023/47xxx/CVE-2023-47187.json new file mode 100644 index 000000000000..9c1a7d50ea01 --- /dev/null +++ b/cves/2023/47xxx/CVE-2023-47187.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-47187", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2023-10-31T14:57:50.540Z", + "datePublished": "2025-01-02T12:00:30.933Z", + "dateUpdated": "2025-01-02T12:00:30.933Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:30.933Z" + }, + "title": "WordPress Animated Rotating Words plugin <= 5.4 - Broken Access Control vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "Labib Ahmed", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "css3-rotating-words", + "product": "Animated Rotating Words", + "versions": [ + { + "lessThanOrEqual": "5.4", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "5.5", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in Labib Ahmed Animated Rotating Words allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Animated Rotating Words: from n/a through 5.4.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in Labib Ahmed Animated Rotating Words allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects Animated Rotating Words: from n/a through 5.4.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/css3-rotating-words/vulnerability/wordpress-animated-rotating-words-plugin-5-4-broken-access-control-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 5.4, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Animated Rotating Words plugin to the latest available version (at least 5.5)." + } + ], + "value": "Update the WordPress Animated Rotating Words plugin to the latest available version (at least 5.5)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Abdi Pranata (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2023/47xxx/CVE-2023-47188.json b/cves/2023/47xxx/CVE-2023-47188.json new file mode 100644 index 000000000000..4848dec61fd9 --- /dev/null +++ b/cves/2023/47xxx/CVE-2023-47188.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-47188", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2023-10-31T14:57:50.540Z", + "datePublished": "2025-01-02T12:00:31.504Z", + "dateUpdated": "2025-01-02T12:00:31.504Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:31.504Z" + }, + "title": "WordPress Simple Job Board plugin <= 2.10.5 - Broken Access Control vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "PressTigers", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "simple-job-board", + "product": "Simple Job Board", + "versions": [ + { + "lessThanOrEqual": "2.10.5", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "2.10.6", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in PressTigers Simple Job Board allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Job Board: from n/a through 2.10.5.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in PressTigers Simple Job Board allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects Simple Job Board: from n/a through 2.10.5.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/simple-job-board/vulnerability/wordpress-simple-job-board-plugin-2-10-5-broken-access-control-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 5.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Simple Job Board plugin to the latest available version (at least 2.10.6)." + } + ], + "value": "Update the WordPress Simple Job Board plugin to the latest available version (at least 2.10.6)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Revan Arifio (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2023/47xxx/CVE-2023-47224.json b/cves/2023/47xxx/CVE-2023-47224.json new file mode 100644 index 000000000000..c62a82128826 --- /dev/null +++ b/cves/2023/47xxx/CVE-2023-47224.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-47224", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2023-11-03T12:48:38.156Z", + "datePublished": "2025-01-02T12:00:32.129Z", + "dateUpdated": "2025-01-02T12:00:32.129Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:32.129Z" + }, + "title": "WordPress WP Travel plugin <= 7.8.0 - Broken Access Control vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "WP Travel", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "wp-travel", + "product": "WP Travel", + "versions": [ + { + "lessThanOrEqual": "7.8.0", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "7.8.1", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in WP Travel WP Travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through 7.8.0.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in WP Travel WP Travel allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects WP Travel: from n/a through 7.8.0.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/wp-travel/vulnerability/wordpress-wp-travel-plugin-7-5-0-broken-access-control-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 7.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "No patched version is available." + } + ], + "value": "No patched version is available." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Mika (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2023/47xxx/CVE-2023-47225.json b/cves/2023/47xxx/CVE-2023-47225.json new file mode 100644 index 000000000000..8f703ebe619a --- /dev/null +++ b/cves/2023/47xxx/CVE-2023-47225.json @@ -0,0 +1,123 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-47225", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2023-11-03T12:48:38.157Z", + "datePublished": "2025-01-02T12:00:32.729Z", + "dateUpdated": "2025-01-02T12:00:32.729Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:32.729Z" + }, + "title": "WordPress Short URL plugin <= 1.6.8 - Broken Access Control vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "KaizenCoders", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "shorten-url", + "product": "Short URL", + "versions": [ + { + "lessThanOrEqual": "1.6.8", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in KaizenCoders Short URL allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Short URL: from n/a through 1.6.8.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in KaizenCoders Short URL allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects Short URL: from n/a through 1.6.8.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/shorten-url/vulnerability/wordpress-short-url-plugin-1-6-8-broken-access-control-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 5.4, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Abdi Pranata (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2023/47xxx/CVE-2023-47241.json b/cves/2023/47xxx/CVE-2023-47241.json new file mode 100644 index 000000000000..587568c250c3 --- /dev/null +++ b/cves/2023/47xxx/CVE-2023-47241.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-47241", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2023-11-03T23:26:05.432Z", + "datePublished": "2025-01-02T12:00:33.359Z", + "dateUpdated": "2025-01-02T12:00:33.359Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:33.359Z" + }, + "title": "WordPress CoCart – Headless ecommerce plugin <= 3.11.2 - Broken Access Control vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "CoCart Headless, LLC", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "cart-rest-api-for-woocommerce", + "product": "CoCart – Headless ecommerce", + "versions": [ + { + "lessThanOrEqual": "3.11.2", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "3.12.0", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in CoCart Headless, LLC CoCart – Headless ecommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CoCart – Headless ecommerce: from n/a through 3.11.2.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in CoCart Headless, LLC CoCart – Headless ecommerce allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects CoCart – Headless ecommerce: from n/a through 3.11.2.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/cart-rest-api-for-woocommerce/vulnerability/wordpress-cocart-headless-ecommerce-plugin-3-9-0-broken-access-control-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 5.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "No patched version is available." + } + ], + "value": "No patched version is available." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Mika (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2023/47xxx/CVE-2023-47515.json b/cves/2023/47xxx/CVE-2023-47515.json new file mode 100644 index 000000000000..a74f977bba96 --- /dev/null +++ b/cves/2023/47xxx/CVE-2023-47515.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-47515", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2023-11-06T08:35:52.297Z", + "datePublished": "2025-01-02T12:00:33.948Z", + "dateUpdated": "2025-01-02T12:00:33.948Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:33.948Z" + }, + "title": "WordPress Seers | GDPR & CCPA Cookie Consent & Compliance plugin <= 8.1.1 - Broken Access Control vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "Seers", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "seers-cookie-consent-banner-privacy-policy", + "product": "Seers", + "versions": [ + { + "lessThanOrEqual": "8.1.1", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "8.1.2", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in Seers Seers allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Seers: from n/a through 8.1.1.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in Seers Seers allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects Seers: from n/a through 8.1.1.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/seers-cookie-consent-banner-privacy-policy/vulnerability/wordpress-seers-gdpr-ccpa-cookie-consent-compliance-plugin-8-0-6-broken-access-control-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 5.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "No patched version is available." + } + ], + "value": "No patched version is available." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Abdi Pranata (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2023/47xxx/CVE-2023-47523.json b/cves/2023/47xxx/CVE-2023-47523.json new file mode 100644 index 000000000000..e611a7b8fa5e --- /dev/null +++ b/cves/2023/47xxx/CVE-2023-47523.json @@ -0,0 +1,123 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-47523", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2023-11-06T08:35:52.300Z", + "datePublished": "2025-01-02T12:00:34.534Z", + "dateUpdated": "2025-01-02T12:00:34.534Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:34.534Z" + }, + "title": "WordPress Auto Tag Creator plugin <= 1.0.2 - Broken Access Control vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "Ecreate Infotech", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "auto-tag-creator", + "product": "Auto Tag Creator", + "versions": [ + { + "lessThanOrEqual": "1.0.2", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in Ecreate Infotech Auto Tag Creator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Auto Tag Creator: from n/a through 1.0.2.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in Ecreate Infotech Auto Tag Creator allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects Auto Tag Creator: from n/a through 1.0.2.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/auto-tag-creator/vulnerability/wordpress-auto-tag-creator-plugin-1-0-2-broken-access-control-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Abdi Pranata (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2023/47xxx/CVE-2023-47557.json b/cves/2023/47xxx/CVE-2023-47557.json new file mode 100644 index 000000000000..d6819064acc2 --- /dev/null +++ b/cves/2023/47xxx/CVE-2023-47557.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-47557", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2023-11-06T11:25:49.682Z", + "datePublished": "2025-01-02T12:00:35.158Z", + "dateUpdated": "2025-01-02T12:00:35.158Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:35.158Z" + }, + "title": "WordPress Visitor Traffic Real Time Statistics plugin <= 7.2 - Broken Access Control vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "wp-buy", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "visitors-traffic-real-time-statistics", + "product": "Visitors Traffic Real Time Statistics", + "versions": [ + { + "lessThanOrEqual": "7.2", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "7.3", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in wp-buy Visitors Traffic Real Time Statistics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Visitors Traffic Real Time Statistics: from n/a through 7.2.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in wp-buy Visitors Traffic Real Time Statistics allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects Visitors Traffic Real Time Statistics: from n/a through 7.2.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/visitors-traffic-real-time-statistics/vulnerability/wordpress-visitor-traffic-real-time-statistics-plugin-7-2-broken-access-control-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Incomplete patch. No more replies from the vendor." + } + ], + "value": "Incomplete patch. No more replies from the vendor." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Rafshanzani Suhada (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2023/47xxx/CVE-2023-47647.json b/cves/2023/47xxx/CVE-2023-47647.json new file mode 100644 index 000000000000..814d3df25d15 --- /dev/null +++ b/cves/2023/47xxx/CVE-2023-47647.json @@ -0,0 +1,123 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-47647", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2023-11-07T17:36:14.650Z", + "datePublished": "2025-01-02T12:00:35.748Z", + "dateUpdated": "2025-01-02T12:00:35.748Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:35.748Z" + }, + "title": "WordPress BadgeOS plugin <= 3.7.1.6 - Broken Access Control vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "LearningTimes", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "badgeos", + "product": "BadgeOS", + "versions": [ + { + "lessThanOrEqual": "3.7.1.6", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in LearningTimes BadgeOS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BadgeOS: from n/a through 3.7.1.6.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in LearningTimes BadgeOS allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects BadgeOS: from n/a through 3.7.1.6.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/badgeos/vulnerability/wordpress-badgeos-plugin-3-7-1-6-broken-access-control-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Elliot (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2023/47xxx/CVE-2023-47648.json b/cves/2023/47xxx/CVE-2023-47648.json new file mode 100644 index 000000000000..3365bebc1b3b --- /dev/null +++ b/cves/2023/47xxx/CVE-2023-47648.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-47648", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2023-11-07T17:36:14.650Z", + "datePublished": "2025-01-02T12:00:36.326Z", + "dateUpdated": "2025-01-02T12:00:36.326Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:36.326Z" + }, + "title": "WordPress EazyDocs plugin <= 2.3.5 - Broken Access Control vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "spider-themes", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "eazydocs", + "product": "EazyDocs", + "versions": [ + { + "lessThanOrEqual": "2.3.5", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "2.3.6", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in spider-themes EazyDocs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EazyDocs: from n/a through 2.3.5.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in spider-themes EazyDocs allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects EazyDocs: from n/a through 2.3.5.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/eazydocs/vulnerability/wordpress-eazydocs-plugin-2-3-3-broken-access-control-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 7.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "No patched version is available." + } + ], + "value": "No patched version is available." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Skalucy (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2023/47xxx/CVE-2023-47661.json b/cves/2023/47xxx/CVE-2023-47661.json new file mode 100644 index 000000000000..fe2c2d4b3b3f --- /dev/null +++ b/cves/2023/47xxx/CVE-2023-47661.json @@ -0,0 +1,123 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-47661", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2023-11-07T17:36:32.259Z", + "datePublished": "2025-01-02T12:00:36.927Z", + "dateUpdated": "2025-01-02T12:00:36.927Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:36.927Z" + }, + "title": "WordPress Dragfy Addons for Elementor plugin <= 1.0.2 - Broken Access Control + CSRF vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "Dragfy", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "dragfy-addons-for-elementor", + "product": "Dragfy Addons for Elementor", + "versions": [ + { + "lessThanOrEqual": "1.0.2", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in Dragfy Dragfy Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dragfy Addons for Elementor: from n/a through 1.0.2.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in Dragfy Dragfy Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects Dragfy Addons for Elementor: from n/a through 1.0.2.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/dragfy-addons-for-elementor/vulnerability/wordpress-dragfy-addons-for-elementor-plugin-1-0-2-broken-access-control-csrf-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 5.4, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Abdi Pranata (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2023/47xxx/CVE-2023-47689.json b/cves/2023/47xxx/CVE-2023-47689.json new file mode 100644 index 000000000000..425e31bec1a3 --- /dev/null +++ b/cves/2023/47xxx/CVE-2023-47689.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-47689", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2023-11-08T18:55:46.152Z", + "datePublished": "2025-01-02T12:00:37.500Z", + "dateUpdated": "2025-01-02T12:00:37.500Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:37.500Z" + }, + "title": "WordPress Animator plugin <= 3.0.10 - Unauthenticated Plugin Settings Change Vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "Toast Plugins", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "scroll-triggered-animations", + "product": "Animator", + "versions": [ + { + "lessThanOrEqual": "3.0.10", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "3.0.11", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in Toast Plugins Animator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Animator: from n/a through 3.0.10.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in Toast Plugins Animator allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects Animator: from n/a through 3.0.10.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/scroll-triggered-animations/vulnerability/wordpress-animator-plugin-3-0-9-unauthenticated-plugin-settings-change-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 6.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "No patched version available." + } + ], + "value": "No patched version available." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Elliot (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2023/47xxx/CVE-2023-47692.json b/cves/2023/47xxx/CVE-2023-47692.json new file mode 100644 index 000000000000..06ea486cd934 --- /dev/null +++ b/cves/2023/47xxx/CVE-2023-47692.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-47692", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2023-11-08T18:55:46.153Z", + "datePublished": "2025-01-02T12:00:38.156Z", + "dateUpdated": "2025-01-02T12:00:38.156Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:38.156Z" + }, + "title": "WordPress Flo Forms plugin <= 1.0.41 - Broken Access Control vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "Flothemes", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "flo-forms", + "product": "Flo Forms", + "versions": [ + { + "lessThanOrEqual": "1.0.41", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "1.0.42", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in Flothemes Flo Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flo Forms: from n/a through 1.0.41.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in Flothemes Flo Forms allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects Flo Forms: from n/a through 1.0.41.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/flo-forms/vulnerability/wordpress-flo-forms-plugin-1-0-41-broken-access-control-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "No patched version is available." + } + ], + "value": "No patched version is available." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Abdi Pranata (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2023/47xxx/CVE-2023-47693.json b/cves/2023/47xxx/CVE-2023-47693.json new file mode 100644 index 000000000000..a3d3bb9af252 --- /dev/null +++ b/cves/2023/47xxx/CVE-2023-47693.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-47693", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2023-11-08T18:55:46.153Z", + "datePublished": "2025-01-02T12:00:38.749Z", + "dateUpdated": "2025-01-02T12:00:38.749Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:38.749Z" + }, + "title": "WordPress Ultimate Addons for Contact Form 7 plugin <= 3.2.6 - Broken Access Control vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "Themefic", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "ultimate-addons-for-contact-form-7", + "product": "Ultimate Addons for Contact Form 7", + "versions": [ + { + "lessThanOrEqual": "3.2.6", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "3.2.7", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in Themefic Ultimate Addons for Contact Form 7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Addons for Contact Form 7: from n/a through 3.2.6.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in Themefic Ultimate Addons for Contact Form 7 allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects Ultimate Addons for Contact Form 7: from n/a through 3.2.6.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/ultimate-addons-for-contact-form-7/vulnerability/wordpress-ultimate-addons-for-contact-form-7-plugin-3-2-5-broken-access-control-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 7.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "No patched version is available." + } + ], + "value": "No patched version is available." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "minhtuanact (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/13xxx/CVE-2024-13107.json b/cves/2024/13xxx/CVE-2024-13107.json new file mode 100644 index 000000000000..410514bd2f37 --- /dev/null +++ b/cves/2024/13xxx/CVE-2024-13107.json @@ -0,0 +1,166 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-13107", + "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", + "state": "PUBLISHED", + "assignerShortName": "VulDB", + "dateReserved": "2025-01-01T08:50:35.135Z", + "datePublished": "2025-01-02T12:00:17.338Z", + "dateUpdated": "2025-01-02T12:00:17.338Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", + "shortName": "VulDB", + "dateUpdated": "2025-01-02T12:00:17.338Z" + }, + "title": "D-Link DIR-816 A2 ACL form2LocalAclEditcfg.cgi access control", + "problemTypes": [ + { + "descriptions": [ + { + "type": "CWE", + "cweId": "CWE-284", + "lang": "en", + "description": "Improper Access Controls" + } + ] + }, + { + "descriptions": [ + { + "type": "CWE", + "cweId": "CWE-266", + "lang": "en", + "description": "Incorrect Privilege Assignment" + } + ] + } + ], + "affected": [ + { + "vendor": "D-Link", + "product": "DIR-816 A2", + "versions": [ + { + "version": "1.10CNB05_R1B011D88210", + "status": "affected" + } + ], + "modules": [ + "ACL Handler" + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. It has been classified as critical. This affects an unknown part of the file /goform/form2LocalAclEditcfg.cgi of the component ACL Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "de", + "value": "Es wurde eine Schwachstelle in D-Link DIR-816 A2 1.10CNB05_R1B011D88210 ausgemacht. Sie wurde als kritisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Datei /goform/form2LocalAclEditcfg.cgi der Komponente ACL Handler. Durch das Manipulieren mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung." + } + ], + "metrics": [ + { + "cvssV4_0": { + "version": "4.0", + "baseScore": 6.9, + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", + "baseSeverity": "MEDIUM" + } + }, + { + "cvssV3_1": { + "version": "3.1", + "baseScore": 5.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + } + }, + { + "cvssV3_0": { + "version": "3.0", + "baseScore": 5.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + } + }, + { + "cvssV2_0": { + "version": "2.0", + "baseScore": 5, + "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N" + } + } + ], + "timeline": [ + { + "time": "2025-01-01T00:00:00.000Z", + "lang": "en", + "value": "Advisory disclosed" + }, + { + "time": "2025-01-01T01:00:00.000Z", + "lang": "en", + "value": "VulDB entry created" + }, + { + "time": "2025-01-01T09:55:51.000Z", + "lang": "en", + "value": "VulDB entry last update" + } + ], + "credits": [ + { + "lang": "en", + "value": "wxhwxhwxh_tutu (VulDB User)", + "type": "reporter" + } + ], + "references": [ + { + "url": "https://vuldb.com/?id.289923", + "name": "VDB-289923 | D-Link DIR-816 A2 ACL form2LocalAclEditcfg.cgi access control", + "tags": [ + "vdb-entry" + ] + }, + { + "url": "https://vuldb.com/?ctiid.289923", + "name": "VDB-289923 | CTI Indicators (IOB, IOC, TTP, IOA)", + "tags": [ + "signature", + "permissions-required" + ] + }, + { + "url": "https://vuldb.com/?submit.472087", + "name": "Submit #472087 | D-Link DIR-816 A2 v1.10 Improper Access Controls", + "tags": [ + "third-party-advisory" + ] + }, + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-816/form2LocalAclEditcfg.md", + "tags": [ + "exploit" + ] + }, + { + "url": "https://www.dlink.com/", + "tags": [ + "product" + ] + } + ], + "tags": [ + "unsupported-when-assigned" + ] + } + } +} \ No newline at end of file diff --git a/cves/2024/37xxx/CVE-2024-37093.json b/cves/2024/37xxx/CVE-2024-37093.json new file mode 100644 index 000000000000..bd58ea887087 --- /dev/null +++ b/cves/2024/37xxx/CVE-2024-37093.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-37093", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-06-03T11:44:37.495Z", + "datePublished": "2025-01-02T12:00:39.514Z", + "dateUpdated": "2025-01-02T12:00:39.514Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:39.514Z" + }, + "title": "WordPress MasterStudy LMS WordPress Plugin plugin <= 3.2.1 - Cross Site Request Forgery (CSRF) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-352", + "description": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-62", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-62 Cross Site Request Forgery" + } + ] + } + ], + "affected": [ + { + "vendor": "StylemixThemes", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "masterstudy-lms-learning-management-system", + "product": "MasterStudy LMS", + "versions": [ + { + "lessThanOrEqual": "3.2.1", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "3.2.2", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes MasterStudy LMS allows Cross Site Request Forgery.This issue affects MasterStudy LMS: from n/a through 3.2.1.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes MasterStudy LMS allows Cross Site Request Forgery.

This issue affects MasterStudy LMS: from n/a through 3.2.1.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/masterstudy-lms-learning-management-system/vulnerability/wordpress-masterstudy-lms-wordpress-plugin-plugin-3-2-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress MasterStudy LMS plugin to the latest available version (at least 3.2.2)." + } + ], + "value": "Update the WordPress MasterStudy LMS plugin to the latest available version (at least 3.2.2)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Majed Refaea (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/37xxx/CVE-2024-37102.json b/cves/2024/37xxx/CVE-2024-37102.json new file mode 100644 index 000000000000..d7cf05d56af4 --- /dev/null +++ b/cves/2024/37xxx/CVE-2024-37102.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-37102", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-06-03T11:44:54.522Z", + "datePublished": "2025-01-02T12:00:40.257Z", + "dateUpdated": "2025-01-02T12:00:40.257Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:40.257Z" + }, + "title": "WordPress Vilva theme <= 1.2.2 - Cross Site Request Forgery (CSRF) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-352", + "description": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-62", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-62 Cross Site Request Forgery" + } + ] + } + ], + "affected": [ + { + "vendor": "Blossom Themes", + "collectionURL": "https://wordpress.org/themes", + "defaultStatus": "unaffected", + "packageName": "vilva", + "product": "Vilva", + "versions": [ + { + "lessThanOrEqual": "1.2.2", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "1.2.3", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Blossom Themes Vilva allows Cross Site Request Forgery.This issue affects Vilva: from n/a through 1.2.2.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Cross-Site Request Forgery (CSRF) vulnerability in Blossom Themes Vilva allows Cross Site Request Forgery.

This issue affects Vilva: from n/a through 1.2.2.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/theme/vilva/vulnerability/wordpress-vilva-theme-1-2-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Vilva theme to the latest available version (at least 1.2.3)." + } + ], + "value": "Update the WordPress Vilva theme to the latest available version (at least 1.2.3)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Dhabaleshwar Das (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/37xxx/CVE-2024-37103.json b/cves/2024/37xxx/CVE-2024-37103.json new file mode 100644 index 000000000000..aa7ba8e8c8c0 --- /dev/null +++ b/cves/2024/37xxx/CVE-2024-37103.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-37103", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-06-03T11:44:54.522Z", + "datePublished": "2025-01-02T12:00:40.865Z", + "dateUpdated": "2025-01-02T12:00:40.865Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:40.865Z" + }, + "title": "WordPress Education Zone theme <= 1.3.4 - Cross Site Request Forgery (CSRF) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-352", + "description": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-62", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-62 Cross Site Request Forgery" + } + ] + } + ], + "affected": [ + { + "vendor": "Rara Theme", + "collectionURL": "https://wordpress.org/themes", + "defaultStatus": "unaffected", + "packageName": "education-zone", + "product": "Education Zone", + "versions": [ + { + "lessThanOrEqual": "1.3.4", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "1.3.5", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Education Zone allows Cross Site Request Forgery.This issue affects Education Zone: from n/a through 1.3.4.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Education Zone allows Cross Site Request Forgery.

This issue affects Education Zone: from n/a through 1.3.4.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/theme/education-zone/vulnerability/wordpress-education-zone-theme-1-3-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Education Zone theme to the latest available version (at least 1.3.5)." + } + ], + "value": "Update the WordPress Education Zone theme to the latest available version (at least 1.3.5)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Dhabaleshwar Das (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/37xxx/CVE-2024-37104.json b/cves/2024/37xxx/CVE-2024-37104.json new file mode 100644 index 000000000000..c332cfe22262 --- /dev/null +++ b/cves/2024/37xxx/CVE-2024-37104.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-37104", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-06-03T11:44:54.522Z", + "datePublished": "2025-01-02T12:00:41.473Z", + "dateUpdated": "2025-01-02T12:00:41.473Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:41.473Z" + }, + "title": "WordPress Chic Lite theme <= 1.1.3 - Cross Site Request Forgery (CSRF) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-352", + "description": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-62", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-62 Cross Site Request Forgery" + } + ] + } + ], + "affected": [ + { + "vendor": "Rara Theme", + "collectionURL": "https://wordpress.org/themes", + "defaultStatus": "unaffected", + "packageName": "chic-lite", + "product": "Chic Lite", + "versions": [ + { + "lessThanOrEqual": "1.1.3", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "1.1.4", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Chic Lite allows Cross Site Request Forgery.This issue affects Chic Lite: from n/a through 1.1.3.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Chic Lite allows Cross Site Request Forgery.

This issue affects Chic Lite: from n/a through 1.1.3.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/theme/chic-lite/vulnerability/wordpress-chic-lite-theme-1-1-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Chic Lite theme to the latest available version (at least 1.1.4)." + } + ], + "value": "Update the WordPress Chic Lite theme to the latest available version (at least 1.1.4)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Dhabaleshwar Das (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/37xxx/CVE-2024-37235.json b/cves/2024/37xxx/CVE-2024-37235.json new file mode 100644 index 000000000000..59f79b611f99 --- /dev/null +++ b/cves/2024/37xxx/CVE-2024-37235.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-37235", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-06-04T16:46:21.941Z", + "datePublished": "2025-01-02T12:00:42.100Z", + "dateUpdated": "2025-01-02T12:00:42.100Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:42.100Z" + }, + "title": "WordPress Groundhogg plugin <= 3.4.2.3 - Cross Site Request Forgery (CSRF) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-352", + "description": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-62", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-62 Cross Site Request Forgery" + } + ] + } + ], + "affected": [ + { + "vendor": "Groundhogg Inc.", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "groundhogg", + "product": "Groundhogg", + "versions": [ + { + "lessThanOrEqual": "3.4.2.3", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "3.4.3", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Groundhogg Inc. Groundhogg allows Cross Site Request Forgery.This issue affects Groundhogg: from n/a through 3.4.2.3.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Cross-Site Request Forgery (CSRF) vulnerability in Groundhogg Inc. Groundhogg allows Cross Site Request Forgery.

This issue affects Groundhogg: from n/a through 3.4.2.3.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/groundhogg/vulnerability/wordpress-groundhogg-plugin-3-4-2-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Groundhogg plugin to the latest available version (at least 3.4.3)." + } + ], + "value": "Update the WordPress Groundhogg plugin to the latest available version (at least 3.4.3)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Ananda Dhakal (Patchstack)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/37xxx/CVE-2024-37236.json b/cves/2024/37xxx/CVE-2024-37236.json new file mode 100644 index 000000000000..c36a37a48713 --- /dev/null +++ b/cves/2024/37xxx/CVE-2024-37236.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-37236", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-06-04T16:46:21.941Z", + "datePublished": "2025-01-02T12:00:42.709Z", + "dateUpdated": "2025-01-02T12:00:42.709Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:42.709Z" + }, + "title": "WordPress Loco Translate plugin <= 2.6.9 - Cross Site Request Forgery (CSRF) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-352", + "description": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-62", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-62 Cross Site Request Forgery" + } + ] + } + ], + "affected": [ + { + "vendor": "Tim Whitlock", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "loco-translate", + "product": "Loco Translate", + "versions": [ + { + "lessThanOrEqual": "2.6.9", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "2.6.10", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Tim Whitlock Loco Translate allows Cross Site Request Forgery.This issue affects Loco Translate: from n/a through 2.6.9.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Cross-Site Request Forgery (CSRF) vulnerability in Tim Whitlock Loco Translate allows Cross Site Request Forgery.

This issue affects Loco Translate: from n/a through 2.6.9.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/loco-translate/vulnerability/wordpress-loco-translate-plugin-2-6-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Loco Translate plugin to the latest available version (at least 2.6.10)." + } + ], + "value": "Update the WordPress Loco Translate plugin to the latest available version (at least 2.6.10)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Nosa Shandy (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/37xxx/CVE-2024-37238.json b/cves/2024/37xxx/CVE-2024-37238.json new file mode 100644 index 000000000000..f8b53fef8845 --- /dev/null +++ b/cves/2024/37xxx/CVE-2024-37238.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-37238", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-06-04T16:46:33.482Z", + "datePublished": "2025-01-02T12:00:43.267Z", + "dateUpdated": "2025-01-02T12:00:43.267Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:43.267Z" + }, + "title": "WordPress WPAdverts – Classifieds plugin <= 2.1.2 - Cross Site Request Forgery (CSRF) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-352", + "description": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-62", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-62 Cross Site Request Forgery" + } + ] + } + ], + "affected": [ + { + "vendor": "Greg Winiarski", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "wpadverts", + "product": "WPAdverts – Classifieds Plugin", + "versions": [ + { + "lessThanOrEqual": "2.1.2", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "2.1.3", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Greg Winiarski WPAdverts – Classifieds Plugin allows Cross Site Request Forgery.This issue affects WPAdverts – Classifieds Plugin: from n/a through 2.1.2.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Cross-Site Request Forgery (CSRF) vulnerability in Greg Winiarski WPAdverts – Classifieds Plugin allows Cross Site Request Forgery.

This issue affects WPAdverts – Classifieds Plugin: from n/a through 2.1.2.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/wpadverts/vulnerability/wordpress-wpadverts-classifieds-plugin-2-1-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress WPAdverts – Classifieds Plugin plugin to the latest available version (at least 2.1.3)." + } + ], + "value": "Update the WordPress WPAdverts – Classifieds Plugin plugin to the latest available version (at least 2.1.3)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Majed Refaea (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/37xxx/CVE-2024-37240.json b/cves/2024/37xxx/CVE-2024-37240.json new file mode 100644 index 000000000000..1fbd9aa4f2d4 --- /dev/null +++ b/cves/2024/37xxx/CVE-2024-37240.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-37240", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-06-04T16:46:33.482Z", + "datePublished": "2025-01-02T12:00:43.867Z", + "dateUpdated": "2025-01-02T12:00:43.867Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:43.867Z" + }, + "title": "WordPress Falang multilanguage for WordPress plugin <= 1.3.51 - Cross Site Request Forgery (CSRF) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-352", + "description": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-62", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-62 Cross Site Request Forgery" + } + ] + } + ], + "affected": [ + { + "vendor": "Faboba", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "falang", + "product": "Falang multilanguage", + "versions": [ + { + "lessThanOrEqual": "1.3.51", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "1.3.52", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Faboba Falang multilanguage allows Cross Site Request Forgery.This issue affects Falang multilanguage: from n/a through 1.3.51.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Cross-Site Request Forgery (CSRF) vulnerability in Faboba Falang multilanguage allows Cross Site Request Forgery.

This issue affects Falang multilanguage: from n/a through 1.3.51.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/falang/vulnerability/wordpress-falang-multilanguage-for-wordpress-plugin-1-3-51-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Falang multilanguage plugin to the latest available version (at least 1.3.52)." + } + ], + "value": "Update the WordPress Falang multilanguage plugin to the latest available version (at least 1.3.52)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Dhabaleshwar Das (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/37xxx/CVE-2024-37242.json b/cves/2024/37xxx/CVE-2024-37242.json new file mode 100644 index 000000000000..573df744b4db --- /dev/null +++ b/cves/2024/37xxx/CVE-2024-37242.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-37242", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-06-04T16:46:33.482Z", + "datePublished": "2025-01-02T12:00:44.450Z", + "dateUpdated": "2025-01-02T12:00:44.450Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:44.450Z" + }, + "title": "WordPress Newspack Newsletters plugin <= 2.13.2 - Cross Site Request Forgery (CSRF) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-352", + "description": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-62", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-62 Cross Site Request Forgery" + } + ] + } + ], + "affected": [ + { + "vendor": "Automattic", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "newspack-newsletters", + "product": "Newspack Newsletters", + "versions": [ + { + "lessThanOrEqual": "2.13.2", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "2.13.3", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Automattic Newspack Newsletters allows Cross Site Request Forgery.This issue affects Newspack Newsletters: from n/a through 2.13.2.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Cross-Site Request Forgery (CSRF) vulnerability in Automattic Newspack Newsletters allows Cross Site Request Forgery.

This issue affects Newspack Newsletters: from n/a through 2.13.2.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/newspack-newsletters/vulnerability/wordpress-newspack-newsletters-plugin-2-13-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Newspack Newsletters plugin to the latest available version (at least 2.13.3)." + } + ], + "value": "Update the WordPress Newspack Newsletters plugin to the latest available version (at least 2.13.3)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Rafie Muhammad (Patchstack)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/37xxx/CVE-2024-37243.json b/cves/2024/37xxx/CVE-2024-37243.json new file mode 100644 index 000000000000..774ed78b4ff7 --- /dev/null +++ b/cves/2024/37xxx/CVE-2024-37243.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-37243", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-06-04T16:46:33.482Z", + "datePublished": "2025-01-02T12:00:45.355Z", + "dateUpdated": "2025-01-02T12:00:45.355Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:45.355Z" + }, + "title": "WordPress Vandana Lite theme <= 1.1.9 - Cross Site Request Forgery (CSRF) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-352", + "description": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-62", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-62 Cross Site Request Forgery" + } + ] + } + ], + "affected": [ + { + "vendor": "Blossom Themes", + "collectionURL": "https://wordpress.org/themes", + "defaultStatus": "unaffected", + "packageName": "vandana-lite", + "product": "Vandana Lite", + "versions": [ + { + "lessThanOrEqual": "1.1.9", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "1.2.0", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Blossom Themes Vandana Lite allows Cross Site Request Forgery.This issue affects Vandana Lite: from n/a through 1.1.9.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Cross-Site Request Forgery (CSRF) vulnerability in Blossom Themes Vandana Lite allows Cross Site Request Forgery.

This issue affects Vandana Lite: from n/a through 1.1.9.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/theme/vandana-lite/vulnerability/wordpress-vandana-lite-theme-1-1-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Vandana Lite theme to the latest available version (at least 1.2.0)." + } + ], + "value": "Update the WordPress Vandana Lite theme to the latest available version (at least 1.2.0)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Dhabaleshwar Das (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/37xxx/CVE-2024-37272.json b/cves/2024/37xxx/CVE-2024-37272.json new file mode 100644 index 000000000000..a4f2d27aa29c --- /dev/null +++ b/cves/2024/37xxx/CVE-2024-37272.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-37272", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-06-04T16:47:15.488Z", + "datePublished": "2025-01-02T12:00:46.032Z", + "dateUpdated": "2025-01-02T12:00:46.032Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:46.032Z" + }, + "title": "WordPress Travel Monster theme <= 1.1.2 - Cross Site Request Forgery (CSRF) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-352", + "description": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-62", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-62 Cross Site Request Forgery" + } + ] + } + ], + "affected": [ + { + "vendor": "WP Travel Engine", + "collectionURL": "https://wordpress.org/themes", + "defaultStatus": "unaffected", + "packageName": "travel-monster", + "product": "Travel Monster", + "versions": [ + { + "lessThanOrEqual": "1.1.2", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "1.1.3", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in WP Travel Engine Travel Monster allows Cross Site Request Forgery.This issue affects Travel Monster: from n/a through 1.1.2.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Cross-Site Request Forgery (CSRF) vulnerability in WP Travel Engine Travel Monster allows Cross Site Request Forgery.

This issue affects Travel Monster: from n/a through 1.1.2.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/theme/travel-monster/vulnerability/wordpress-travel-monster-theme-1-1-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Travel Monster theme to the latest available version (at least 1.1.3)." + } + ], + "value": "Update the WordPress Travel Monster theme to the latest available version (at least 1.1.3)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Dhabaleshwar Das (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/37xxx/CVE-2024-37274.json b/cves/2024/37xxx/CVE-2024-37274.json new file mode 100644 index 000000000000..15d4a52e3a26 --- /dev/null +++ b/cves/2024/37xxx/CVE-2024-37274.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-37274", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-06-04T19:25:31.926Z", + "datePublished": "2025-01-02T12:00:46.649Z", + "dateUpdated": "2025-01-02T12:00:46.649Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:46.649Z" + }, + "title": "WordPress WP Mobile Menu plugin <= 2.8.4.3 - Cross Site Request Forgery (CSRF) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-352", + "description": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-62", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-62 Cross Site Request Forgery" + } + ] + } + ], + "affected": [ + { + "vendor": "Freshlight Lab", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "mobile-menu", + "product": "WP Mobile Menu", + "versions": [ + { + "lessThanOrEqual": "2.8.4.3", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "2.8.4.4", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Freshlight Lab WP Mobile Menu allows Cross Site Request Forgery.This issue affects WP Mobile Menu: from n/a through 2.8.4.3.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Cross-Site Request Forgery (CSRF) vulnerability in Freshlight Lab WP Mobile Menu allows Cross Site Request Forgery.

This issue affects WP Mobile Menu: from n/a through 2.8.4.3.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/mobile-menu/vulnerability/wordpress-wp-mobile-menu-the-mobile-friendly-responsive-menu-plugin-2-8-4-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress WP Mobile Menu plugin to the latest available version (at least 2.8.4.4)." + } + ], + "value": "Update the WordPress WP Mobile Menu plugin to the latest available version (at least 2.8.4.4)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Dhabaleshwar Das (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/37xxx/CVE-2024-37412.json b/cves/2024/37xxx/CVE-2024-37412.json new file mode 100644 index 000000000000..d062750aff15 --- /dev/null +++ b/cves/2024/37xxx/CVE-2024-37412.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-37412", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-06-09T08:51:13.011Z", + "datePublished": "2025-01-02T12:00:47.258Z", + "dateUpdated": "2025-01-02T12:00:47.258Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:47.258Z" + }, + "title": "WordPress Blossom Shop theme <= 1.1.7 - Cross Site Request Forgery (CSRF) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-352", + "description": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-62", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-62 Cross Site Request Forgery" + } + ] + } + ], + "affected": [ + { + "vendor": "Blossom Themes", + "collectionURL": "https://wordpress.org/themes", + "defaultStatus": "unaffected", + "packageName": "blossom-shop", + "product": "Blossom Shop", + "versions": [ + { + "lessThanOrEqual": "1.1.7", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "1.1.8", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Blossom Themes Blossom Shop allows Cross Site Request Forgery.This issue affects Blossom Shop: from n/a through 1.1.7.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Cross-Site Request Forgery (CSRF) vulnerability in Blossom Themes Blossom Shop allows Cross Site Request Forgery.

This issue affects Blossom Shop: from n/a through 1.1.7.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/theme/blossom-shop/vulnerability/wordpress-blossom-shop-theme-1-1-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Blossom Shop theme to the latest available version (at least 1.1.8)." + } + ], + "value": "Update the WordPress Blossom Shop theme to the latest available version (at least 1.1.8)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Dhabaleshwar Das (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/37xxx/CVE-2024-37413.json b/cves/2024/37xxx/CVE-2024-37413.json new file mode 100644 index 000000000000..f94ced15ac94 --- /dev/null +++ b/cves/2024/37xxx/CVE-2024-37413.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-37413", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-06-09T08:51:13.011Z", + "datePublished": "2025-01-02T12:00:47.916Z", + "dateUpdated": "2025-01-02T12:00:47.916Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:47.916Z" + }, + "title": "WordPress Preschool and Kindergarten theme <= 1.2.1 - Cross Site Request Forgery (CSRF) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-352", + "description": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-62", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-62 Cross Site Request Forgery" + } + ] + } + ], + "affected": [ + { + "vendor": "Rara Theme", + "collectionURL": "https://wordpress.org/themes", + "defaultStatus": "unaffected", + "packageName": "preschool-and-kindergarten", + "product": "Preschool and Kindergarten", + "versions": [ + { + "lessThanOrEqual": "1.2.1", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "1.2.2", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Preschool and Kindergarten allows Cross Site Request Forgery.This issue affects Preschool and Kindergarten: from n/a through 1.2.1.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Preschool and Kindergarten allows Cross Site Request Forgery.

This issue affects Preschool and Kindergarten: from n/a through 1.2.1.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/theme/preschool-and-kindergarten/vulnerability/wordpress-preschool-and-kindergarten-theme-1-2-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Preschool and Kindergarten theme to the latest available version (at least 1.2.2)." + } + ], + "value": "Update the WordPress Preschool and Kindergarten theme to the latest available version (at least 1.2.2)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Dhabaleshwar Das (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/37xxx/CVE-2024-37417.json b/cves/2024/37xxx/CVE-2024-37417.json new file mode 100644 index 000000000000..f0312c39e2db --- /dev/null +++ b/cves/2024/37xxx/CVE-2024-37417.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-37417", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-06-09T08:51:13.012Z", + "datePublished": "2025-01-02T12:00:48.533Z", + "dateUpdated": "2025-01-02T12:00:48.533Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:48.533Z" + }, + "title": "WordPress Coachify theme <= 1.0.7 - Cross Site Request Forgery (CSRF) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-352", + "description": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-62", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-62 Cross Site Request Forgery" + } + ] + } + ], + "affected": [ + { + "vendor": "Coachify", + "collectionURL": "https://wordpress.org/themes", + "defaultStatus": "unaffected", + "packageName": "coachify", + "product": "Coachify", + "versions": [ + { + "lessThanOrEqual": "1.0.7", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "1.0.8", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Coachify Coachify allows Cross Site Request Forgery.This issue affects Coachify: from n/a through 1.0.7.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Cross-Site Request Forgery (CSRF) vulnerability in Coachify Coachify allows Cross Site Request Forgery.

This issue affects Coachify: from n/a through 1.0.7.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/theme/coachify/vulnerability/wordpress-coachify-theme-1-0-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Coachify theme to the latest available version (at least 1.0.8)." + } + ], + "value": "Update the WordPress Coachify theme to the latest available version (at least 1.0.8)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Dhabaleshwar Das (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/37xxx/CVE-2024-37421.json b/cves/2024/37xxx/CVE-2024-37421.json new file mode 100644 index 000000000000..798a23027944 --- /dev/null +++ b/cves/2024/37xxx/CVE-2024-37421.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-37421", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-06-09T08:51:33.589Z", + "datePublished": "2025-01-02T12:00:49.121Z", + "dateUpdated": "2025-01-02T12:00:49.121Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:49.121Z" + }, + "title": "WordPress JobScout theme <= 1.1.4 - Cross Site Request Forgery (CSRF) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-352", + "description": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-62", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-62 Cross Site Request Forgery" + } + ] + } + ], + "affected": [ + { + "vendor": "Rara Theme", + "collectionURL": "https://wordpress.org/themes", + "defaultStatus": "unaffected", + "packageName": "jobscout", + "product": "JobScout", + "versions": [ + { + "lessThanOrEqual": "1.1.4", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "1.1.5", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme JobScout allows Cross Site Request Forgery.This issue affects JobScout: from n/a through 1.1.4.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme JobScout allows Cross Site Request Forgery.

This issue affects JobScout: from n/a through 1.1.4.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/theme/jobscout/vulnerability/wordpress-jobscout-theme-1-1-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress JobScout theme to the latest available version (at least 1.1.5)." + } + ], + "value": "Update the WordPress JobScout theme to the latest available version (at least 1.1.5)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Dhabaleshwar Das (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/37xxx/CVE-2024-37426.json b/cves/2024/37xxx/CVE-2024-37426.json new file mode 100644 index 000000000000..9803a2b106ea --- /dev/null +++ b/cves/2024/37xxx/CVE-2024-37426.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-37426", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-06-09T08:51:33.590Z", + "datePublished": "2025-01-02T12:00:49.713Z", + "dateUpdated": "2025-01-02T12:00:49.713Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:49.713Z" + }, + "title": "WordPress Elegant Pink theme 1.3.0 - Cross Site Request Forgery (CSRF) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-352", + "description": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-62", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-62 Cross Site Request Forgery" + } + ] + } + ], + "affected": [ + { + "vendor": "Rara Theme", + "collectionURL": "https://wordpress.org/themes", + "defaultStatus": "unaffected", + "packageName": "elegant-pink", + "product": "Elegant Pink", + "versions": [ + { + "lessThanOrEqual": "1.3.0", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "1.3.1", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Elegant Pink allows Cross Site Request Forgery.This issue affects Elegant Pink: from n/a through 1.3.0.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Elegant Pink allows Cross Site Request Forgery.

This issue affects Elegant Pink: from n/a through 1.3.0.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/theme/elegant-pink/vulnerability/wordpress-elegant-pink-theme-1-3-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Elegant Pink theme to the latest available version (at least 1.3.1)." + } + ], + "value": "Update the WordPress Elegant Pink theme to the latest available version (at least 1.3.1)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Dhabaleshwar Das (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/37xxx/CVE-2024-37431.json b/cves/2024/37xxx/CVE-2024-37431.json new file mode 100644 index 000000000000..0adb90fb5e4c --- /dev/null +++ b/cves/2024/37xxx/CVE-2024-37431.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-37431", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-06-09T08:51:46.247Z", + "datePublished": "2025-01-02T12:00:50.297Z", + "dateUpdated": "2025-01-02T12:00:50.297Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:50.297Z" + }, + "title": "WordPress Mesmerize theme <= 1.6.120 - Cross Site Request Forgery (CSRF) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-352", + "description": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-62", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-62 Cross Site Request Forgery" + } + ] + } + ], + "affected": [ + { + "vendor": "Horea Radu", + "collectionURL": "https://wordpress.org/themes", + "defaultStatus": "unaffected", + "packageName": "mesmerize", + "product": "Mesmerize", + "versions": [ + { + "lessThanOrEqual": "1.6.120", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "1.6.124", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Horea Radu Mesmerize allows Cross Site Request Forgery.This issue affects Mesmerize: from n/a through 1.6.120.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Cross-Site Request Forgery (CSRF) vulnerability in Horea Radu Mesmerize allows Cross Site Request Forgery.

This issue affects Mesmerize: from n/a through 1.6.120.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/theme/mesmerize/vulnerability/wordpress-mesmerize-theme-1-6-120-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Mesmerize theme to the latest available version (at least 1.6.124)." + } + ], + "value": "Update the WordPress Mesmerize theme to the latest available version (at least 1.6.124)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Dhabaleshwar Das (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/37xxx/CVE-2024-37435.json b/cves/2024/37xxx/CVE-2024-37435.json new file mode 100644 index 000000000000..9efca2e84609 --- /dev/null +++ b/cves/2024/37xxx/CVE-2024-37435.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-37435", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-06-09T08:51:46.248Z", + "datePublished": "2025-01-02T12:00:50.873Z", + "dateUpdated": "2025-01-02T12:00:50.873Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:50.873Z" + }, + "title": "WordPress Perfect Portfolio theme <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-352", + "description": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-62", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-62 Cross Site Request Forgery" + } + ] + } + ], + "affected": [ + { + "vendor": "Rara Theme", + "collectionURL": "https://wordpress.org/themes", + "defaultStatus": "unaffected", + "packageName": "perfect-portfolio", + "product": "Perfect Portfolio", + "versions": [ + { + "lessThanOrEqual": "1.2.0", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "1.2.1", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Perfect Portfolio allows Cross Site Request Forgery.This issue affects Perfect Portfolio: from n/a through 1.2.0.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Perfect Portfolio allows Cross Site Request Forgery.

This issue affects Perfect Portfolio: from n/a through 1.2.0.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/theme/perfect-portfolio/vulnerability/wordpress-perfect-portfolio-theme-1-2-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Perfect Portfolio theme to the latest available version (at least 1.2.1)." + } + ], + "value": "Update the WordPress Perfect Portfolio theme to the latest available version (at least 1.2.1)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Dhabaleshwar Das (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/37xxx/CVE-2024-37441.json b/cves/2024/37xxx/CVE-2024-37441.json new file mode 100644 index 000000000000..b8460429dd76 --- /dev/null +++ b/cves/2024/37xxx/CVE-2024-37441.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-37441", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-06-09T08:52:00.672Z", + "datePublished": "2025-01-02T12:00:51.452Z", + "dateUpdated": "2025-01-02T12:00:51.452Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:51.452Z" + }, + "title": "WordPress NewsMash theme <= 1.0.34 - Cross Site Request Forgery (CSRF) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-352", + "description": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-62", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-62 Cross Site Request Forgery" + } + ] + } + ], + "affected": [ + { + "vendor": "DesertThemes", + "collectionURL": "https://wordpress.org/themes", + "defaultStatus": "unaffected", + "packageName": "newsmash", + "product": "NewsMash", + "versions": [ + { + "lessThanOrEqual": "1.0.34", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "1.0.35", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in DesertThemes NewsMash allows Cross Site Request Forgery.This issue affects NewsMash: from n/a through 1.0.34.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Cross-Site Request Forgery (CSRF) vulnerability in DesertThemes NewsMash allows Cross Site Request Forgery.

This issue affects NewsMash: from n/a through 1.0.34.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/theme/newsmash/vulnerability/wordpress-newsmash-theme-1-0-34-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress NewsMash plugin to the latest available version (at least 1.0.35)." + } + ], + "value": "Update the WordPress NewsMash plugin to the latest available version (at least 1.0.35)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Dhabaleshwar Das (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/37xxx/CVE-2024-37448.json b/cves/2024/37xxx/CVE-2024-37448.json new file mode 100644 index 000000000000..f87483a1be27 --- /dev/null +++ b/cves/2024/37xxx/CVE-2024-37448.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-37448", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-06-09T08:52:00.675Z", + "datePublished": "2025-01-02T12:00:52.057Z", + "dateUpdated": "2025-01-02T12:00:52.057Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:52.057Z" + }, + "title": "WordPress OnePress theme <= 2.3.6 - Cross Site Request Forgery (CSRF) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-352", + "description": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-62", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-62 Cross Site Request Forgery" + } + ] + } + ], + "affected": [ + { + "vendor": "FameThemes", + "collectionURL": "https://wordpress.org/themes", + "defaultStatus": "unaffected", + "packageName": "onepress", + "product": "OnePress", + "versions": [ + { + "lessThanOrEqual": "2.3.6", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "2.3.7", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in FameThemes OnePress allows Cross Site Request Forgery.This issue affects OnePress: from n/a through 2.3.6.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Cross-Site Request Forgery (CSRF) vulnerability in FameThemes OnePress allows Cross Site Request Forgery.

This issue affects OnePress: from n/a through 2.3.6.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/theme/onepress/vulnerability/wordpress-onepress-theme-2-3-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress OnePress theme to the latest available version (at least 2.3.7)." + } + ], + "value": "Update the WordPress OnePress theme to the latest available version (at least 2.3.7)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Dhabaleshwar Das (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/37xxx/CVE-2024-37450.json b/cves/2024/37xxx/CVE-2024-37450.json new file mode 100644 index 000000000000..517c70e86474 --- /dev/null +++ b/cves/2024/37xxx/CVE-2024-37450.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-37450", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-06-09T08:52:16.573Z", + "datePublished": "2025-01-02T12:00:52.665Z", + "dateUpdated": "2025-01-02T12:00:52.665Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:52.665Z" + }, + "title": "WordPress Benevolent theme <= 1.3.4 - Cross Site Request Forgery (CSRF) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-352", + "description": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-62", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-62 Cross Site Request Forgery" + } + ] + } + ], + "affected": [ + { + "vendor": "Rara Theme", + "collectionURL": "https://wordpress.org/themes", + "defaultStatus": "unaffected", + "packageName": "benevolent", + "product": "Benevolent", + "versions": [ + { + "lessThanOrEqual": "1.3.4", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "1.3.5", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Benevolent allows Cross Site Request Forgery.This issue affects Benevolent: from n/a through 1.3.4.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Benevolent allows Cross Site Request Forgery.

This issue affects Benevolent: from n/a through 1.3.4.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/theme/benevolent/vulnerability/wordpress-benevolent-theme-1-3-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Benevolent theme to the latest available version (at least 1.3.5)." + } + ], + "value": "Update the WordPress Benevolent theme to the latest available version (at least 1.3.5)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Dhabaleshwar Das (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/37xxx/CVE-2024-37451.json b/cves/2024/37xxx/CVE-2024-37451.json new file mode 100644 index 000000000000..4e5860bb3a3f --- /dev/null +++ b/cves/2024/37xxx/CVE-2024-37451.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-37451", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-06-09T08:52:16.573Z", + "datePublished": "2025-01-02T12:00:53.246Z", + "dateUpdated": "2025-01-02T12:00:53.246Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:53.246Z" + }, + "title": "WordPress Travel Agency theme <= 1.4.9 - Cross Site Request Forgery (CSRF) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-352", + "description": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-62", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-62 Cross Site Request Forgery" + } + ] + } + ], + "affected": [ + { + "vendor": "Rara Theme", + "collectionURL": "https://wordpress.org/themes", + "defaultStatus": "unaffected", + "packageName": "travel-agency", + "product": "Travel Agency", + "versions": [ + { + "lessThanOrEqual": "1.4.9", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "1.5.0", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Travel Agency allows Cross Site Request Forgery.This issue affects Travel Agency: from n/a through 1.4.9.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Travel Agency allows Cross Site Request Forgery.

This issue affects Travel Agency: from n/a through 1.4.9.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/theme/travel-agency/vulnerability/wordpress-travel-agency-theme-1-4-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Travel Agency theme to the latest available version (at least 1.5.0)." + } + ], + "value": "Update the WordPress Travel Agency theme to the latest available version (at least 1.5.0)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Dhabaleshwar Das (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/37xxx/CVE-2024-37458.json b/cves/2024/37xxx/CVE-2024-37458.json new file mode 100644 index 000000000000..4e341daf1753 --- /dev/null +++ b/cves/2024/37xxx/CVE-2024-37458.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-37458", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-06-09T08:52:16.574Z", + "datePublished": "2025-01-02T12:00:53.830Z", + "dateUpdated": "2025-01-02T12:00:53.830Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:53.830Z" + }, + "title": "WordPress Highlight theme <= 1.0.29 - Cross Site Request Forgery (CSRF) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-352", + "description": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-62", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-62 Cross Site Request Forgery" + } + ] + } + ], + "affected": [ + { + "vendor": "ExtendThemes", + "collectionURL": "https://wordpress.org/themes", + "defaultStatus": "unaffected", + "packageName": "highlight", + "product": "Highlight", + "versions": [ + { + "lessThanOrEqual": "1.0.29", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "1.0.30", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in ExtendThemes Highlight allows Cross Site Request Forgery.This issue affects Highlight: from n/a through 1.0.29.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Cross-Site Request Forgery (CSRF) vulnerability in ExtendThemes Highlight allows Cross Site Request Forgery.

This issue affects Highlight: from n/a through 1.0.29.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/theme/highlight/vulnerability/wordpress-highlight-theme-1-0-29-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Highlight theme to the latest available version (at least 1.0.30)." + } + ], + "value": "Update the WordPress Highlight theme to the latest available version (at least 1.0.30)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Dhabaleshwar Das (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/37xxx/CVE-2024-37467.json b/cves/2024/37xxx/CVE-2024-37467.json new file mode 100644 index 000000000000..062fbd6bdcbd --- /dev/null +++ b/cves/2024/37xxx/CVE-2024-37467.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-37467", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-06-09T08:52:28.718Z", + "datePublished": "2025-01-02T12:00:54.403Z", + "dateUpdated": "2025-01-02T12:00:54.403Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:54.403Z" + }, + "title": "WordPress Hestia theme <= 3.1.2 - Cross Site Request Forgery (CSRF) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-352", + "description": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-62", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-62 Cross Site Request Forgery" + } + ] + } + ], + "affected": [ + { + "vendor": "ThemeIsle", + "collectionURL": "https://wordpress.org/themes", + "defaultStatus": "unaffected", + "packageName": "hestia", + "product": "Hestia", + "versions": [ + { + "lessThanOrEqual": "3.1.2", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "3.1.3", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in ThemeIsle Hestia allows Cross Site Request Forgery.This issue affects Hestia: from n/a through 3.1.2.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Cross-Site Request Forgery (CSRF) vulnerability in ThemeIsle Hestia allows Cross Site Request Forgery.

This issue affects Hestia: from n/a through 3.1.2.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/theme/hestia/vulnerability/wordpress-hestia-theme-3-1-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Hestia theme to the latest available version (at least 3.1.3)." + } + ], + "value": "Update the WordPress Hestia theme to the latest available version (at least 3.1.3)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Dhabaleshwar Das (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/37xxx/CVE-2024-37469.json b/cves/2024/37xxx/CVE-2024-37469.json new file mode 100644 index 000000000000..105693d11a2d --- /dev/null +++ b/cves/2024/37xxx/CVE-2024-37469.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-37469", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-06-09T11:43:13.094Z", + "datePublished": "2025-01-02T12:00:54.991Z", + "dateUpdated": "2025-01-02T12:00:54.991Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:54.991Z" + }, + "title": "WordPress Blocksy theme <= 1.9.5 - Cross Site Request Forgery (CSRF) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-352", + "description": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-62", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-62 Cross Site Request Forgery" + } + ] + } + ], + "affected": [ + { + "vendor": "CreativeThemes", + "collectionURL": "https://wordpress.org/themes", + "defaultStatus": "unaffected", + "packageName": "blocksy", + "product": "Blocksy", + "versions": [ + { + "lessThanOrEqual": "2.0.22", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "2.0.23", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in CreativeThemes Blocksy allows Cross Site Request Forgery.This issue affects Blocksy: from n/a through 2.0.22.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Cross-Site Request Forgery (CSRF) vulnerability in CreativeThemes Blocksy allows Cross Site Request Forgery.

This issue affects Blocksy: from n/a through 2.0.22.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/theme/blocksy/vulnerability/wordpress-blocksy-theme-1-9-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 5.4, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Blocksy theme to the latest available version (at least 2.0.23)." + } + ], + "value": "Update the WordPress Blocksy theme to the latest available version (at least 2.0.23)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "RE-ALTER (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/37xxx/CVE-2024-37473.json b/cves/2024/37xxx/CVE-2024-37473.json new file mode 100644 index 000000000000..e079287af457 --- /dev/null +++ b/cves/2024/37xxx/CVE-2024-37473.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-37473", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-06-09T11:43:13.095Z", + "datePublished": "2025-01-02T12:00:55.611Z", + "dateUpdated": "2025-01-02T12:00:55.611Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:55.611Z" + }, + "title": "WordPress Trendy News theme <= 1.0.15 - Cross Site Request Forgery (CSRF) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-352", + "description": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-62", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-62 Cross Site Request Forgery" + } + ] + } + ], + "affected": [ + { + "vendor": "BlazeThemes", + "collectionURL": "https://wordpress.org/themes", + "defaultStatus": "unaffected", + "packageName": "trendy-news", + "product": "Trendy News", + "versions": [ + { + "lessThanOrEqual": "1.0.15", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "1.0.16", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in BlazeThemes Trendy News allows Cross Site Request Forgery.This issue affects Trendy News: from n/a through 1.0.15.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Cross-Site Request Forgery (CSRF) vulnerability in BlazeThemes Trendy News allows Cross Site Request Forgery.

This issue affects Trendy News: from n/a through 1.0.15.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/theme/trendy-news/vulnerability/wordpress-trendy-news-theme-1-0-15-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Trendy News theme to the latest available version (at least 1.0.16)." + } + ], + "value": "Update the WordPress Trendy News theme to the latest available version (at least 1.0.16)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Dhabaleshwar Das (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/37xxx/CVE-2024-37478.json b/cves/2024/37xxx/CVE-2024-37478.json new file mode 100644 index 000000000000..b09d51d639ca --- /dev/null +++ b/cves/2024/37xxx/CVE-2024-37478.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-37478", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-06-09T11:43:13.096Z", + "datePublished": "2025-01-02T12:00:56.190Z", + "dateUpdated": "2025-01-02T12:00:56.190Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:56.190Z" + }, + "title": "WordPress Ashe theme <= 2.233 - Cross Site Request Forgery (CSRF) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-352", + "description": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-62", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-62 Cross Site Request Forgery" + } + ] + } + ], + "affected": [ + { + "vendor": "WP Royal", + "collectionURL": "https://wordpress.org/themes", + "defaultStatus": "unaffected", + "packageName": "ashe", + "product": "Ashe", + "versions": [ + { + "lessThanOrEqual": "2.233", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "2.234", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in WP Royal Ashe allows Cross Site Request Forgery.This issue affects Ashe: from n/a through 2.233.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Cross-Site Request Forgery (CSRF) vulnerability in WP Royal Ashe allows Cross Site Request Forgery.

This issue affects Ashe: from n/a through 2.233.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/theme/ashe/vulnerability/wordpress-ashe-theme-2-233-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Ashe theme to the latest available version (at least 2.234)." + } + ], + "value": "Update the WordPress Ashe theme to the latest available version (at least 2.234)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Dhabaleshwar Das (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/37xxx/CVE-2024-37490.json b/cves/2024/37xxx/CVE-2024-37490.json new file mode 100644 index 000000000000..6fb95c260b64 --- /dev/null +++ b/cves/2024/37xxx/CVE-2024-37490.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-37490", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-06-09T11:43:52.669Z", + "datePublished": "2025-01-02T12:00:56.765Z", + "dateUpdated": "2025-01-02T12:00:56.765Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:56.765Z" + }, + "title": "WordPress Bard theme <= 2.210 - Cross Site Request Forgery (CSRF) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-352", + "description": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-62", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-62 Cross Site Request Forgery" + } + ] + } + ], + "affected": [ + { + "vendor": "WP Royal", + "collectionURL": "https://wordpress.org/themes", + "defaultStatus": "unaffected", + "packageName": "bard", + "product": "Bard", + "versions": [ + { + "lessThanOrEqual": "2.210", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "2.211", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in WP Royal Bard allows Cross Site Request Forgery.This issue affects Bard: from n/a through 2.210.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Cross-Site Request Forgery (CSRF) vulnerability in WP Royal Bard allows Cross Site Request Forgery.

This issue affects Bard: from n/a through 2.210.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/theme/bard/vulnerability/wordpress-bard-theme-2-210-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Bard theme to the latest available version (at least 2.211)." + } + ], + "value": "Update the WordPress Bard theme to the latest available version (at least 2.211)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Dhabaleshwar Das (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/37xxx/CVE-2024-37491.json b/cves/2024/37xxx/CVE-2024-37491.json new file mode 100644 index 000000000000..013872e96dad --- /dev/null +++ b/cves/2024/37xxx/CVE-2024-37491.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-37491", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-06-09T11:43:52.669Z", + "datePublished": "2025-01-02T12:00:57.359Z", + "dateUpdated": "2025-01-02T12:00:57.359Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:57.359Z" + }, + "title": "WordPress Rife Free theme <= 2.4.18 - Cross Site Request Forgery (CSRF) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-352", + "description": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-62", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-62 Cross Site Request Forgery" + } + ] + } + ], + "affected": [ + { + "vendor": "Apollo13Themes", + "collectionURL": "https://wordpress.org/themes", + "defaultStatus": "unaffected", + "packageName": "rife-free", + "product": "Rife Free", + "versions": [ + { + "lessThanOrEqual": "2.4.18", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "2.4.19", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Apollo13Themes Rife Free allows Cross Site Request Forgery.This issue affects Rife Free: from n/a through 2.4.18.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Cross-Site Request Forgery (CSRF) vulnerability in Apollo13Themes Rife Free allows Cross Site Request Forgery.

This issue affects Rife Free: from n/a through 2.4.18.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/theme/rife-free/vulnerability/wordpress-rife-free-theme-2-4-18-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Rife Free theme to the latest available version (at least 2.4.19)." + } + ], + "value": "Update the WordPress Rife Free theme to the latest available version (at least 2.4.19)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Dhabaleshwar Das (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/37xxx/CVE-2024-37493.json b/cves/2024/37xxx/CVE-2024-37493.json new file mode 100644 index 000000000000..9b5a422a1a4d --- /dev/null +++ b/cves/2024/37xxx/CVE-2024-37493.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-37493", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-06-09T11:43:52.669Z", + "datePublished": "2025-01-02T12:00:57.947Z", + "dateUpdated": "2025-01-02T12:00:57.947Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:57.947Z" + }, + "title": "WordPress Posterity theme <= 3.3 - Cross Site Request Forgery (CSRF) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-352", + "description": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-62", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-62 Cross Site Request Forgery" + } + ] + } + ], + "affected": [ + { + "vendor": "SKT Themes", + "collectionURL": "https://wordpress.org/themes", + "defaultStatus": "unaffected", + "packageName": "posterity", + "product": "Posterity", + "versions": [ + { + "lessThanOrEqual": "3.3", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "3.4", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in SKT Themes Posterity allows Cross Site Request Forgery.This issue affects Posterity: from n/a through 3.3.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Cross-Site Request Forgery (CSRF) vulnerability in SKT Themes Posterity allows Cross Site Request Forgery.

This issue affects Posterity: from n/a through 3.3.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/theme/posterity/vulnerability/wordpress-posterity-theme-3-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Posterity theme to the latest available version (at least 3.4)." + } + ], + "value": "Update the WordPress Posterity theme to the latest available version (at least 3.4)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Dhabaleshwar Das (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/37xxx/CVE-2024-37503.json b/cves/2024/37xxx/CVE-2024-37503.json new file mode 100644 index 000000000000..ae26bf9e3d1b --- /dev/null +++ b/cves/2024/37xxx/CVE-2024-37503.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-37503", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-06-09T11:44:27.537Z", + "datePublished": "2025-01-02T12:00:58.527Z", + "dateUpdated": "2025-01-02T12:00:58.527Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:58.527Z" + }, + "title": "WordPress Lawyer Landing Page theme <= 1.2.4 - Cross Site Request Forgery (CSRF) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-352", + "description": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-62", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-62 Cross Site Request Forgery" + } + ] + } + ], + "affected": [ + { + "vendor": "Rara Theme", + "collectionURL": "https://wordpress.org/themes", + "defaultStatus": "unaffected", + "packageName": "lawyer-landing-page", + "product": "Lawyer Landing Page", + "versions": [ + { + "lessThanOrEqual": "1.2.4", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "1.2.5", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Lawyer Landing Page allows Cross Site Request Forgery.This issue affects Lawyer Landing Page: from n/a through 1.2.4.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Lawyer Landing Page allows Cross Site Request Forgery.

This issue affects Lawyer Landing Page: from n/a through 1.2.4.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/theme/lawyer-landing-page/vulnerability/wordpress-lawyer-landing-page-theme-1-2-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Lawyer Landing Page theme to the latest available version (at least 1.2.5)." + } + ], + "value": "Update the WordPress Lawyer Landing Page theme to the latest available version (at least 1.2.5)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Dhabaleshwar Das (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/37xxx/CVE-2024-37508.json b/cves/2024/37xxx/CVE-2024-37508.json new file mode 100644 index 000000000000..6795393194b7 --- /dev/null +++ b/cves/2024/37xxx/CVE-2024-37508.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-37508", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-06-09T13:11:08.417Z", + "datePublished": "2025-01-02T12:00:59.095Z", + "dateUpdated": "2025-01-02T12:00:59.095Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:59.095Z" + }, + "title": "WordPress Construction Landing Page theme <= 1.3.5 - Cross Site Request Forgery (CSRF) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-352", + "description": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-62", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-62 Cross Site Request Forgery" + } + ] + } + ], + "affected": [ + { + "vendor": "Rara Theme", + "collectionURL": "https://wordpress.org/themes", + "defaultStatus": "unaffected", + "packageName": "construction-landing-page", + "product": "Construction Landing Page", + "versions": [ + { + "lessThanOrEqual": "1.3.5", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "1.3.6", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Construction Landing Page allows Cross Site Request Forgery.This issue affects Construction Landing Page: from n/a through 1.3.5.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Construction Landing Page allows Cross Site Request Forgery.

This issue affects Construction Landing Page: from n/a through 1.3.5.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/theme/construction-landing-page/vulnerability/wordpress-construction-landing-page-theme-1-3-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Construction Landing Page theme to the latest available version (at least 1.3.6)." + } + ], + "value": "Update the WordPress Construction Landing Page theme to the latest available version (at least 1.3.6)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Dhabaleshwar Das (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/37xxx/CVE-2024-37511.json b/cves/2024/37xxx/CVE-2024-37511.json new file mode 100644 index 000000000000..857a94f8c064 --- /dev/null +++ b/cves/2024/37xxx/CVE-2024-37511.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-37511", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-06-09T13:11:08.417Z", + "datePublished": "2025-01-02T12:00:59.680Z", + "dateUpdated": "2025-01-02T12:00:59.680Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:00:59.680Z" + }, + "title": "WordPress Swift Performance Lite plugin <= 2.3.6.20 - Cross Site Request Forgery (CSRF) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-352", + "description": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-62", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-62 Cross Site Request Forgery" + } + ] + } + ], + "affected": [ + { + "vendor": "SWTE", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "swift-performance-lite", + "product": "Swift Performance Lite", + "versions": [ + { + "lessThanOrEqual": "2.3.6.20", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "2.3.6.21", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in SWTE Swift Performance Lite allows Cross Site Request Forgery.This issue affects Swift Performance Lite: from n/a through 2.3.6.20.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Cross-Site Request Forgery (CSRF) vulnerability in SWTE Swift Performance Lite allows Cross Site Request Forgery.

This issue affects Swift Performance Lite: from n/a through 2.3.6.20.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/swift-performance-lite/vulnerability/wordpress-swift-performance-lite-plugin-2-3-6-20-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Swift Performance Lite plugin to the latest available version (at least 2.3.6.21)." + } + ], + "value": "Update the WordPress Swift Performance Lite plugin to the latest available version (at least 2.3.6.21)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Dhabaleshwar Das (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/37xxx/CVE-2024-37518.json b/cves/2024/37xxx/CVE-2024-37518.json new file mode 100644 index 000000000000..3e6bcf2db2f7 --- /dev/null +++ b/cves/2024/37xxx/CVE-2024-37518.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-37518", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-06-09T13:11:26.616Z", + "datePublished": "2025-01-02T12:01:00.614Z", + "dateUpdated": "2025-01-02T12:01:00.614Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:01:00.614Z" + }, + "title": "WordPress The Events Calendar plugin <= 6.5.1.4 - Cross Site Request Forgery (CSRF) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-352", + "description": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-62", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-62 Cross Site Request Forgery" + } + ] + } + ], + "affected": [ + { + "vendor": "The Events Calendar", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "the-events-calendar", + "product": "The Events Calendar", + "versions": [ + { + "lessThanOrEqual": "6.5.1.4", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "6.5.1.5", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in The Events Calendar The Events Calendar allows Cross Site Request Forgery.This issue affects The Events Calendar: from n/a through 6.5.1.4.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Cross-Site Request Forgery (CSRF) vulnerability in The Events Calendar The Events Calendar allows Cross Site Request Forgery.

This issue affects The Events Calendar: from n/a through 6.5.1.4.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/the-events-calendar/vulnerability/wordpress-the-events-calendar-plugin-6-5-1-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress The Events Calendar plugin to the latest available version (at least 6.5.1.5)." + } + ], + "value": "Update the WordPress The Events Calendar plugin to the latest available version (at least 6.5.1.5)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Rafie Muhammad (Patchstack)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/37xxx/CVE-2024-37540.json b/cves/2024/37xxx/CVE-2024-37540.json new file mode 100644 index 000000000000..4b142ccf7dab --- /dev/null +++ b/cves/2024/37xxx/CVE-2024-37540.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-37540", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-06-09T18:16:46.936Z", + "datePublished": "2025-01-02T12:01:01.252Z", + "dateUpdated": "2025-01-02T12:01:01.252Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:01:01.252Z" + }, + "title": "WordPress Leaky Paywall plugin <= 4.21.2 - Cross Site Request Forgery (CSRF) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-352", + "description": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-62", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-62 Cross Site Request Forgery" + } + ] + } + ], + "affected": [ + { + "vendor": "Leaky Paywall", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "leaky-paywall", + "product": "Leaky Paywall", + "versions": [ + { + "lessThanOrEqual": "4.21.2", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "4.21.3", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Leaky Paywall Leaky Paywall allows Cross Site Request Forgery.This issue affects Leaky Paywall: from n/a through 4.21.2.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Cross-Site Request Forgery (CSRF) vulnerability in Leaky Paywall Leaky Paywall allows Cross Site Request Forgery.

This issue affects Leaky Paywall: from n/a through 4.21.2.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/leaky-paywall/vulnerability/wordpress-leaky-paywall-plugin-4-21-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "No patched version is available." + } + ], + "value": "No patched version is available." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Ananda Dhakal (Patchstack)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/37xxx/CVE-2024-37543.json b/cves/2024/37xxx/CVE-2024-37543.json new file mode 100644 index 000000000000..83d748079eac --- /dev/null +++ b/cves/2024/37xxx/CVE-2024-37543.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-37543", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-06-09T18:16:46.937Z", + "datePublished": "2025-01-02T12:01:02.297Z", + "dateUpdated": "2025-01-02T12:01:02.297Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:01:02.297Z" + }, + "title": "WordPress Ultimate Auction plugin <= 4.2.5 - Cross Site Request Forgery (CSRF) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-352", + "description": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-62", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-62 Cross Site Request Forgery" + } + ] + } + ], + "affected": [ + { + "vendor": "Nitesh Singh", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "ultimate-auction", + "product": "Ultimate Auction", + "versions": [ + { + "lessThanOrEqual": "4.2.5", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "4.2.6", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Nitesh Singh Ultimate Auction allows Cross Site Request Forgery.This issue affects Ultimate Auction : from n/a through 4.2.5.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Cross-Site Request Forgery (CSRF) vulnerability in Nitesh Singh Ultimate Auction allows Cross Site Request Forgery.

This issue affects Ultimate Auction : from n/a through 4.2.5.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/ultimate-auction/vulnerability/wordpress-ultimate-auction-plugin-4-2-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "No patched version is available." + } + ], + "value": "No patched version is available." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Majed Refaea (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/37xxx/CVE-2024-37937.json b/cves/2024/37xxx/CVE-2024-37937.json new file mode 100644 index 000000000000..0024596c6098 --- /dev/null +++ b/cves/2024/37xxx/CVE-2024-37937.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-37937", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-06-10T21:14:12.906Z", + "datePublished": "2025-01-02T12:01:02.910Z", + "dateUpdated": "2025-01-02T12:01:02.910Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:01:02.910Z" + }, + "title": "WordPress Rara Business theme <= 1.2.5 - Cross Site Request Forgery (CSRF) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-352", + "description": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-62", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-62 Cross Site Request Forgery" + } + ] + } + ], + "affected": [ + { + "vendor": "Rara Theme", + "collectionURL": "https://wordpress.org/themes", + "defaultStatus": "unaffected", + "packageName": "rara-business", + "product": "Rara Business", + "versions": [ + { + "lessThanOrEqual": "1.2.5", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "1.2.6", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Rara Business allows Cross Site Request Forgery.This issue affects Rara Business: from n/a through 1.2.5.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Rara Business allows Cross Site Request Forgery.

This issue affects Rara Business: from n/a through 1.2.5.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/theme/rara-business/vulnerability/wordpress-rara-business-theme-1-2-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Rara Business theme to the latest available version (at least 1.2.6)." + } + ], + "value": "Update the WordPress Rara Business theme to the latest available version (at least 1.2.6)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Dhabaleshwar Das (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/38xxx/CVE-2024-38691.json b/cves/2024/38xxx/CVE-2024-38691.json new file mode 100644 index 000000000000..dcdddfed433a --- /dev/null +++ b/cves/2024/38xxx/CVE-2024-38691.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-38691", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-06-19T11:15:58.115Z", + "datePublished": "2025-01-02T12:01:03.529Z", + "dateUpdated": "2025-01-02T12:01:03.529Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:01:03.529Z" + }, + "title": "WordPress Metorik plugin <= 1.7.1 - Cross Site Request Forgery (CSRF) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-352", + "description": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-62", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-62 Cross Site Request Forgery" + } + ] + } + ], + "affected": [ + { + "vendor": "Metorik", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "metorik-helper", + "product": "Metorik – Reports & Email Automation for WooCommerce", + "versions": [ + { + "lessThanOrEqual": "1.7.1", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "1.7.2", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Metorik Metorik – Reports & Email Automation for WooCommerce allows Cross Site Request Forgery.This issue affects Metorik – Reports & Email Automation for WooCommerce: from n/a through 1.7.1.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Cross-Site Request Forgery (CSRF) vulnerability in Metorik Metorik – Reports & Email Automation for WooCommerce allows Cross Site Request Forgery.

This issue affects Metorik – Reports & Email Automation for WooCommerce: from n/a through 1.7.1.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/metorik-helper/vulnerability/wordpress-metorik-plugin-1-7-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update tauthhe WordPress Metorik – Reports & Email Automation for WooCommerce plugin to the latest available version (at least 1.7.2)." + } + ], + "value": "Update tauthhe WordPress Metorik – Reports & Email Automation for WooCommerce plugin to the latest available version (at least 1.7.2)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Majed Refaea (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/38xxx/CVE-2024-38729.json b/cves/2024/38xxx/CVE-2024-38729.json new file mode 100644 index 000000000000..840fd60b9ea6 --- /dev/null +++ b/cves/2024/38xxx/CVE-2024-38729.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-38729", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-06-19T11:16:45.897Z", + "datePublished": "2025-01-02T12:01:04.146Z", + "dateUpdated": "2025-01-02T12:01:04.146Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:01:04.146Z" + }, + "title": "WordPress MBE eShip plugin <= 2.1.2 - Cross Site Request Forgery (CSRF) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-352", + "description": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-62", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-62 Cross Site Request Forgery" + } + ] + } + ], + "affected": [ + { + "vendor": "MBE Worldwide S.p.A.", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "mail-boxes-etc", + "product": "MBE eShip", + "versions": [ + { + "lessThanOrEqual": "2.1.2", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "2.2.1", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in MBE Worldwide S.p.A. MBE eShip allows Cross Site Request Forgery.This issue affects MBE eShip: from n/a through 2.1.2.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Cross-Site Request Forgery (CSRF) vulnerability in MBE Worldwide S.p.A. MBE eShip allows Cross Site Request Forgery.

This issue affects MBE eShip: from n/a through 2.1.2.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/mail-boxes-etc/vulnerability/wordpress-mbe-eship-plugin-2-1-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 5.4, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "No patched version is available. This plugin has been closed as of July 10, 2024 and is not available for download. This closure is temporary, pending a full review." + } + ], + "value": "No patched version is available. This plugin has been closed as of July 10, 2024 and is not available for download. This closure is temporary, pending a full review." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Joshua Chan (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/38xxx/CVE-2024-38751.json b/cves/2024/38xxx/CVE-2024-38751.json new file mode 100644 index 000000000000..bb5bc98b9643 --- /dev/null +++ b/cves/2024/38xxx/CVE-2024-38751.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-38751", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-06-19T11:17:14.714Z", + "datePublished": "2025-01-02T12:01:04.748Z", + "dateUpdated": "2025-01-02T12:01:04.748Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:01:04.748Z" + }, + "title": "WordPress AdsforWP plugin <= 1.9.28 - Cross Site Request Forgery (CSRF) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-352", + "description": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-62", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-62 Cross Site Request Forgery" + } + ] + } + ], + "affected": [ + { + "vendor": "Magazine3", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "ads-for-wp", + "product": "Google Adsense & Banner Ads by AdsforWP", + "versions": [ + { + "lessThanOrEqual": "1.9.28", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "1.9.29", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Magazine3 Google Adsense & Banner Ads by AdsforWP allows Cross Site Request Forgery.This issue affects Google Adsense & Banner Ads by AdsforWP: from n/a through 1.9.28.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Cross-Site Request Forgery (CSRF) vulnerability in Magazine3 Google Adsense & Banner Ads by AdsforWP allows Cross Site Request Forgery.

This issue affects Google Adsense & Banner Ads by AdsforWP: from n/a through 1.9.28.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/ads-for-wp/vulnerability/wordpress-adsforwp-plugin-1-9-28-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "No patched version is available. This plugin has been closed as of July 10, 2024 and is not available for download. This closure is temporary, pending a full review." + } + ], + "value": "No patched version is available. This plugin has been closed as of July 10, 2024 and is not available for download. This closure is temporary, pending a full review." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Majed Refaea (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/38xxx/CVE-2024-38753.json b/cves/2024/38xxx/CVE-2024-38753.json new file mode 100644 index 000000000000..65215bc376c7 --- /dev/null +++ b/cves/2024/38xxx/CVE-2024-38753.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-38753", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-06-19T11:17:14.714Z", + "datePublished": "2025-01-02T12:01:05.330Z", + "dateUpdated": "2025-01-02T12:01:05.330Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:01:05.330Z" + }, + "title": "WordPress Animated Rotating Words Plugin <= 5.6 - Cross Site Request Forgery (CSRF) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-352", + "description": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-62", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-62 Cross Site Request Forgery" + } + ] + } + ], + "affected": [ + { + "vendor": "Labib Ahmed", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "css3-rotating-words", + "product": "Animated Rotating Words", + "versions": [ + { + "lessThanOrEqual": "5.6", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "5.7", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Labib Ahmed Animated Rotating Words allows Cross Site Request Forgery.This issue affects Animated Rotating Words: from n/a through 5.6.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Cross-Site Request Forgery (CSRF) vulnerability in Labib Ahmed Animated Rotating Words allows Cross Site Request Forgery.

This issue affects Animated Rotating Words: from n/a through 5.6.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/css3-rotating-words/vulnerability/wordpress-animated-rotating-words-plugin-5-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "No patched version is available. This plugin has been closed as of July 10, 2024 and is not available for download. This closure is temporary, pending a full review." + } + ], + "value": "No patched version is available. This plugin has been closed as of July 10, 2024 and is not available for download. This closure is temporary, pending a full review." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Majed Refaea (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/38xxx/CVE-2024-38754.json b/cves/2024/38xxx/CVE-2024-38754.json new file mode 100644 index 000000000000..964f91399563 --- /dev/null +++ b/cves/2024/38xxx/CVE-2024-38754.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-38754", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-06-19T11:17:14.714Z", + "datePublished": "2025-01-02T12:01:05.907Z", + "dateUpdated": "2025-01-02T12:01:05.907Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:01:05.907Z" + }, + "title": "WordPress Tagbox plugin <= 3.3 - Cross Site Request Forgery (CSRF) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-352", + "description": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-62", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-62 Cross Site Request Forgery" + } + ] + } + ], + "affected": [ + { + "vendor": "Tagbox", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "taggbox-widget", + "product": "Taggbox", + "versions": [ + { + "lessThanOrEqual": "3.3", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "3.4", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Tagbox Taggbox allows Cross Site Request Forgery.This issue affects Taggbox: from n/a through 3.3.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Cross-Site Request Forgery (CSRF) vulnerability in Tagbox Taggbox allows Cross Site Request Forgery.

This issue affects Taggbox: from n/a through 3.3.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/taggbox-widget/vulnerability/wordpress-tagbox-plugin-3-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "No patched version is available. This plugin has been closed as of July 10, 2024 and is not available for download. This closure is temporary, pending a full review." + } + ], + "value": "No patched version is available. This plugin has been closed as of July 10, 2024 and is not available for download. This closure is temporary, pending a full review." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Majed Refaea (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/38xxx/CVE-2024-38762.json b/cves/2024/38xxx/CVE-2024-38762.json new file mode 100644 index 000000000000..6c0c78cc58e1 --- /dev/null +++ b/cves/2024/38xxx/CVE-2024-38762.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-38762", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-06-19T11:17:27.406Z", + "datePublished": "2025-01-02T12:01:06.486Z", + "dateUpdated": "2025-01-02T12:01:06.486Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:01:06.486Z" + }, + "title": "WordPress Event Tickets and Registration plugin <= 5.11.0.4 - Cross Site Request Forgery (CSRF) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-352", + "description": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-62", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-62 Cross Site Request Forgery" + } + ] + } + ], + "affected": [ + { + "vendor": "The Events Calendar", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "event-tickets", + "product": "Event Tickets", + "versions": [ + { + "lessThanOrEqual": "5.11.0.4", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "5.11.0.5", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in The Events Calendar Event Tickets allows Cross Site Request Forgery.This issue affects Event Tickets: from n/a through 5.11.0.4.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Cross-Site Request Forgery (CSRF) vulnerability in The Events Calendar Event Tickets allows Cross Site Request Forgery.

This issue affects Event Tickets: from n/a through 5.11.0.4.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/event-tickets/vulnerability/wordpress-event-tickets-and-registration-plugin-5-11-0-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Event Tickets plugin to the latest available version (at least 5.11.0.5)." + } + ], + "value": "Update the WordPress Event Tickets plugin to the latest available version (at least 5.11.0.5)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Joshua Chan (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/38xxx/CVE-2024-38763.json b/cves/2024/38xxx/CVE-2024-38763.json new file mode 100644 index 000000000000..14b470dac219 --- /dev/null +++ b/cves/2024/38xxx/CVE-2024-38763.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-38763", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-06-19T11:17:27.406Z", + "datePublished": "2025-01-02T12:01:07.075Z", + "dateUpdated": "2025-01-02T12:01:07.075Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:01:07.075Z" + }, + "title": "WordPress Popularis Verse theme <= 1.1.1 - Cross Site Request Forgery (CSRF) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-352", + "description": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-62", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-62 Cross Site Request Forgery" + } + ] + } + ], + "affected": [ + { + "vendor": "Themes4WP", + "collectionURL": "https://wordpress.org/themes", + "defaultStatus": "unaffected", + "packageName": "popularis-verse", + "product": "Popularis Verse", + "versions": [ + { + "lessThanOrEqual": "1.1.1", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "1.1.2", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Themes4WP Popularis Verse allows Cross Site Request Forgery.This issue affects Popularis Verse: from n/a through 1.1.1.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Cross-Site Request Forgery (CSRF) vulnerability in Themes4WP Popularis Verse allows Cross Site Request Forgery.

This issue affects Popularis Verse: from n/a through 1.1.1.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/theme/popularis-verse/vulnerability/wordpress-popularis-verse-theme-1-0-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "No patched version is available. WP review team notified." + } + ], + "value": "No patched version is available. WP review team notified." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Dhabaleshwar Das (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/38xxx/CVE-2024-38765.json b/cves/2024/38xxx/CVE-2024-38765.json new file mode 100644 index 000000000000..64f19f8f71cf --- /dev/null +++ b/cves/2024/38xxx/CVE-2024-38765.json @@ -0,0 +1,123 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-38765", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-06-19T12:34:40.590Z", + "datePublished": "2025-01-02T12:01:07.664Z", + "dateUpdated": "2025-01-02T12:01:07.664Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:01:07.664Z" + }, + "title": "WordPress Oceanic theme <= 1.0.48 - Cross Site Request Forgery (CSRF) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-352", + "description": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-62", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-62 Cross Site Request Forgery" + } + ] + } + ], + "affected": [ + { + "vendor": "Freelancelot", + "collectionURL": "https://wordpress.org/themes", + "defaultStatus": "unaffected", + "packageName": "oceanic", + "product": "Oceanic", + "versions": [ + { + "lessThanOrEqual": "1.0.48", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Freelancelot Oceanic allows Cross Site Request Forgery.This issue affects Oceanic: from n/a through 1.0.48.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Cross-Site Request Forgery (CSRF) vulnerability in Freelancelot Oceanic allows Cross Site Request Forgery.

This issue affects Oceanic: from n/a through 1.0.48.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/theme/oceanic/vulnerability/wordpress-oceanic-theme-1-0-48-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Dhabaleshwar Das (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/38xxx/CVE-2024-38766.json b/cves/2024/38xxx/CVE-2024-38766.json new file mode 100644 index 000000000000..4c63831836eb --- /dev/null +++ b/cves/2024/38xxx/CVE-2024-38766.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-38766", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-06-19T12:34:40.590Z", + "datePublished": "2025-01-02T12:01:08.282Z", + "dateUpdated": "2025-01-02T12:01:08.282Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:01:08.282Z" + }, + "title": "WordPress Matomo Analytics plugin <= 5.1.1 - Cross Site Request Forgery (CSRF) leading to Notice Dismissal vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-352", + "description": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-62", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-62 Cross Site Request Forgery" + } + ] + } + ], + "affected": [ + { + "vendor": "Matomo", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "matomo", + "product": "Matomo Analytics", + "versions": [ + { + "lessThanOrEqual": "5.1.1", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "5.1.2", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Matomo Matomo Analytics allows Cross Site Request Forgery.This issue affects Matomo Analytics: from n/a through 5.1.1.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Cross-Site Request Forgery (CSRF) vulnerability in Matomo Matomo Analytics allows Cross Site Request Forgery.

This issue affects Matomo Analytics: from n/a through 5.1.1.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/matomo/vulnerability/wordpress-matomo-analytics-plugin-5-1-0-cross-site-request-forgery-csrf-leading-to-notice-dismissal-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "No patched version is available. WP review team notified." + } + ], + "value": "No patched version is available. WP review team notified." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Dhabaleshwar Das (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/38xxx/CVE-2024-38789.json b/cves/2024/38xxx/CVE-2024-38789.json new file mode 100644 index 000000000000..7dc2095a7047 --- /dev/null +++ b/cves/2024/38xxx/CVE-2024-38789.json @@ -0,0 +1,123 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-38789", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-06-19T15:07:57.035Z", + "datePublished": "2025-01-02T12:01:08.872Z", + "dateUpdated": "2025-01-02T12:01:08.872Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:01:08.872Z" + }, + "title": "WordPress Telegram Bot & Channel plugin <= 3.8.2 - Cross Site Request Forgery (CSRF) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-352", + "description": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-62", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-62 Cross Site Request Forgery" + } + ] + } + ], + "affected": [ + { + "vendor": "Marco Milesi", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "telegram-bot", + "product": "Telegram Bot & Channel", + "versions": [ + { + "lessThanOrEqual": "3.8.2", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi Telegram Bot & Channel allows Cross Site Request Forgery.This issue affects Telegram Bot & Channel: from n/a through 3.8.2.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi Telegram Bot & Channel allows Cross Site Request Forgery.

This issue affects Telegram Bot & Channel: from n/a through 3.8.2.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/telegram-bot/vulnerability/wordpress-telegram-bot-channel-plugin-3-8-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 5.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Majed Refaea (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/38xxx/CVE-2024-38790.json b/cves/2024/38xxx/CVE-2024-38790.json new file mode 100644 index 000000000000..7728292d90e6 --- /dev/null +++ b/cves/2024/38xxx/CVE-2024-38790.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-38790", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-06-19T15:07:57.036Z", + "datePublished": "2025-01-02T12:01:09.453Z", + "dateUpdated": "2025-01-02T12:01:09.453Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:01:09.453Z" + }, + "title": "WordPress Smartsupp plugin <= 3.6 - Cross Site Request Forgery (CSRF) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-352", + "description": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-62", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-62 Cross Site Request Forgery" + } + ] + } + ], + "affected": [ + { + "vendor": "Smartsupp", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "smartsupp-live-chat", + "product": "Smartsupp – live chat, chatbots, AI and lead generation", + "versions": [ + { + "lessThanOrEqual": "3.6", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "3.7", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Smartsupp Smartsupp – live chat, chatbots, AI and lead generation allows Cross Site Request Forgery.This issue affects Smartsupp – live chat, chatbots, AI and lead generation: from n/a through 3.6.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Cross-Site Request Forgery (CSRF) vulnerability in Smartsupp Smartsupp – live chat, chatbots, AI and lead generation allows Cross Site Request Forgery.

This issue affects Smartsupp – live chat, chatbots, AI and lead generation: from n/a through 3.6.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/smartsupp-live-chat/vulnerability/wordpress-smartsupp-plugin-3-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 6.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "No patched version is available. WP plugins review team notified." + } + ], + "value": "No patched version is available. WP plugins review team notified." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Ananda Dhakal (Patchstack)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/43xxx/CVE-2024-43927.json b/cves/2024/43xxx/CVE-2024-43927.json new file mode 100644 index 000000000000..a223f94c5a4e --- /dev/null +++ b/cves/2024/43xxx/CVE-2024-43927.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-43927", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-08-18T21:56:11.867Z", + "datePublished": "2025-01-02T12:01:10.166Z", + "dateUpdated": "2025-01-02T12:01:10.166Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:01:10.166Z" + }, + "title": "WordPress Email Address Encoder plugin <= 1.0.23 - Cross Site Request Forgery (CSRF) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-352", + "description": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-62", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-62 Cross Site Request Forgery" + } + ] + } + ], + "affected": [ + { + "vendor": "Till Krüss", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "email-address-encoder", + "product": "Email Address Encoder", + "versions": [ + { + "lessThanOrEqual": "1.0.23", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "1.0.24", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Till Krüss Email Address Encoder allows Cross Site Request Forgery.This issue affects Email Address Encoder: from n/a through 1.0.23.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Cross-Site Request Forgery (CSRF) vulnerability in Till Krüss Email Address Encoder allows Cross Site Request Forgery.

This issue affects Email Address Encoder: from n/a through 1.0.23.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/email-address-encoder/vulnerability/wordpress-email-address-encoder-plugin-1-0-23-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Email Address Encoder plugin to the latest available version (at least 1.0.24)." + } + ], + "value": "Update the WordPress Email Address Encoder plugin to the latest available version (at least 1.0.24)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Rafie Muhammad (Patchstack)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/56xxx/CVE-2024-56018.json b/cves/2024/56xxx/CVE-2024-56018.json new file mode 100644 index 000000000000..ad09d833611b --- /dev/null +++ b/cves/2024/56xxx/CVE-2024-56018.json @@ -0,0 +1,123 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-56018", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-12-14T19:42:35.791Z", + "datePublished": "2025-01-02T12:01:10.800Z", + "dateUpdated": "2025-01-02T12:01:10.800Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:01:10.800Z" + }, + "title": "WordPress BU Section Editing Plugin <= 0.9.9 - Reflected Cross Site Scripting (XSS) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-79", + "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-591", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-591 Reflected XSS" + } + ] + } + ], + "affected": [ + { + "vendor": "Boston University (IS&T)", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "bu-section-editing", + "product": "BU Section Editing", + "versions": [ + { + "lessThanOrEqual": "0.9.9", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Boston University (IS&T) BU Section Editing allows Reflected XSS.This issue affects BU Section Editing: from n/a through 0.9.9.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Boston University (IS&T) BU Section Editing allows Reflected XSS.

This issue affects BU Section Editing: from n/a through 0.9.9.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/bu-section-editing/vulnerability/wordpress-bu-section-editing-plugin-0-9-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "João Pedro S Alcântara (Kinorth) (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/56xxx/CVE-2024-56022.json b/cves/2024/56xxx/CVE-2024-56022.json new file mode 100644 index 000000000000..00873df48fe6 --- /dev/null +++ b/cves/2024/56xxx/CVE-2024-56022.json @@ -0,0 +1,123 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-56022", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-12-14T19:42:43.876Z", + "datePublished": "2025-01-02T12:01:11.406Z", + "dateUpdated": "2025-01-02T12:01:11.406Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:01:11.406Z" + }, + "title": "WordPress Preloader by WordPress Monsters plugin <= 1.2.3 - Reflected Cross Site Scripting (XSS) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-79", + "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-591", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-591 Reflected XSS" + } + ] + } + ], + "affected": [ + { + "vendor": "WordPress Monsters", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "preloader-sws", + "product": "Preloader by WordPress Monsters", + "versions": [ + { + "lessThanOrEqual": "1.2.3", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WordPress Monsters Preloader by WordPress Monsters allows Reflected XSS.This issue affects Preloader by WordPress Monsters: from n/a through 1.2.3.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WordPress Monsters Preloader by WordPress Monsters allows Reflected XSS.

This issue affects Preloader by WordPress Monsters: from n/a through 1.2.3.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/preloader-sws/vulnerability/wordpress-preloader-by-wordpress-monsters-plugin-1-2-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Muhamad Agil Fachrian (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/56xxx/CVE-2024-56023.json b/cves/2024/56xxx/CVE-2024-56023.json new file mode 100644 index 000000000000..a98b6c51b328 --- /dev/null +++ b/cves/2024/56xxx/CVE-2024-56023.json @@ -0,0 +1,123 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-56023", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-12-14T19:42:43.876Z", + "datePublished": "2025-01-02T12:01:12.025Z", + "dateUpdated": "2025-01-02T12:01:12.025Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:01:12.025Z" + }, + "title": "WordPress WP eCommerce Quickpay plugin <= 1.1.0 - Reflected Cross Site Scripting (XSS) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-79", + "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-591", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-591 Reflected XSS" + } + ] + } + ], + "affected": [ + { + "vendor": "Perfect Solution", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "wp-ecommerce-quickpay", + "product": "WP eCommerce Quickpay", + "versions": [ + { + "lessThanOrEqual": "1.1.0", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Perfect Solution WP eCommerce Quickpay allows Reflected XSS.This issue affects WP eCommerce Quickpay: from n/a through 1.1.0.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Perfect Solution WP eCommerce Quickpay allows Reflected XSS.

This issue affects WP eCommerce Quickpay: from n/a through 1.1.0.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/wp-ecommerce-quickpay/vulnerability/wordpress-wp-ecommerce-quickpay-plugin-1-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Mika (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/56xxx/CVE-2024-56024.json b/cves/2024/56xxx/CVE-2024-56024.json new file mode 100644 index 000000000000..7019f1951702 --- /dev/null +++ b/cves/2024/56xxx/CVE-2024-56024.json @@ -0,0 +1,123 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-56024", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-12-14T19:42:43.876Z", + "datePublished": "2025-01-02T12:01:12.628Z", + "dateUpdated": "2025-01-02T12:01:12.628Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:01:12.628Z" + }, + "title": "WordPress Custom Dashboard Widget plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-79", + "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-591", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-591 Reflected XSS" + } + ] + } + ], + "affected": [ + { + "vendor": "DuoGeek", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "create-custom-dashboard-widget", + "product": "Custom Dashboard Widget", + "versions": [ + { + "lessThanOrEqual": "1.0.0", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DuoGeek Custom Dashboard Widget allows Reflected XSS.This issue affects Custom Dashboard Widget: from n/a through 1.0.0.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DuoGeek Custom Dashboard Widget allows Reflected XSS.

This issue affects Custom Dashboard Widget: from n/a through 1.0.0.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/create-custom-dashboard-widget/vulnerability/wordpress-custom-dashboard-widget-plugin-1-0-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Le Ngoc Anh (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/56xxx/CVE-2024-56025.json b/cves/2024/56xxx/CVE-2024-56025.json new file mode 100644 index 000000000000..e8d94f2d1377 --- /dev/null +++ b/cves/2024/56xxx/CVE-2024-56025.json @@ -0,0 +1,123 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-56025", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-12-14T19:42:43.876Z", + "datePublished": "2025-01-02T12:01:13.211Z", + "dateUpdated": "2025-01-02T12:01:13.211Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:01:13.211Z" + }, + "title": "WordPress AdWork Media EZ Content Locker plugin <= 3.0 - Reflected Cross Site Scripting (XSS) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-79", + "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-591", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-591 Reflected XSS" + } + ] + } + ], + "affected": [ + { + "vendor": "AdWorkMedia.com", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "adwork-media-ez-content-locker", + "product": "AdWork Media EZ Content Locker", + "versions": [ + { + "lessThanOrEqual": "3.0", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AdWorkMedia.com AdWork Media EZ Content Locker allows Reflected XSS.This issue affects AdWork Media EZ Content Locker: from n/a through 3.0.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AdWorkMedia.com AdWork Media EZ Content Locker allows Reflected XSS.

This issue affects AdWork Media EZ Content Locker: from n/a through 3.0.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/adwork-media-ez-content-locker/vulnerability/wordpress-adwork-media-ez-content-locker-plugin-3-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "João Pedro S Alcântara (Kinorth) (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/56xxx/CVE-2024-56026.json b/cves/2024/56xxx/CVE-2024-56026.json new file mode 100644 index 000000000000..0eb591962bdb --- /dev/null +++ b/cves/2024/56xxx/CVE-2024-56026.json @@ -0,0 +1,123 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-56026", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-12-14T19:42:43.877Z", + "datePublished": "2025-01-02T12:01:13.808Z", + "dateUpdated": "2025-01-02T12:01:13.808Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:01:13.808Z" + }, + "title": "WordPress Simple Proxy plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-79", + "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-591", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-591 Reflected XSS" + } + ] + } + ], + "affected": [ + { + "vendor": "Greg Priday", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "simple-proxy", + "product": "Simple Proxy", + "versions": [ + { + "lessThanOrEqual": "1.0", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Greg Priday Simple Proxy allows Reflected XSS.This issue affects Simple Proxy: from n/a through 1.0.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Greg Priday Simple Proxy allows Reflected XSS.

This issue affects Simple Proxy: from n/a through 1.0.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/simple-proxy/vulnerability/wordpress-simple-proxy-plugin-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Mika (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/56xxx/CVE-2024-56236.json b/cves/2024/56xxx/CVE-2024-56236.json new file mode 100644 index 000000000000..fda490b72678 --- /dev/null +++ b/cves/2024/56xxx/CVE-2024-56236.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-56236", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-12-18T19:04:10.960Z", + "datePublished": "2025-01-02T12:01:14.414Z", + "dateUpdated": "2025-01-02T12:01:14.414Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:01:14.414Z" + }, + "title": "WordPress Hestia Nginx Cache plugin <= 2.4.0 - Cross Site Request Forgery (CSRF) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "Jakob Bouchard", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "hestia-nginx-cache", + "product": "Hestia Nginx Cache", + "versions": [ + { + "lessThanOrEqual": "2.4.0", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "2.4.1", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in Jakob Bouchard Hestia Nginx Cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hestia Nginx Cache: from n/a through 2.4.0.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in Jakob Bouchard Hestia Nginx Cache allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects Hestia Nginx Cache: from n/a through 2.4.0.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/hestia-nginx-cache/vulnerability/wordpress-hestia-nginx-cache-plugin-2-4-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Hestia Nginx Cache plugin to the latest available version (at least 2.4.1)." + } + ], + "value": "Update the WordPress Hestia Nginx Cache plugin to the latest available version (at least 2.4.1)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Marek Mikita (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/56xxx/CVE-2024-56237.json b/cves/2024/56xxx/CVE-2024-56237.json new file mode 100644 index 000000000000..b656afc2f89b --- /dev/null +++ b/cves/2024/56xxx/CVE-2024-56237.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-56237", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-12-18T19:04:10.960Z", + "datePublished": "2025-01-02T12:01:15.266Z", + "dateUpdated": "2025-01-02T12:01:15.266Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:01:15.266Z" + }, + "title": "WordPress Contest Gallery plugin <= 24.0.3 - Cross Site Scripting (XSS) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-79", + "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-592", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-592 Stored XSS" + } + ] + } + ], + "affected": [ + { + "vendor": "Contest Gallery", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "contest-gallery", + "product": "Contest Gallery", + "versions": [ + { + "lessThanOrEqual": "24.0.3", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "24.0.4", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Contest Gallery Contest Gallery allows Stored XSS.This issue affects Contest Gallery: from n/a through 24.0.3.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Contest Gallery Contest Gallery allows Stored XSS.

This issue affects Contest Gallery: from n/a through 24.0.3.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/contest-gallery/vulnerability/wordpress-contest-gallery-plugin-24-0-3-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 5.9, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Contest Gallery plugin to the latest available version (at least 24.0.4)." + } + ], + "value": "Update the WordPress Contest Gallery plugin to the latest available version (at least 24.0.4)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "thiennv (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/56xxx/CVE-2024-56238.json b/cves/2024/56xxx/CVE-2024-56238.json new file mode 100644 index 000000000000..bb9adff296a8 --- /dev/null +++ b/cves/2024/56xxx/CVE-2024-56238.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-56238", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-12-18T19:04:10.961Z", + "datePublished": "2025-01-02T12:01:15.934Z", + "dateUpdated": "2025-01-02T12:01:15.934Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:01:15.934Z" + }, + "title": "WordPress Floating Action Buttons plugin <= 0.9.1 - Broken Access Control vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-1", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs" + } + ] + } + ], + "affected": [ + { + "vendor": "QunatumCloud", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "floating-action-buttons", + "product": "Floating Action Buttons", + "versions": [ + { + "lessThanOrEqual": "0.9.1", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "1.0.1", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in QunatumCloud Floating Action Buttons allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Floating Action Buttons: from n/a through 0.9.1.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in QunatumCloud Floating Action Buttons allows Accessing Functionality Not Properly Constrained by ACLs.

This issue affects Floating Action Buttons: from n/a through 0.9.1.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/floating-action-buttons/vulnerability/wordpress-floating-action-buttons-plugin-0-9-1-broken-access-control-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 5.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Floating Action Buttons plugin to the latest available version (at least 1.0.1)." + } + ], + "value": "Update the WordPress Floating Action Buttons plugin to the latest available version (at least 1.0.1)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Mika (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/56xxx/CVE-2024-56239.json b/cves/2024/56xxx/CVE-2024-56239.json new file mode 100644 index 000000000000..fc7f28716897 --- /dev/null +++ b/cves/2024/56xxx/CVE-2024-56239.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-56239", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-12-18T19:04:10.961Z", + "datePublished": "2025-01-02T12:01:16.532Z", + "dateUpdated": "2025-01-02T12:01:16.532Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:01:16.532Z" + }, + "title": "WordPress Themify Audio Dock plugin <= 2.0.4 - Cross Site Scripting (XSS) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-79", + "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-592", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-592 Stored XSS" + } + ] + } + ], + "affected": [ + { + "vendor": "Themify", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "themify-audio-dock", + "product": "Themify Audio Dock", + "versions": [ + { + "lessThanOrEqual": "2.0.4", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "2.0.5", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Themify Audio Dock allows Stored XSS.This issue affects Themify Audio Dock: from n/a through 2.0.4.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Themify Audio Dock allows Stored XSS.

This issue affects Themify Audio Dock: from n/a through 2.0.4.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/themify-audio-dock/vulnerability/wordpress-themify-audio-dock-plugin-2-0-4-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 6.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Themify Audio Dock plugin to the latest available version (at least 2.0.5)." + } + ], + "value": "Update the WordPress Themify Audio Dock plugin to the latest available version (at least 2.0.5)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "SOPROBRO (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/56xxx/CVE-2024-56240.json b/cves/2024/56xxx/CVE-2024-56240.json new file mode 100644 index 000000000000..13f6f8f55d76 --- /dev/null +++ b/cves/2024/56xxx/CVE-2024-56240.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-56240", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-12-18T19:04:10.961Z", + "datePublished": "2025-01-02T12:01:17.162Z", + "dateUpdated": "2025-01-02T12:01:17.162Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:01:17.162Z" + }, + "title": "WordPress Pronamic Google Maps plugin <= 2.3.2 - Cross Site Scripting (XSS) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-79", + "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-592", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-592 Stored XSS" + } + ] + } + ], + "affected": [ + { + "vendor": "Pronamic", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "pronamic-google-maps", + "product": "Pronamic Google Maps", + "versions": [ + { + "lessThanOrEqual": "2.3.2", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "2.3.3", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pronamic Pronamic Google Maps allows Stored XSS.This issue affects Pronamic Google Maps: from n/a through 2.3.2.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pronamic Pronamic Google Maps allows Stored XSS.

This issue affects Pronamic Google Maps: from n/a through 2.3.2.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/pronamic-google-maps/vulnerability/wordpress-pronamic-google-maps-plugin-2-3-2-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 6.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Pronamic Google Maps wordpress plugin to the latest available version (at least 2.3.3)." + } + ], + "value": "Update the WordPress Pronamic Google Maps wordpress plugin to the latest available version (at least 2.3.3)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Peter Thaleikis (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/56xxx/CVE-2024-56241.json b/cves/2024/56xxx/CVE-2024-56241.json new file mode 100644 index 000000000000..de03b5aa110e --- /dev/null +++ b/cves/2024/56xxx/CVE-2024-56241.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-56241", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-12-18T19:04:10.961Z", + "datePublished": "2025-01-02T12:01:17.766Z", + "dateUpdated": "2025-01-02T12:01:17.766Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:01:17.766Z" + }, + "title": "WordPress WPKoi Templates for Elementor plugin <= 3.1.3 - Cross Site Scripting (XSS) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-79", + "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-592", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-592 Stored XSS" + } + ] + } + ], + "affected": [ + { + "vendor": "WPKoi", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "wpkoi-templates-for-elementor", + "product": "WPKoi Templates for Elementor", + "versions": [ + { + "lessThanOrEqual": "3.1.3", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "3.1.4", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPKoi WPKoi Templates for Elementor allows Stored XSS.This issue affects WPKoi Templates for Elementor: from n/a through 3.1.3.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPKoi WPKoi Templates for Elementor allows Stored XSS.

This issue affects WPKoi Templates for Elementor: from n/a through 3.1.3.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/wpkoi-templates-for-elementor/vulnerability/wordpress-wpkoi-templates-for-elementor-plugin-3-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 6.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress WPKoi Templates for Elementor plugin to the latest available version (at least 3.1.4)." + } + ], + "value": "Update the WordPress WPKoi Templates for Elementor plugin to the latest available version (at least 3.1.4)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "João Pedro S Alcântara (Kinorth) (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/56xxx/CVE-2024-56242.json b/cves/2024/56xxx/CVE-2024-56242.json new file mode 100644 index 000000000000..352a11402074 --- /dev/null +++ b/cves/2024/56xxx/CVE-2024-56242.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-56242", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-12-18T19:04:10.961Z", + "datePublished": "2025-01-02T12:01:18.374Z", + "dateUpdated": "2025-01-02T12:01:18.374Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:01:18.374Z" + }, + "title": "WordPress Arconix Shortcodes plugin <= 2.1.14 - Cross Site Scripting (XSS) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-79", + "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-592", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-592 Stored XSS" + } + ] + } + ], + "affected": [ + { + "vendor": "Tyche Softwares", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "arconix-shortcodes", + "product": "Arconix Shortcodes", + "versions": [ + { + "lessThanOrEqual": "2.1.14", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "2.1.15", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tyche Softwares Arconix Shortcodes allows Stored XSS.This issue affects Arconix Shortcodes: from n/a through 2.1.14.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tyche Softwares Arconix Shortcodes allows Stored XSS.

This issue affects Arconix Shortcodes: from n/a through 2.1.14.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/arconix-shortcodes/vulnerability/wordpress-arconix-shortcodes-plugin-2-1-14-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 6.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Arconix Shortcodes wordpress plugin to the latest available version (at least 2.1.15)." + } + ], + "value": "Update the WordPress Arconix Shortcodes wordpress plugin to the latest available version (at least 2.1.15)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Peter Thaleikis (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/56xxx/CVE-2024-56243.json b/cves/2024/56xxx/CVE-2024-56243.json new file mode 100644 index 000000000000..8171731ea7d4 --- /dev/null +++ b/cves/2024/56xxx/CVE-2024-56243.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-56243", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-12-18T19:04:18.506Z", + "datePublished": "2025-01-02T12:01:19.001Z", + "dateUpdated": "2025-01-02T12:01:19.001Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:01:19.001Z" + }, + "title": "WordPress WPSSO Core plugin <= 18.18.1 - Broken Access Control vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "JS Morisset", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "wpsso", + "product": "WPSSO Core", + "versions": [ + { + "lessThanOrEqual": "18.18.1", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "18.18.2", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in JS Morisset WPSSO Core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPSSO Core: from n/a through 18.18.1.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in JS Morisset WPSSO Core allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects WPSSO Core: from n/a through 18.18.1.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/wpsso/vulnerability/wordpress-wpsso-core-plugin-18-18-1-broken-access-control-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress WPSSO Core plugin to the latest available version (at least 18.18.2)." + } + ], + "value": "Update the WordPress WPSSO Core plugin to the latest available version (at least 18.18.2)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Jingle Bells (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/56xxx/CVE-2024-56244.json b/cves/2024/56xxx/CVE-2024-56244.json new file mode 100644 index 000000000000..077d3f96a9d1 --- /dev/null +++ b/cves/2024/56xxx/CVE-2024-56244.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-56244", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-12-18T19:04:18.506Z", + "datePublished": "2025-01-02T12:01:19.601Z", + "dateUpdated": "2025-01-02T12:01:19.601Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:01:19.601Z" + }, + "title": "WordPress Ashe Extra plugin <= 1.2.92 - Broken Access Control vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "WP Royal", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "ashe-extra", + "product": "Ashe Extra", + "versions": [ + { + "lessThanOrEqual": "1.2.92", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "1.3", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in WP Royal Ashe Extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ashe Extra: from n/a through 1.2.92.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in WP Royal Ashe Extra allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects Ashe Extra: from n/a through 1.2.92.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/ashe-extra/vulnerability/wordpress-ashe-extra-plugin-1-2-92-broken-access-control-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 5.4, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Ashe Extra plugin to the latest available version (at least 1.3)." + } + ], + "value": "Update the WordPress Ashe Extra plugin to the latest available version (at least 1.3)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Mika (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/56xxx/CVE-2024-56245.json b/cves/2024/56xxx/CVE-2024-56245.json new file mode 100644 index 000000000000..0b7f154dc982 --- /dev/null +++ b/cves/2024/56xxx/CVE-2024-56245.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-56245", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-12-18T19:04:18.506Z", + "datePublished": "2025-01-02T12:01:20.211Z", + "dateUpdated": "2025-01-02T12:01:20.211Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:01:20.211Z" + }, + "title": "WordPress Premium Blocks plugin <= 2.1.42 - Cross Site Scripting (XSS) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-79", + "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-592", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-592 Stored XSS" + } + ] + } + ], + "affected": [ + { + "vendor": "Leap13", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "premium-blocks-for-gutenberg", + "product": "Premium Blocks – Gutenberg Blocks for WordPress", + "versions": [ + { + "lessThanOrEqual": "2.1.42", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "2.1.43", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leap13 Premium Blocks – Gutenberg Blocks for WordPress allows Stored XSS.This issue affects Premium Blocks – Gutenberg Blocks for WordPress: from n/a through 2.1.42.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leap13 Premium Blocks – Gutenberg Blocks for WordPress allows Stored XSS.

This issue affects Premium Blocks – Gutenberg Blocks for WordPress: from n/a through 2.1.42.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/premium-blocks-for-gutenberg/vulnerability/wordpress-premium-blocks-plugin-2-1-42-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 6.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Premium Blocks – Gutenberg Blocks for WordPress plugin to the latest available version (at least 2.1.43)." + } + ], + "value": "Update the WordPress Premium Blocks – Gutenberg Blocks for WordPress plugin to the latest available version (at least 2.1.43)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "João Pedro S Alcântara (Kinorth) (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/56xxx/CVE-2024-56246.json b/cves/2024/56xxx/CVE-2024-56246.json new file mode 100644 index 000000000000..b1f25f3c8a7c --- /dev/null +++ b/cves/2024/56xxx/CVE-2024-56246.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-56246", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-12-18T19:04:18.506Z", + "datePublished": "2025-01-02T12:01:20.794Z", + "dateUpdated": "2025-01-02T12:01:20.794Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:01:20.794Z" + }, + "title": "WordPress Nexter Blocks plugin <= 4.0.4 - Cross Site Scripting (XSS) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-79", + "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-588", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-588 DOM-Based XSS" + } + ] + } + ], + "affected": [ + { + "vendor": "POSIMYTH", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "the-plus-addons-for-block-editor", + "product": "Nexter Blocks", + "versions": [ + { + "lessThanOrEqual": "4.0.4", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "4.0.5", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH Nexter Blocks allows DOM-Based XSS.This issue affects Nexter Blocks: from n/a through 4.0.4.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH Nexter Blocks allows DOM-Based XSS.

This issue affects Nexter Blocks: from n/a through 4.0.4.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/the-plus-addons-for-block-editor/vulnerability/wordpress-nexter-blocks-plugin-4-0-4-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 6.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Nexter Blocks plugin to the latest available version (at least 4.0.5)." + } + ], + "value": "Update the WordPress Nexter Blocks plugin to the latest available version (at least 4.0.5)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "João Pedro S Alcântara (Kinorth) (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/56xxx/CVE-2024-56247.json b/cves/2024/56xxx/CVE-2024-56247.json new file mode 100644 index 000000000000..50f4c33f4875 --- /dev/null +++ b/cves/2024/56xxx/CVE-2024-56247.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-56247", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-12-18T19:04:18.507Z", + "datePublished": "2025-01-02T12:01:21.366Z", + "dateUpdated": "2025-01-02T12:01:21.366Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:01:21.366Z" + }, + "title": "WordPress WP Post Author plugin <= 3.8.2 - SQL Injection vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-89", + "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-66", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-66 SQL Injection" + } + ] + } + ], + "affected": [ + { + "vendor": "AF themes", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "wp-post-author", + "product": "WP Post Author", + "versions": [ + { + "lessThanOrEqual": "3.8.2", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "3.8.3", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AF themes WP Post Author allows SQL Injection.This issue affects WP Post Author: from n/a through 3.8.2.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AF themes WP Post Author allows SQL Injection.

This issue affects WP Post Author: from n/a through 3.8.2.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/wp-post-author/vulnerability/wordpress-wp-post-author-plugin-3-8-2-sql-injection-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 7.6, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress WP Post Author plugin to the latest available version (at least 3.8.3)." + } + ], + "value": "Update the WordPress WP Post Author plugin to the latest available version (at least 3.8.3)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "NAWardRox (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/56xxx/CVE-2024-56248.json b/cves/2024/56xxx/CVE-2024-56248.json new file mode 100644 index 000000000000..f07d73628673 --- /dev/null +++ b/cves/2024/56xxx/CVE-2024-56248.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-56248", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-12-18T19:04:18.507Z", + "datePublished": "2025-01-02T12:01:21.951Z", + "dateUpdated": "2025-01-02T12:01:21.951Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:01:21.951Z" + }, + "title": "WordPress WPMasterToolKit plugin <= 1.13.1 - Arbitrary File Download vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-22", + "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-126", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-126 Path Traversal" + } + ] + } + ], + "affected": [ + { + "vendor": "Webdeclic", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "wpmastertoolkit", + "product": "WPMasterToolKit", + "versions": [ + { + "lessThanOrEqual": "1.13.1", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "1.14.0", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Webdeclic WPMasterToolKit allows Path Traversal.This issue affects WPMasterToolKit: from n/a through 1.13.1.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Webdeclic WPMasterToolKit allows Path Traversal.

This issue affects WPMasterToolKit: from n/a through 1.13.1.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/wpmastertoolkit/vulnerability/wordpress-wpmastertoolkit-plugin-1-13-1-arbitrary-file-download-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.9, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress WPMasterToolKit plugin to the latest available version (at least 1.14.0)." + } + ], + "value": "Update the WordPress WPMasterToolKit plugin to the latest available version (at least 1.14.0)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "l8BL (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/56xxx/CVE-2024-56249.json b/cves/2024/56xxx/CVE-2024-56249.json new file mode 100644 index 000000000000..2aada30da981 --- /dev/null +++ b/cves/2024/56xxx/CVE-2024-56249.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-56249", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-12-18T19:04:18.507Z", + "datePublished": "2025-01-02T12:01:22.533Z", + "dateUpdated": "2025-01-02T12:01:22.533Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:01:22.533Z" + }, + "title": "WordPress WPMasterToolKit plugin <= 1.13.1 - Arbitrary File Upload vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-434", + "description": "CWE-434 Unrestricted Upload of File with Dangerous Type", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-650", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-650 Upload a Web Shell to a Web Server" + } + ] + } + ], + "affected": [ + { + "vendor": "Webdeclic", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "wpmastertoolkit", + "product": "WPMasterToolKit", + "versions": [ + { + "lessThanOrEqual": "1.13.1", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "1.14.0", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Webdeclic WPMasterToolKit allows Upload a Web Shell to a Web Server.This issue affects WPMasterToolKit: from n/a through 1.13.1.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Unrestricted Upload of File with Dangerous Type vulnerability in Webdeclic WPMasterToolKit allows Upload a Web Shell to a Web Server.

This issue affects WPMasterToolKit: from n/a through 1.13.1.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/wpmastertoolkit/vulnerability/wordpress-wpmastertoolkit-plugin-1-13-1-arbitrary-file-upload-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 9.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "baseSeverity": "CRITICAL", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress WPMasterToolKit plugin to the latest available version (at least 1.14.0)." + } + ], + "value": "Update the WordPress WPMasterToolKit plugin to the latest available version (at least 1.14.0)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "l8BL (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/56xxx/CVE-2024-56250.json b/cves/2024/56xxx/CVE-2024-56250.json new file mode 100644 index 000000000000..68bfae217448 --- /dev/null +++ b/cves/2024/56xxx/CVE-2024-56250.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-56250", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-12-18T19:04:18.507Z", + "datePublished": "2025-01-02T12:01:23.114Z", + "dateUpdated": "2025-01-02T12:01:23.114Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:01:23.114Z" + }, + "title": "WordPress Just Writing Statistics plugin <= 4.7 - SQL Injection vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-89", + "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-66", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-66 SQL Injection" + } + ] + } + ], + "affected": [ + { + "vendor": "GregRoss", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "just-writing-statistics", + "product": "Just Writing Statistics", + "versions": [ + { + "lessThanOrEqual": "4.7", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "4.8", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GregRoss Just Writing Statistics allows SQL Injection.This issue affects Just Writing Statistics: from n/a through 4.7.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GregRoss Just Writing Statistics allows SQL Injection.

This issue affects Just Writing Statistics: from n/a through 4.7.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/just-writing-statistics/vulnerability/wordpress-just-writing-statistics-plugin-4-7-sql-injection-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 7.6, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Just Writing Statistics plugin to the latest available version (at least 4.8)." + } + ], + "value": "Update the WordPress Just Writing Statistics plugin to the latest available version (at least 4.8)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "l8BL (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/56xxx/CVE-2024-56251.json b/cves/2024/56xxx/CVE-2024-56251.json new file mode 100644 index 000000000000..c930e31b0098 --- /dev/null +++ b/cves/2024/56xxx/CVE-2024-56251.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-56251", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-12-18T19:04:18.507Z", + "datePublished": "2025-01-02T12:01:23.690Z", + "dateUpdated": "2025-01-02T12:01:23.690Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:01:23.690Z" + }, + "title": "WordPress Event Espresso plugin <= 5.0.28.decaf - Cross Site Request Forgery (CSRF) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-352", + "description": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-62", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-62 Cross Site Request Forgery" + } + ] + } + ], + "affected": [ + { + "vendor": "Event Espresso", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "event-espresso-decaf", + "product": "Event Espresso 4 Decaf", + "versions": [ + { + "lessThanOrEqual": "5.0.28.decaf", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "5.0.31.decaf", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Event Espresso Event Espresso 4 Decaf allows Cross Site Request Forgery.This issue affects Event Espresso 4 Decaf: from n/a through 5.0.28.decaf.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Cross-Site Request Forgery (CSRF) vulnerability in Event Espresso Event Espresso 4 Decaf allows Cross Site Request Forgery.

This issue affects Event Espresso 4 Decaf: from n/a through 5.0.28.decaf.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/event-espresso-decaf/vulnerability/wordpress-event-espresso-plugin-5-0-28-decaf-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Event Espresso 4 Decaf wordpress plugin to the latest available version (at least 5.0.31.decaf)." + } + ], + "value": "Update the WordPress Event Espresso 4 Decaf wordpress plugin to the latest available version (at least 5.0.31.decaf)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Dhabaleshwar Das (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/56xxx/CVE-2024-56252.json b/cves/2024/56xxx/CVE-2024-56252.json new file mode 100644 index 000000000000..4f6a67dfcad3 --- /dev/null +++ b/cves/2024/56xxx/CVE-2024-56252.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-56252", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-12-18T19:04:18.507Z", + "datePublished": "2025-01-02T12:01:24.262Z", + "dateUpdated": "2025-01-02T12:01:24.262Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:01:24.262Z" + }, + "title": "WordPress Enter Addons plugin <= 2.1.9 - Cross Site Scripting (XSS) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-79", + "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-592", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-592 Stored XSS" + } + ] + } + ], + "affected": [ + { + "vendor": "ThemeLooks", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "enteraddons", + "product": "Enter Addons", + "versions": [ + { + "lessThanOrEqual": "2.1.9", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "2.2.1", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeLooks Enter Addons allows Stored XSS.This issue affects Enter Addons: from n/a through 2.1.9.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeLooks Enter Addons allows Stored XSS.

This issue affects Enter Addons: from n/a through 2.1.9.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/enteraddons/vulnerability/wordpress-enter-addons-plugin-2-1-9-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 6.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Enter Addons plugin to the latest available version (at least 2.2.1)." + } + ], + "value": "Update the WordPress Enter Addons plugin to the latest available version (at least 2.2.1)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "João Pedro S Alcântara (Kinorth) (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/56xxx/CVE-2024-56253.json b/cves/2024/56xxx/CVE-2024-56253.json new file mode 100644 index 000000000000..72f91f17f319 --- /dev/null +++ b/cves/2024/56xxx/CVE-2024-56253.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-56253", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-12-18T19:04:26.186Z", + "datePublished": "2025-01-02T12:01:24.834Z", + "dateUpdated": "2025-01-02T12:01:24.834Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:01:24.834Z" + }, + "title": "WordPress Data Tables Generator by Supsystic plugin <= 1.10.36 - Broken Access Control vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "supsystic.com", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "data-tables-generator-by-supsystic", + "product": "Data Tables Generator by Supsystic", + "versions": [ + { + "lessThanOrEqual": "1.10.36", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "1.10.37", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in supsystic.com Data Tables Generator by Supsystic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Data Tables Generator by Supsystic: from n/a through 1.10.36.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in supsystic.com Data Tables Generator by Supsystic allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects Data Tables Generator by Supsystic: from n/a through 1.10.36.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/data-tables-generator-by-supsystic/vulnerability/wordpress-data-tables-generator-by-supsystic-plugin-1-10-36-broken-access-control-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 5.4, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Data Tables Generator by Supsystic plugin to the latest available version (at least 1.10.37)." + } + ], + "value": "Update the WordPress Data Tables Generator by Supsystic plugin to the latest available version (at least 1.10.37)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Jingle Bells (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/56xxx/CVE-2024-56254.json b/cves/2024/56xxx/CVE-2024-56254.json new file mode 100644 index 000000000000..d9e63abff606 --- /dev/null +++ b/cves/2024/56xxx/CVE-2024-56254.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-56254", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-12-18T19:04:26.186Z", + "datePublished": "2025-01-02T12:01:25.712Z", + "dateUpdated": "2025-01-02T12:01:25.712Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:01:25.712Z" + }, + "title": "WordPress Move Addons for Elementor plugin <= 1.3.6 - Cross Site Scripting (XSS) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-79", + "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-592", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-592 Stored XSS" + } + ] + } + ], + "affected": [ + { + "vendor": "moveaddons", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "move-addons", + "product": "Move Addons for Elementor", + "versions": [ + { + "lessThanOrEqual": "1.3.6", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "1.3.7", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in moveaddons Move Addons for Elementor allows Stored XSS.This issue affects Move Addons for Elementor: from n/a through 1.3.6.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in moveaddons Move Addons for Elementor allows Stored XSS.

This issue affects Move Addons for Elementor: from n/a through 1.3.6.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/move-addons/vulnerability/wordpress-move-addons-for-elementor-plugin-1-3-6-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 6.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Move Addons for Elementor plugin to the latest available version (at least 1.3.7)." + } + ], + "value": "Update the WordPress Move Addons for Elementor plugin to the latest available version (at least 1.3.7)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "João Pedro S Alcântara (Kinorth) (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/56xxx/CVE-2024-56255.json b/cves/2024/56xxx/CVE-2024-56255.json new file mode 100644 index 000000000000..260361aee869 --- /dev/null +++ b/cves/2024/56xxx/CVE-2024-56255.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-56255", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-12-18T19:04:26.186Z", + "datePublished": "2025-01-02T12:01:26.295Z", + "dateUpdated": "2025-01-02T12:01:26.295Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:01:26.295Z" + }, + "title": "WordPress AyeCode Connect plugin <= 1.3.8 - Broken Access Control vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "affected": [ + { + "vendor": "AyeCode", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "ayecode-connect", + "product": "AyeCode Connect", + "versions": [ + { + "lessThanOrEqual": "1.3.8", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "1.3.9", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in AyeCode AyeCode Connect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AyeCode Connect: from n/a through 1.3.8.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in AyeCode AyeCode Connect allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects AyeCode Connect: from n/a through 1.3.8.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/ayecode-connect/vulnerability/wordpress-ayecode-connect-plugin-1-3-8-broken-access-control-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress AyeCode Connect plugin to the latest available version (at least 1.3.9)." + } + ], + "value": "Update the WordPress AyeCode Connect plugin to the latest available version (at least 1.3.9)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Trương Hữu Phúc (truonghuuphuc) (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/56xxx/CVE-2024-56258.json b/cves/2024/56xxx/CVE-2024-56258.json new file mode 100644 index 000000000000..9e06386b8e94 --- /dev/null +++ b/cves/2024/56xxx/CVE-2024-56258.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-56258", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-12-18T19:04:26.187Z", + "datePublished": "2025-01-02T12:01:26.866Z", + "dateUpdated": "2025-01-02T12:01:26.866Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:01:26.866Z" + }, + "title": "WordPress Magazine Blocks plugin <= 1.3.20 - Cross Site Scripting (XSS) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-79", + "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-592", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-592 Stored XSS" + } + ] + } + ], + "affected": [ + { + "vendor": "WPBlockArt", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "magazine-blocks", + "product": "Magazine Blocks", + "versions": [ + { + "lessThanOrEqual": "1.3.20", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "1.3.21", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPBlockArt Magazine Blocks allows Stored XSS.This issue affects Magazine Blocks: from n/a through 1.3.20.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPBlockArt Magazine Blocks allows Stored XSS.

This issue affects Magazine Blocks: from n/a through 1.3.20.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/magazine-blocks/vulnerability/wordpress-magazine-blocks-plugin-1-3-20-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 6.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Magazine Blocks plugin to the latest available version (at least 1.3.21)." + } + ], + "value": "Update the WordPress Magazine Blocks plugin to the latest available version (at least 1.3.21)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "João Pedro S Alcântara (Kinorth) (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/56xxx/CVE-2024-56259.json b/cves/2024/56xxx/CVE-2024-56259.json new file mode 100644 index 000000000000..8baa359d4348 --- /dev/null +++ b/cves/2024/56xxx/CVE-2024-56259.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-56259", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-12-18T19:04:26.187Z", + "datePublished": "2025-01-02T12:01:27.441Z", + "dateUpdated": "2025-01-02T12:01:27.441Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:01:27.441Z" + }, + "title": "WordPress GeoDirectory plugin <= 2.3.84 - Cross Site Scripting (XSS) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-79", + "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-592", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-592 Stored XSS" + } + ] + } + ], + "affected": [ + { + "vendor": "AyeCode - WP Business Directory Plugins", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "geodirectory", + "product": "GeoDirectory", + "versions": [ + { + "lessThanOrEqual": "2.3.84", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "2.3.85", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AyeCode - WP Business Directory Plugins GeoDirectory allows Stored XSS.This issue affects GeoDirectory: from n/a through 2.3.84.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AyeCode - WP Business Directory Plugins GeoDirectory allows Stored XSS.

This issue affects GeoDirectory: from n/a through 2.3.84.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/geodirectory/vulnerability/wordpress-geodirectory-plugin-2-3-84-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 6.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress GeoDirectory plugin to the latest available version (at least 2.3.85)." + } + ], + "value": "Update the WordPress GeoDirectory plugin to the latest available version (at least 2.3.85)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "João Pedro S Alcântara (Kinorth) (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/56xxx/CVE-2024-56260.json b/cves/2024/56xxx/CVE-2024-56260.json new file mode 100644 index 000000000000..4020e5f6d3b4 --- /dev/null +++ b/cves/2024/56xxx/CVE-2024-56260.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-56260", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-12-18T19:04:26.188Z", + "datePublished": "2025-01-02T12:01:28.057Z", + "dateUpdated": "2025-01-02T12:01:28.057Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:01:28.057Z" + }, + "title": "WordPress ShopElement plugin <= 2.0.0 - Stored Cross Site Scripting (XSS) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-79", + "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-592", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-592 Stored XSS" + } + ] + } + ], + "affected": [ + { + "vendor": "StorePlugin", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "shopelement", + "product": "ShopElement", + "versions": [ + { + "lessThanOrEqual": "2.0.0", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "2.1.0", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StorePlugin ShopElement allows Stored XSS.This issue affects ShopElement: from n/a through 2.0.0.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StorePlugin ShopElement allows Stored XSS.

This issue affects ShopElement: from n/a through 2.0.0.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/shopelement/vulnerability/wordpress-shopelement-plugin-2-0-0-stored-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 6.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress ShopElement plugin to the latest available version (at least 2.1.0)." + } + ], + "value": "Update the WordPress ShopElement plugin to the latest available version (at least 2.1.0)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Gab (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/56xxx/CVE-2024-56261.json b/cves/2024/56xxx/CVE-2024-56261.json new file mode 100644 index 000000000000..f86dd585bc11 --- /dev/null +++ b/cves/2024/56xxx/CVE-2024-56261.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-56261", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-12-18T19:04:26.188Z", + "datePublished": "2025-01-02T12:01:28.680Z", + "dateUpdated": "2025-01-02T12:01:28.680Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:01:28.680Z" + }, + "title": "WordPress Project Showcase plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-79", + "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-592", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-592 Stored XSS" + } + ] + } + ], + "affected": [ + { + "vendor": "GS Plugins", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "gs-projects", + "product": "Project Showcase", + "versions": [ + { + "lessThanOrEqual": "1.1.1", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "1.1.2", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GS Plugins Project Showcase allows Stored XSS.This issue affects Project Showcase: from n/a through 1.1.1.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GS Plugins Project Showcase allows Stored XSS.

This issue affects Project Showcase: from n/a through 1.1.1.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/gs-projects/vulnerability/wordpress-project-showcase-plugin-1-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 6.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Project Showcase plugin to the latest available version (at least 1.1.2)." + } + ], + "value": "Update the WordPress Project Showcase plugin to the latest available version (at least 1.1.2)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "SOPROBRO (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/56xxx/CVE-2024-56262.json b/cves/2024/56xxx/CVE-2024-56262.json new file mode 100644 index 000000000000..73b531a7761b --- /dev/null +++ b/cves/2024/56xxx/CVE-2024-56262.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-56262", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-12-18T19:04:26.188Z", + "datePublished": "2025-01-02T12:01:29.260Z", + "dateUpdated": "2025-01-02T12:01:29.260Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:01:29.260Z" + }, + "title": "WordPress GS Coaches plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-79", + "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-592", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-592 Stored XSS" + } + ] + } + ], + "affected": [ + { + "vendor": "GS Plugins", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "gs-coach", + "product": "GS Coaches", + "versions": [ + { + "lessThanOrEqual": "1.1.0", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "1.1.1", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GS Plugins GS Coaches allows Stored XSS.This issue affects GS Coaches: from n/a through 1.1.0.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GS Plugins GS Coaches allows Stored XSS.

This issue affects GS Coaches: from n/a through 1.1.0.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/gs-coach/vulnerability/wordpress-gs-coaches-plugin-1-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 6.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress GS Coaches plugin to the latest available version (at least 1.1.1)." + } + ], + "value": "Update the WordPress GS Coaches plugin to the latest available version (at least 1.1.1)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "SOPROBRO (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/56xxx/CVE-2024-56263.json b/cves/2024/56xxx/CVE-2024-56263.json new file mode 100644 index 000000000000..f453a3a5bcac --- /dev/null +++ b/cves/2024/56xxx/CVE-2024-56263.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-56263", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-12-18T19:04:36.268Z", + "datePublished": "2025-01-02T12:01:29.828Z", + "dateUpdated": "2025-01-02T12:01:29.828Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:01:29.828Z" + }, + "title": "WordPress GS Shots for Dribbble plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-79", + "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-588", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-588 DOM-Based XSS" + } + ] + } + ], + "affected": [ + { + "vendor": "GS Plugins", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "gs-dribbble-portfolio", + "product": "GS Shots for Dribbble", + "versions": [ + { + "lessThanOrEqual": "1.2.0", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "1.2.1", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GS Plugins GS Shots for Dribbble allows DOM-Based XSS.This issue affects GS Shots for Dribbble: from n/a through 1.2.0.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GS Plugins GS Shots for Dribbble allows DOM-Based XSS.

This issue affects GS Shots for Dribbble: from n/a through 1.2.0.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/gs-dribbble-portfolio/vulnerability/wordpress-gs-shots-for-dribbble-plugin-1-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 6.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress GS Shots for Dribbble plugin to the latest available version (at least 1.2.1)." + } + ], + "value": "Update the WordPress GS Shots for Dribbble plugin to the latest available version (at least 1.2.1)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "SOPROBRO (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/56xxx/CVE-2024-56264.json b/cves/2024/56xxx/CVE-2024-56264.json new file mode 100644 index 000000000000..59836c9b1083 --- /dev/null +++ b/cves/2024/56xxx/CVE-2024-56264.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-56264", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-12-18T19:04:36.269Z", + "datePublished": "2025-01-02T12:01:30.462Z", + "dateUpdated": "2025-01-02T12:01:30.462Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:01:30.462Z" + }, + "title": "WordPress ACF City Selector plugin <= 1.14.0 - Arbitrary File Upload vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-434", + "description": "CWE-434 Unrestricted Upload of File with Dangerous Type", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-650", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-650 Upload a Web Shell to a Web Server" + } + ] + } + ], + "affected": [ + { + "vendor": "Beee", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "acf-city-selector", + "product": "ACF City Selector", + "versions": [ + { + "lessThanOrEqual": "1.14.0", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "1.15.0", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Beee ACF City Selector allows Upload a Web Shell to a Web Server.This issue affects ACF City Selector: from n/a through 1.14.0.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Unrestricted Upload of File with Dangerous Type vulnerability in Beee ACF City Selector allows Upload a Web Shell to a Web Server.

This issue affects ACF City Selector: from n/a through 1.14.0.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/acf-city-selector/vulnerability/wordpress-acf-city-selector-plugin-1-14-0-arbitrary-file-upload-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 6.6, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress ACF City Selector plugin to the latest available version (at least 1.15.0)." + } + ], + "value": "Update the WordPress ACF City Selector plugin to the latest available version (at least 1.15.0)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Muhamad Agil Fachrian (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/56xxx/CVE-2024-56266.json b/cves/2024/56xxx/CVE-2024-56266.json new file mode 100644 index 000000000000..85c27c232bb0 --- /dev/null +++ b/cves/2024/56xxx/CVE-2024-56266.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-56266", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-12-18T19:04:36.270Z", + "datePublished": "2025-01-02T12:01:31.084Z", + "dateUpdated": "2025-01-02T12:01:31.084Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:01:31.084Z" + }, + "title": "WordPress MP3 Audio Player plugin <= 5.8 - Broken Access Control vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-1", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs" + } + ] + } + ], + "affected": [ + { + "vendor": "Sonaar Music", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "mp3-music-player-by-sonaar", + "product": "MP3 Audio Player for Music, Radio & Podcast by Sonaar", + "versions": [ + { + "lessThanOrEqual": "5.8", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "5.9", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 5.8.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar allows Accessing Functionality Not Properly Constrained by ACLs.

This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 5.8.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/mp3-music-player-by-sonaar/vulnerability/wordpress-mp3-audio-player-plugin-5-8-broken-access-control-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress MP3 Audio Player for Music, Radio & Podcast by Sonaar plugin to the latest available version (at least 5.9)." + } + ], + "value": "Update the WordPress MP3 Audio Player for Music, Radio & Podcast by Sonaar plugin to the latest available version (at least 5.9)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Trương Hữu Phúc (truonghuuphuc) (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/56xxx/CVE-2024-56267.json b/cves/2024/56xxx/CVE-2024-56267.json new file mode 100644 index 000000000000..f84f781b5f7d --- /dev/null +++ b/cves/2024/56xxx/CVE-2024-56267.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-56267", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-12-18T19:04:36.270Z", + "datePublished": "2025-01-02T12:01:31.691Z", + "dateUpdated": "2025-01-02T12:01:31.691Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:01:31.691Z" + }, + "title": "WordPress Interactive UK Map plugin <= 3.4.8 - CSRF to Stored Cross Site Scripting (XSS) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-79", + "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-592", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-592 Stored XSS" + } + ] + } + ], + "affected": [ + { + "vendor": "Fla-shop.com", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "interactive-uk-map", + "product": "Interactive UK Map", + "versions": [ + { + "lessThanOrEqual": "3.4.8", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "3.4.9", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fla-shop.com Interactive UK Map allows Stored XSS.This issue affects Interactive UK Map: from n/a through 3.4.8.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fla-shop.com Interactive UK Map allows Stored XSS.

This issue affects Interactive UK Map: from n/a through 3.4.8.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/interactive-uk-map/vulnerability/wordpress-interactive-uk-map-plugin-3-4-8-csrf-to-stored-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Interactive UK Map plugin to the latest available version (at least 3.4.9)." + } + ], + "value": "Update the WordPress Interactive UK Map plugin to the latest available version (at least 3.4.9)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "SOPROBRO (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/56xxx/CVE-2024-56302.json b/cves/2024/56xxx/CVE-2024-56302.json new file mode 100644 index 000000000000..689d33c16c90 --- /dev/null +++ b/cves/2024/56xxx/CVE-2024-56302.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-56302", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-12-18T19:05:02.864Z", + "datePublished": "2025-01-02T12:01:32.295Z", + "dateUpdated": "2025-01-02T12:01:32.295Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2025-01-02T12:01:32.295Z" + }, + "title": "WordPress ConvertCalculator for WordPress plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-79", + "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "impacts": [ + { + "capecId": "CAPEC-592", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-592 Stored XSS" + } + ] + } + ], + "affected": [ + { + "vendor": "ConvertCalculator", + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "convertcalculator", + "product": "ConvertCalculator for WordPress", + "versions": [ + { + "lessThanOrEqual": "1.1.1", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "1.1.2", + "status": "unaffected" + } + ] + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ConvertCalculator ConvertCalculator for WordPress allows Stored XSS.This issue affects ConvertCalculator for WordPress: from n/a through 1.1.1.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ConvertCalculator ConvertCalculator for WordPress allows Stored XSS.

This issue affects ConvertCalculator for WordPress: from n/a through 1.1.1.

" + } + ] + } + ], + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/convertcalculator/vulnerability/wordpress-convertcalculator-for-wordpress-plugin-1-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "baseScore": 6.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" + } + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress ConvertCalculator for WordPress plugin to the latest available version (at least 1.1.2)." + } + ], + "value": "Update the WordPress ConvertCalculator for WordPress plugin to the latest available version (at least 1.1.2)." + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "theviper17 (Patchstack Alliance)" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/delta.json b/cves/delta.json index 2d70e6196fc7..e7ce812a6da0 100644 --- a/cves/delta.json +++ b/cves/delta.json @@ -1,12 +1,900 @@ { - "fetchTime": "2025-01-02T11:33:18.448Z", - "numberOfChanges": 1, + "fetchTime": "2025-01-02T12:07:14.702Z", + "numberOfChanges": 149, "new": [ { - "cveId": "CVE-2024-13106", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-13106", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/13xxx/CVE-2024-13106.json", - "dateUpdated": "2025-01-02T11:31:05.262Z" + "cveId": "CVE-2023-44258", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-44258", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/44xxx/CVE-2023-44258.json", + "dateUpdated": "2025-01-02T11:59:46.069Z" + }, + { + "cveId": "CVE-2023-44988", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-44988", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/44xxx/CVE-2023-44988.json", + "dateUpdated": "2025-01-02T11:59:46.731Z" + }, + { + "cveId": "CVE-2023-45002", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-45002", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/45xxx/CVE-2023-45002.json", + "dateUpdated": "2025-01-02T11:59:47.346Z" + }, + { + "cveId": "CVE-2023-45045", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-45045", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/45xxx/CVE-2023-45045.json", + "dateUpdated": "2025-01-02T11:59:47.939Z" + }, + { + "cveId": "CVE-2023-45061", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-45061", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/45xxx/CVE-2023-45061.json", + "dateUpdated": "2025-01-02T11:59:48.514Z" + }, + { + "cveId": "CVE-2023-45101", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-45101", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/45xxx/CVE-2023-45101.json", + "dateUpdated": "2025-01-02T11:59:49.130Z" + }, + { + "cveId": "CVE-2023-45104", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-45104", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/45xxx/CVE-2023-45104.json", + "dateUpdated": "2025-01-02T11:59:49.780Z" + }, + { + "cveId": "CVE-2023-45110", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-45110", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/45xxx/CVE-2023-45110.json", + "dateUpdated": "2025-01-02T11:59:50.374Z" + }, + { + "cveId": "CVE-2023-45271", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-45271", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/45xxx/CVE-2023-45271.json", + "dateUpdated": "2025-01-02T11:59:50.933Z" + }, + { + "cveId": "CVE-2023-45275", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-45275", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/45xxx/CVE-2023-45275.json", + "dateUpdated": "2025-01-02T11:59:51.535Z" + }, + { + "cveId": "CVE-2023-45631", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-45631", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/45xxx/CVE-2023-45631.json", + "dateUpdated": "2025-01-02T11:59:52.114Z" + }, + { + "cveId": "CVE-2023-45636", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-45636", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/45xxx/CVE-2023-45636.json", + "dateUpdated": "2025-01-02T11:59:52.682Z" + }, + { + "cveId": "CVE-2023-45649", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-45649", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/45xxx/CVE-2023-45649.json", + "dateUpdated": "2025-01-02T11:59:53.263Z" + }, + { + "cveId": "CVE-2023-45760", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-45760", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/45xxx/CVE-2023-45760.json", + "dateUpdated": "2025-01-02T11:59:53.833Z" + }, + { + "cveId": "CVE-2023-45765", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-45765", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/45xxx/CVE-2023-45765.json", + "dateUpdated": "2025-01-02T11:59:54.423Z" + }, + { + "cveId": "CVE-2023-45766", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-45766", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/45xxx/CVE-2023-45766.json", + "dateUpdated": "2025-01-02T11:59:55.392Z" + }, + { + "cveId": "CVE-2023-45828", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-45828", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/45xxx/CVE-2023-45828.json", + "dateUpdated": "2025-01-02T11:59:56.028Z" + }, + { + "cveId": "CVE-2023-46073", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-46073", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/46xxx/CVE-2023-46073.json", + "dateUpdated": "2025-01-02T11:59:56.618Z" + }, + { + "cveId": "CVE-2023-46079", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-46079", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/46xxx/CVE-2023-46079.json", + "dateUpdated": "2025-01-02T11:59:57.191Z" + }, + { + "cveId": "CVE-2023-46080", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-46080", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/46xxx/CVE-2023-46080.json", + "dateUpdated": "2025-01-02T11:59:57.760Z" + }, + { + "cveId": "CVE-2023-46082", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-46082", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/46xxx/CVE-2023-46082.json", + "dateUpdated": "2025-01-02T11:59:58.339Z" + }, + { + "cveId": "CVE-2023-46083", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-46083", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/46xxx/CVE-2023-46083.json", + "dateUpdated": "2025-01-02T11:59:58.922Z" + }, + { + "cveId": "CVE-2023-46188", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-46188", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/46xxx/CVE-2023-46188.json", + "dateUpdated": "2025-01-02T11:59:59.522Z" + }, + { + "cveId": "CVE-2023-46195", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-46195", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/46xxx/CVE-2023-46195.json", + "dateUpdated": "2025-01-02T12:00:04.881Z" + }, + { + "cveId": "CVE-2023-46196", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-46196", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/46xxx/CVE-2023-46196.json", + "dateUpdated": "2025-01-02T12:00:11.708Z" + }, + { + "cveId": "CVE-2023-46203", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-46203", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/46xxx/CVE-2023-46203.json", + "dateUpdated": "2025-01-02T12:00:15.778Z" + }, + { + "cveId": "CVE-2023-46206", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-46206", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/46xxx/CVE-2023-46206.json", + "dateUpdated": "2025-01-02T12:00:16.727Z" + }, + { + "cveId": "CVE-2023-46309", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-46309", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/46xxx/CVE-2023-46309.json", + "dateUpdated": "2025-01-02T12:00:17.479Z" + }, + { + "cveId": "CVE-2023-46605", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-46605", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/46xxx/CVE-2023-46605.json", + "dateUpdated": "2025-01-02T12:00:18.293Z" + }, + { + "cveId": "CVE-2023-46606", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-46606", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/46xxx/CVE-2023-46606.json", + "dateUpdated": "2025-01-02T12:00:18.952Z" + }, + { + "cveId": "CVE-2023-46607", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-46607", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/46xxx/CVE-2023-46607.json", + "dateUpdated": "2025-01-02T12:00:19.580Z" + }, + { + "cveId": "CVE-2023-46608", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-46608", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/46xxx/CVE-2023-46608.json", + "dateUpdated": "2025-01-02T12:00:20.249Z" + }, + { + "cveId": "CVE-2023-46609", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-46609", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/46xxx/CVE-2023-46609.json", + "dateUpdated": "2025-01-02T12:00:20.875Z" + }, + { + "cveId": "CVE-2023-46610", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-46610", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/46xxx/CVE-2023-46610.json", + "dateUpdated": "2025-01-02T12:00:21.498Z" + }, + { + "cveId": "CVE-2023-46611", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-46611", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/46xxx/CVE-2023-46611.json", + "dateUpdated": "2025-01-02T12:00:22.156Z" + }, + { + "cveId": "CVE-2023-46612", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-46612", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/46xxx/CVE-2023-46612.json", + "dateUpdated": "2025-01-02T12:00:22.765Z" + }, + { + "cveId": "CVE-2023-46616", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-46616", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/46xxx/CVE-2023-46616.json", + "dateUpdated": "2025-01-02T12:00:23.490Z" + }, + { + "cveId": "CVE-2023-46628", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-46628", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/46xxx/CVE-2023-46628.json", + "dateUpdated": "2025-01-02T12:00:24.152Z" + }, + { + "cveId": "CVE-2023-46631", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-46631", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/46xxx/CVE-2023-46631.json", + "dateUpdated": "2025-01-02T12:00:24.765Z" + }, + { + "cveId": "CVE-2023-46632", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-46632", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/46xxx/CVE-2023-46632.json", + "dateUpdated": "2025-01-02T12:00:25.390Z" + }, + { + "cveId": "CVE-2023-46633", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-46633", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/46xxx/CVE-2023-46633.json", + "dateUpdated": "2025-01-02T12:00:25.979Z" + }, + { + "cveId": "CVE-2023-46635", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-46635", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/46xxx/CVE-2023-46635.json", + "dateUpdated": "2025-01-02T12:00:26.584Z" + }, + { + "cveId": "CVE-2023-46637", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-46637", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/46xxx/CVE-2023-46637.json", + "dateUpdated": "2025-01-02T12:00:27.182Z" + }, + { + "cveId": "CVE-2023-46639", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-46639", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/46xxx/CVE-2023-46639.json", + "dateUpdated": "2025-01-02T12:00:27.782Z" + }, + { + "cveId": "CVE-2023-46644", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-46644", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/46xxx/CVE-2023-46644.json", + "dateUpdated": "2025-01-02T12:00:28.369Z" + }, + { + "cveId": "CVE-2023-47179", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-47179", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/47xxx/CVE-2023-47179.json", + "dateUpdated": "2025-01-02T12:00:28.951Z" + }, + { + "cveId": "CVE-2023-47180", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-47180", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/47xxx/CVE-2023-47180.json", + "dateUpdated": "2025-01-02T12:00:29.545Z" + }, + { + "cveId": "CVE-2023-47183", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-47183", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/47xxx/CVE-2023-47183.json", + "dateUpdated": "2025-01-02T12:00:30.341Z" + }, + { + "cveId": "CVE-2023-47187", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-47187", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/47xxx/CVE-2023-47187.json", + "dateUpdated": "2025-01-02T12:00:30.933Z" + }, + { + "cveId": "CVE-2023-47188", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-47188", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/47xxx/CVE-2023-47188.json", + "dateUpdated": "2025-01-02T12:00:31.504Z" + }, + { + "cveId": "CVE-2023-47224", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-47224", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/47xxx/CVE-2023-47224.json", + "dateUpdated": "2025-01-02T12:00:32.129Z" + }, + { + "cveId": "CVE-2023-47225", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-47225", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/47xxx/CVE-2023-47225.json", + "dateUpdated": "2025-01-02T12:00:32.729Z" + }, + { + "cveId": "CVE-2023-47241", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-47241", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/47xxx/CVE-2023-47241.json", + "dateUpdated": "2025-01-02T12:00:33.359Z" + }, + { + "cveId": "CVE-2023-47515", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-47515", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/47xxx/CVE-2023-47515.json", + "dateUpdated": "2025-01-02T12:00:33.948Z" + }, + { + "cveId": "CVE-2023-47523", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-47523", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/47xxx/CVE-2023-47523.json", + "dateUpdated": "2025-01-02T12:00:34.534Z" + }, + { + "cveId": "CVE-2023-47557", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-47557", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/47xxx/CVE-2023-47557.json", + "dateUpdated": "2025-01-02T12:00:35.158Z" + }, + { + "cveId": "CVE-2023-47647", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-47647", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/47xxx/CVE-2023-47647.json", + "dateUpdated": "2025-01-02T12:00:35.748Z" + }, + { + "cveId": "CVE-2023-47648", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-47648", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/47xxx/CVE-2023-47648.json", + "dateUpdated": "2025-01-02T12:00:36.326Z" + }, + { + "cveId": "CVE-2023-47661", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-47661", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/47xxx/CVE-2023-47661.json", + "dateUpdated": "2025-01-02T12:00:36.927Z" + }, + { + "cveId": "CVE-2023-47689", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-47689", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/47xxx/CVE-2023-47689.json", + "dateUpdated": "2025-01-02T12:00:37.500Z" + }, + { + "cveId": "CVE-2023-47692", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-47692", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/47xxx/CVE-2023-47692.json", + "dateUpdated": "2025-01-02T12:00:38.156Z" + }, + { + "cveId": "CVE-2023-47693", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-47693", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/47xxx/CVE-2023-47693.json", + "dateUpdated": "2025-01-02T12:00:38.749Z" + }, + { + "cveId": "CVE-2024-13107", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-13107", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/13xxx/CVE-2024-13107.json", + "dateUpdated": "2025-01-02T12:00:17.338Z" + }, + { + "cveId": "CVE-2024-37093", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37093", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37093.json", + "dateUpdated": "2025-01-02T12:00:39.514Z" + }, + { + "cveId": "CVE-2024-37102", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37102", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37102.json", + "dateUpdated": "2025-01-02T12:00:40.257Z" + }, + { + "cveId": "CVE-2024-37103", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37103", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37103.json", + "dateUpdated": "2025-01-02T12:00:40.865Z" + }, + { + "cveId": "CVE-2024-37104", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37104", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37104.json", + "dateUpdated": "2025-01-02T12:00:41.473Z" + }, + { + "cveId": "CVE-2024-37235", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37235", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37235.json", + "dateUpdated": "2025-01-02T12:00:42.100Z" + }, + { + "cveId": "CVE-2024-37236", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37236", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37236.json", + "dateUpdated": "2025-01-02T12:00:42.709Z" + }, + { + "cveId": "CVE-2024-37238", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37238", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37238.json", + "dateUpdated": "2025-01-02T12:00:43.267Z" + }, + { + "cveId": "CVE-2024-37240", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37240", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37240.json", + "dateUpdated": "2025-01-02T12:00:43.867Z" + }, + { + "cveId": "CVE-2024-37242", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37242", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37242.json", + "dateUpdated": "2025-01-02T12:00:44.450Z" + }, + { + "cveId": "CVE-2024-37243", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37243", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37243.json", + "dateUpdated": "2025-01-02T12:00:45.355Z" + }, + { + "cveId": "CVE-2024-37272", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37272", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37272.json", + "dateUpdated": "2025-01-02T12:00:46.032Z" + }, + { + "cveId": "CVE-2024-37274", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37274", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37274.json", + "dateUpdated": "2025-01-02T12:00:46.649Z" + }, + { + "cveId": "CVE-2024-37412", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37412", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37412.json", + "dateUpdated": "2025-01-02T12:00:47.258Z" + }, + { + "cveId": "CVE-2024-37413", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37413", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37413.json", + "dateUpdated": "2025-01-02T12:00:47.916Z" + }, + { + "cveId": "CVE-2024-37417", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37417", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37417.json", + "dateUpdated": "2025-01-02T12:00:48.533Z" + }, + { + "cveId": "CVE-2024-37421", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37421", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37421.json", + "dateUpdated": "2025-01-02T12:00:49.121Z" + }, + { + "cveId": "CVE-2024-37426", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37426", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37426.json", + "dateUpdated": "2025-01-02T12:00:49.713Z" + }, + { + "cveId": "CVE-2024-37431", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37431", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37431.json", + "dateUpdated": "2025-01-02T12:00:50.297Z" + }, + { + "cveId": "CVE-2024-37435", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37435", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37435.json", + "dateUpdated": "2025-01-02T12:00:50.873Z" + }, + { + "cveId": "CVE-2024-37441", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37441", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37441.json", + "dateUpdated": "2025-01-02T12:00:51.452Z" + }, + { + "cveId": "CVE-2024-37448", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37448", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37448.json", + "dateUpdated": "2025-01-02T12:00:52.057Z" + }, + { + "cveId": "CVE-2024-37450", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37450", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37450.json", + "dateUpdated": "2025-01-02T12:00:52.665Z" + }, + { + "cveId": "CVE-2024-37451", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37451", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37451.json", + "dateUpdated": "2025-01-02T12:00:53.246Z" + }, + { + "cveId": "CVE-2024-37458", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37458", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37458.json", + "dateUpdated": "2025-01-02T12:00:53.830Z" + }, + { + "cveId": "CVE-2024-37467", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37467", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37467.json", + "dateUpdated": "2025-01-02T12:00:54.403Z" + }, + { + "cveId": "CVE-2024-37469", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37469", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37469.json", + "dateUpdated": "2025-01-02T12:00:54.991Z" + }, + { + "cveId": "CVE-2024-37473", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37473", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37473.json", + "dateUpdated": "2025-01-02T12:00:55.611Z" + }, + { + "cveId": "CVE-2024-37478", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37478", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37478.json", + "dateUpdated": "2025-01-02T12:00:56.190Z" + }, + { + "cveId": "CVE-2024-37490", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37490", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37490.json", + "dateUpdated": "2025-01-02T12:00:56.765Z" + }, + { + "cveId": "CVE-2024-37491", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37491", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37491.json", + "dateUpdated": "2025-01-02T12:00:57.359Z" + }, + { + "cveId": "CVE-2024-37493", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37493", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37493.json", + "dateUpdated": "2025-01-02T12:00:57.947Z" + }, + { + "cveId": "CVE-2024-37503", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37503", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37503.json", + "dateUpdated": "2025-01-02T12:00:58.527Z" + }, + { + "cveId": "CVE-2024-37508", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37508", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37508.json", + "dateUpdated": "2025-01-02T12:00:59.095Z" + }, + { + "cveId": "CVE-2024-37511", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37511", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37511.json", + "dateUpdated": "2025-01-02T12:00:59.680Z" + }, + { + "cveId": "CVE-2024-37518", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37518", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37518.json", + "dateUpdated": "2025-01-02T12:01:00.614Z" + }, + { + "cveId": "CVE-2024-37540", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37540", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37540.json", + "dateUpdated": "2025-01-02T12:01:01.252Z" + }, + { + "cveId": "CVE-2024-37543", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37543", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37543.json", + "dateUpdated": "2025-01-02T12:01:02.297Z" + }, + { + "cveId": "CVE-2024-37937", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37937", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37937.json", + "dateUpdated": "2025-01-02T12:01:02.910Z" + }, + { + "cveId": "CVE-2024-38691", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-38691", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/38xxx/CVE-2024-38691.json", + "dateUpdated": "2025-01-02T12:01:03.529Z" + }, + { + "cveId": "CVE-2024-38729", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-38729", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/38xxx/CVE-2024-38729.json", + "dateUpdated": "2025-01-02T12:01:04.146Z" + }, + { + "cveId": "CVE-2024-38751", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-38751", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/38xxx/CVE-2024-38751.json", + "dateUpdated": "2025-01-02T12:01:04.748Z" + }, + { + "cveId": "CVE-2024-38753", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-38753", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/38xxx/CVE-2024-38753.json", + "dateUpdated": "2025-01-02T12:01:05.330Z" + }, + { + "cveId": "CVE-2024-38754", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-38754", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/38xxx/CVE-2024-38754.json", + "dateUpdated": "2025-01-02T12:01:05.907Z" + }, + { + "cveId": "CVE-2024-38762", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-38762", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/38xxx/CVE-2024-38762.json", + "dateUpdated": "2025-01-02T12:01:06.486Z" + }, + { + "cveId": "CVE-2024-38763", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-38763", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/38xxx/CVE-2024-38763.json", + "dateUpdated": "2025-01-02T12:01:07.075Z" + }, + { + "cveId": "CVE-2024-38765", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-38765", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/38xxx/CVE-2024-38765.json", + "dateUpdated": "2025-01-02T12:01:07.664Z" + }, + { + "cveId": "CVE-2024-38766", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-38766", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/38xxx/CVE-2024-38766.json", + "dateUpdated": "2025-01-02T12:01:08.282Z" + }, + { + "cveId": "CVE-2024-38789", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-38789", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/38xxx/CVE-2024-38789.json", + "dateUpdated": "2025-01-02T12:01:08.872Z" + }, + { + "cveId": "CVE-2024-38790", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-38790", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/38xxx/CVE-2024-38790.json", + "dateUpdated": "2025-01-02T12:01:09.453Z" + }, + { + "cveId": "CVE-2024-43927", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-43927", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/43xxx/CVE-2024-43927.json", + "dateUpdated": "2025-01-02T12:01:10.166Z" + }, + { + "cveId": "CVE-2024-56018", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56018", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56018.json", + "dateUpdated": "2025-01-02T12:01:10.800Z" + }, + { + "cveId": "CVE-2024-56022", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56022", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56022.json", + "dateUpdated": "2025-01-02T12:01:11.406Z" + }, + { + "cveId": "CVE-2024-56023", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56023", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56023.json", + "dateUpdated": "2025-01-02T12:01:12.025Z" + }, + { + "cveId": "CVE-2024-56024", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56024", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56024.json", + "dateUpdated": "2025-01-02T12:01:12.628Z" + }, + { + "cveId": "CVE-2024-56025", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56025", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56025.json", + "dateUpdated": "2025-01-02T12:01:13.211Z" + }, + { + "cveId": "CVE-2024-56026", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56026", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56026.json", + "dateUpdated": "2025-01-02T12:01:13.808Z" + }, + { + "cveId": "CVE-2024-56236", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56236", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56236.json", + "dateUpdated": "2025-01-02T12:01:14.414Z" + }, + { + "cveId": "CVE-2024-56237", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56237", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56237.json", + "dateUpdated": "2025-01-02T12:01:15.266Z" + }, + { + "cveId": "CVE-2024-56238", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56238", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56238.json", + "dateUpdated": "2025-01-02T12:01:15.934Z" + }, + { + "cveId": "CVE-2024-56239", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56239", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56239.json", + "dateUpdated": "2025-01-02T12:01:16.532Z" + }, + { + "cveId": "CVE-2024-56240", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56240", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56240.json", + "dateUpdated": "2025-01-02T12:01:17.162Z" + }, + { + "cveId": "CVE-2024-56241", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56241", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56241.json", + "dateUpdated": "2025-01-02T12:01:17.766Z" + }, + { + "cveId": "CVE-2024-56242", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56242", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56242.json", + "dateUpdated": "2025-01-02T12:01:18.374Z" + }, + { + "cveId": "CVE-2024-56243", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56243", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56243.json", + "dateUpdated": "2025-01-02T12:01:19.001Z" + }, + { + "cveId": "CVE-2024-56244", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56244", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56244.json", + "dateUpdated": "2025-01-02T12:01:19.601Z" + }, + { + "cveId": "CVE-2024-56245", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56245", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56245.json", + "dateUpdated": "2025-01-02T12:01:20.211Z" + }, + { + "cveId": "CVE-2024-56246", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56246", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56246.json", + "dateUpdated": "2025-01-02T12:01:20.794Z" + }, + { + "cveId": "CVE-2024-56247", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56247", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56247.json", + "dateUpdated": "2025-01-02T12:01:21.366Z" + }, + { + "cveId": "CVE-2024-56248", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56248", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56248.json", + "dateUpdated": "2025-01-02T12:01:21.951Z" + }, + { + "cveId": "CVE-2024-56249", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56249", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56249.json", + "dateUpdated": "2025-01-02T12:01:22.533Z" + }, + { + "cveId": "CVE-2024-56250", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56250", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56250.json", + "dateUpdated": "2025-01-02T12:01:23.114Z" + }, + { + "cveId": "CVE-2024-56251", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56251", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56251.json", + "dateUpdated": "2025-01-02T12:01:23.690Z" + }, + { + "cveId": "CVE-2024-56252", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56252", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56252.json", + "dateUpdated": "2025-01-02T12:01:24.262Z" + }, + { + "cveId": "CVE-2024-56253", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56253", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56253.json", + "dateUpdated": "2025-01-02T12:01:24.834Z" + }, + { + "cveId": "CVE-2024-56254", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56254", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56254.json", + "dateUpdated": "2025-01-02T12:01:25.712Z" + }, + { + "cveId": "CVE-2024-56255", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56255", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56255.json", + "dateUpdated": "2025-01-02T12:01:26.295Z" + }, + { + "cveId": "CVE-2024-56258", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56258", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56258.json", + "dateUpdated": "2025-01-02T12:01:26.866Z" + }, + { + "cveId": "CVE-2024-56259", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56259", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56259.json", + "dateUpdated": "2025-01-02T12:01:27.441Z" + }, + { + "cveId": "CVE-2024-56260", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56260", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56260.json", + "dateUpdated": "2025-01-02T12:01:28.057Z" + }, + { + "cveId": "CVE-2024-56261", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56261", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56261.json", + "dateUpdated": "2025-01-02T12:01:28.680Z" + }, + { + "cveId": "CVE-2024-56262", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56262", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56262.json", + "dateUpdated": "2025-01-02T12:01:29.260Z" + }, + { + "cveId": "CVE-2024-56263", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56263", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56263.json", + "dateUpdated": "2025-01-02T12:01:29.828Z" + }, + { + "cveId": "CVE-2024-56264", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56264", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56264.json", + "dateUpdated": "2025-01-02T12:01:30.462Z" + }, + { + "cveId": "CVE-2024-56266", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56266", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56266.json", + "dateUpdated": "2025-01-02T12:01:31.084Z" + }, + { + "cveId": "CVE-2024-56267", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56267", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56267.json", + "dateUpdated": "2025-01-02T12:01:31.691Z" + }, + { + "cveId": "CVE-2024-56302", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56302", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56302.json", + "dateUpdated": "2025-01-02T12:01:32.295Z" } ], "updated": [], diff --git a/cves/deltaLog.json b/cves/deltaLog.json index 2489237b5636..a053bd9bc3f2 100644 --- a/cves/deltaLog.json +++ b/cves/deltaLog.json @@ -1,4 +1,906 @@ [ + { + "fetchTime": "2025-01-02T12:07:14.702Z", + "numberOfChanges": 149, + "new": [ + { + "cveId": "CVE-2023-44258", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-44258", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/44xxx/CVE-2023-44258.json", + "dateUpdated": "2025-01-02T11:59:46.069Z" + }, + { + "cveId": "CVE-2023-44988", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-44988", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/44xxx/CVE-2023-44988.json", + "dateUpdated": "2025-01-02T11:59:46.731Z" + }, + { + "cveId": "CVE-2023-45002", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-45002", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/45xxx/CVE-2023-45002.json", + "dateUpdated": "2025-01-02T11:59:47.346Z" + }, + { + "cveId": "CVE-2023-45045", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-45045", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/45xxx/CVE-2023-45045.json", + "dateUpdated": "2025-01-02T11:59:47.939Z" + }, + { + "cveId": "CVE-2023-45061", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-45061", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/45xxx/CVE-2023-45061.json", + "dateUpdated": "2025-01-02T11:59:48.514Z" + }, + { + "cveId": "CVE-2023-45101", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-45101", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/45xxx/CVE-2023-45101.json", + "dateUpdated": "2025-01-02T11:59:49.130Z" + }, + { + "cveId": "CVE-2023-45104", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-45104", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/45xxx/CVE-2023-45104.json", + "dateUpdated": "2025-01-02T11:59:49.780Z" + }, + { + "cveId": "CVE-2023-45110", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-45110", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/45xxx/CVE-2023-45110.json", + "dateUpdated": "2025-01-02T11:59:50.374Z" + }, + { + "cveId": "CVE-2023-45271", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-45271", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/45xxx/CVE-2023-45271.json", + "dateUpdated": "2025-01-02T11:59:50.933Z" + }, + { + "cveId": "CVE-2023-45275", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-45275", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/45xxx/CVE-2023-45275.json", + "dateUpdated": "2025-01-02T11:59:51.535Z" + }, + { + "cveId": "CVE-2023-45631", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-45631", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/45xxx/CVE-2023-45631.json", + "dateUpdated": "2025-01-02T11:59:52.114Z" + }, + { + "cveId": "CVE-2023-45636", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-45636", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/45xxx/CVE-2023-45636.json", + "dateUpdated": "2025-01-02T11:59:52.682Z" + }, + { + "cveId": "CVE-2023-45649", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-45649", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/45xxx/CVE-2023-45649.json", + "dateUpdated": "2025-01-02T11:59:53.263Z" + }, + { + "cveId": "CVE-2023-45760", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-45760", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/45xxx/CVE-2023-45760.json", + "dateUpdated": "2025-01-02T11:59:53.833Z" + }, + { + "cveId": "CVE-2023-45765", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-45765", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/45xxx/CVE-2023-45765.json", + "dateUpdated": "2025-01-02T11:59:54.423Z" + }, + { + "cveId": "CVE-2023-45766", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-45766", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/45xxx/CVE-2023-45766.json", + "dateUpdated": "2025-01-02T11:59:55.392Z" + }, + { + "cveId": "CVE-2023-45828", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-45828", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/45xxx/CVE-2023-45828.json", + "dateUpdated": "2025-01-02T11:59:56.028Z" + }, + { + "cveId": "CVE-2023-46073", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-46073", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/46xxx/CVE-2023-46073.json", + "dateUpdated": "2025-01-02T11:59:56.618Z" + }, + { + "cveId": "CVE-2023-46079", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-46079", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/46xxx/CVE-2023-46079.json", + "dateUpdated": "2025-01-02T11:59:57.191Z" + }, + { + "cveId": "CVE-2023-46080", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-46080", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/46xxx/CVE-2023-46080.json", + "dateUpdated": "2025-01-02T11:59:57.760Z" + }, + { + "cveId": "CVE-2023-46082", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-46082", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/46xxx/CVE-2023-46082.json", + "dateUpdated": "2025-01-02T11:59:58.339Z" + }, + { + "cveId": "CVE-2023-46083", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-46083", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/46xxx/CVE-2023-46083.json", + "dateUpdated": "2025-01-02T11:59:58.922Z" + }, + { + "cveId": "CVE-2023-46188", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-46188", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/46xxx/CVE-2023-46188.json", + "dateUpdated": "2025-01-02T11:59:59.522Z" + }, + { + "cveId": "CVE-2023-46195", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-46195", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/46xxx/CVE-2023-46195.json", + "dateUpdated": "2025-01-02T12:00:04.881Z" + }, + { + "cveId": "CVE-2023-46196", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-46196", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/46xxx/CVE-2023-46196.json", + "dateUpdated": "2025-01-02T12:00:11.708Z" + }, + { + "cveId": "CVE-2023-46203", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-46203", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/46xxx/CVE-2023-46203.json", + "dateUpdated": "2025-01-02T12:00:15.778Z" + }, + { + "cveId": "CVE-2023-46206", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-46206", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/46xxx/CVE-2023-46206.json", + "dateUpdated": "2025-01-02T12:00:16.727Z" + }, + { + "cveId": "CVE-2023-46309", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-46309", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/46xxx/CVE-2023-46309.json", + "dateUpdated": "2025-01-02T12:00:17.479Z" + }, + { + "cveId": "CVE-2023-46605", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-46605", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/46xxx/CVE-2023-46605.json", + "dateUpdated": "2025-01-02T12:00:18.293Z" + }, + { + "cveId": "CVE-2023-46606", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-46606", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/46xxx/CVE-2023-46606.json", + "dateUpdated": "2025-01-02T12:00:18.952Z" + }, + { + "cveId": "CVE-2023-46607", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-46607", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/46xxx/CVE-2023-46607.json", + "dateUpdated": "2025-01-02T12:00:19.580Z" + }, + { + "cveId": "CVE-2023-46608", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-46608", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/46xxx/CVE-2023-46608.json", + "dateUpdated": "2025-01-02T12:00:20.249Z" + }, + { + "cveId": "CVE-2023-46609", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-46609", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/46xxx/CVE-2023-46609.json", + "dateUpdated": "2025-01-02T12:00:20.875Z" + }, + { + "cveId": "CVE-2023-46610", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-46610", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/46xxx/CVE-2023-46610.json", + "dateUpdated": "2025-01-02T12:00:21.498Z" + }, + { + "cveId": "CVE-2023-46611", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-46611", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/46xxx/CVE-2023-46611.json", + "dateUpdated": "2025-01-02T12:00:22.156Z" + }, + { + "cveId": "CVE-2023-46612", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-46612", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/46xxx/CVE-2023-46612.json", + "dateUpdated": "2025-01-02T12:00:22.765Z" + }, + { + "cveId": "CVE-2023-46616", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-46616", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/46xxx/CVE-2023-46616.json", + "dateUpdated": "2025-01-02T12:00:23.490Z" + }, + { + "cveId": "CVE-2023-46628", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-46628", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/46xxx/CVE-2023-46628.json", + "dateUpdated": "2025-01-02T12:00:24.152Z" + }, + { + "cveId": "CVE-2023-46631", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-46631", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/46xxx/CVE-2023-46631.json", + "dateUpdated": "2025-01-02T12:00:24.765Z" + }, + { + "cveId": "CVE-2023-46632", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-46632", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/46xxx/CVE-2023-46632.json", + "dateUpdated": "2025-01-02T12:00:25.390Z" + }, + { + "cveId": "CVE-2023-46633", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-46633", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/46xxx/CVE-2023-46633.json", + "dateUpdated": "2025-01-02T12:00:25.979Z" + }, + { + "cveId": "CVE-2023-46635", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-46635", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/46xxx/CVE-2023-46635.json", + "dateUpdated": "2025-01-02T12:00:26.584Z" + }, + { + "cveId": "CVE-2023-46637", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-46637", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/46xxx/CVE-2023-46637.json", + "dateUpdated": "2025-01-02T12:00:27.182Z" + }, + { + "cveId": "CVE-2023-46639", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-46639", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/46xxx/CVE-2023-46639.json", + "dateUpdated": "2025-01-02T12:00:27.782Z" + }, + { + "cveId": "CVE-2023-46644", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-46644", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/46xxx/CVE-2023-46644.json", + "dateUpdated": "2025-01-02T12:00:28.369Z" + }, + { + "cveId": "CVE-2023-47179", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-47179", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/47xxx/CVE-2023-47179.json", + "dateUpdated": "2025-01-02T12:00:28.951Z" + }, + { + "cveId": "CVE-2023-47180", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-47180", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/47xxx/CVE-2023-47180.json", + "dateUpdated": "2025-01-02T12:00:29.545Z" + }, + { + "cveId": "CVE-2023-47183", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-47183", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/47xxx/CVE-2023-47183.json", + "dateUpdated": "2025-01-02T12:00:30.341Z" + }, + { + "cveId": "CVE-2023-47187", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-47187", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/47xxx/CVE-2023-47187.json", + "dateUpdated": "2025-01-02T12:00:30.933Z" + }, + { + "cveId": "CVE-2023-47188", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-47188", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/47xxx/CVE-2023-47188.json", + "dateUpdated": "2025-01-02T12:00:31.504Z" + }, + { + "cveId": "CVE-2023-47224", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-47224", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/47xxx/CVE-2023-47224.json", + "dateUpdated": "2025-01-02T12:00:32.129Z" + }, + { + "cveId": "CVE-2023-47225", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-47225", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/47xxx/CVE-2023-47225.json", + "dateUpdated": "2025-01-02T12:00:32.729Z" + }, + { + "cveId": "CVE-2023-47241", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-47241", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/47xxx/CVE-2023-47241.json", + "dateUpdated": "2025-01-02T12:00:33.359Z" + }, + { + "cveId": "CVE-2023-47515", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-47515", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/47xxx/CVE-2023-47515.json", + "dateUpdated": "2025-01-02T12:00:33.948Z" + }, + { + "cveId": "CVE-2023-47523", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-47523", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/47xxx/CVE-2023-47523.json", + "dateUpdated": "2025-01-02T12:00:34.534Z" + }, + { + "cveId": "CVE-2023-47557", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-47557", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/47xxx/CVE-2023-47557.json", + "dateUpdated": "2025-01-02T12:00:35.158Z" + }, + { + "cveId": "CVE-2023-47647", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-47647", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/47xxx/CVE-2023-47647.json", + "dateUpdated": "2025-01-02T12:00:35.748Z" + }, + { + "cveId": "CVE-2023-47648", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-47648", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/47xxx/CVE-2023-47648.json", + "dateUpdated": "2025-01-02T12:00:36.326Z" + }, + { + "cveId": "CVE-2023-47661", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-47661", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/47xxx/CVE-2023-47661.json", + "dateUpdated": "2025-01-02T12:00:36.927Z" + }, + { + "cveId": "CVE-2023-47689", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-47689", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/47xxx/CVE-2023-47689.json", + "dateUpdated": "2025-01-02T12:00:37.500Z" + }, + { + "cveId": "CVE-2023-47692", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-47692", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/47xxx/CVE-2023-47692.json", + "dateUpdated": "2025-01-02T12:00:38.156Z" + }, + { + "cveId": "CVE-2023-47693", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-47693", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/47xxx/CVE-2023-47693.json", + "dateUpdated": "2025-01-02T12:00:38.749Z" + }, + { + "cveId": "CVE-2024-13107", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-13107", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/13xxx/CVE-2024-13107.json", + "dateUpdated": "2025-01-02T12:00:17.338Z" + }, + { + "cveId": "CVE-2024-37093", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37093", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37093.json", + "dateUpdated": "2025-01-02T12:00:39.514Z" + }, + { + "cveId": "CVE-2024-37102", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37102", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37102.json", + "dateUpdated": "2025-01-02T12:00:40.257Z" + }, + { + "cveId": "CVE-2024-37103", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37103", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37103.json", + "dateUpdated": "2025-01-02T12:00:40.865Z" + }, + { + "cveId": "CVE-2024-37104", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37104", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37104.json", + "dateUpdated": "2025-01-02T12:00:41.473Z" + }, + { + "cveId": "CVE-2024-37235", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37235", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37235.json", + "dateUpdated": "2025-01-02T12:00:42.100Z" + }, + { + "cveId": "CVE-2024-37236", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37236", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37236.json", + "dateUpdated": "2025-01-02T12:00:42.709Z" + }, + { + "cveId": "CVE-2024-37238", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37238", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37238.json", + "dateUpdated": "2025-01-02T12:00:43.267Z" + }, + { + "cveId": "CVE-2024-37240", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37240", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37240.json", + "dateUpdated": "2025-01-02T12:00:43.867Z" + }, + { + "cveId": "CVE-2024-37242", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37242", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37242.json", + "dateUpdated": "2025-01-02T12:00:44.450Z" + }, + { + "cveId": "CVE-2024-37243", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37243", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37243.json", + "dateUpdated": "2025-01-02T12:00:45.355Z" + }, + { + "cveId": "CVE-2024-37272", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37272", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37272.json", + "dateUpdated": "2025-01-02T12:00:46.032Z" + }, + { + "cveId": "CVE-2024-37274", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37274", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37274.json", + "dateUpdated": "2025-01-02T12:00:46.649Z" + }, + { + "cveId": "CVE-2024-37412", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37412", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37412.json", + "dateUpdated": "2025-01-02T12:00:47.258Z" + }, + { + "cveId": "CVE-2024-37413", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37413", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37413.json", + "dateUpdated": "2025-01-02T12:00:47.916Z" + }, + { + "cveId": "CVE-2024-37417", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37417", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37417.json", + "dateUpdated": "2025-01-02T12:00:48.533Z" + }, + { + "cveId": "CVE-2024-37421", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37421", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37421.json", + "dateUpdated": "2025-01-02T12:00:49.121Z" + }, + { + "cveId": "CVE-2024-37426", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37426", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37426.json", + "dateUpdated": "2025-01-02T12:00:49.713Z" + }, + { + "cveId": "CVE-2024-37431", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37431", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37431.json", + "dateUpdated": "2025-01-02T12:00:50.297Z" + }, + { + "cveId": "CVE-2024-37435", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37435", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37435.json", + "dateUpdated": "2025-01-02T12:00:50.873Z" + }, + { + "cveId": "CVE-2024-37441", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37441", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37441.json", + "dateUpdated": "2025-01-02T12:00:51.452Z" + }, + { + "cveId": "CVE-2024-37448", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37448", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37448.json", + "dateUpdated": "2025-01-02T12:00:52.057Z" + }, + { + "cveId": "CVE-2024-37450", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37450", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37450.json", + "dateUpdated": "2025-01-02T12:00:52.665Z" + }, + { + "cveId": "CVE-2024-37451", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37451", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37451.json", + "dateUpdated": "2025-01-02T12:00:53.246Z" + }, + { + "cveId": "CVE-2024-37458", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37458", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37458.json", + "dateUpdated": "2025-01-02T12:00:53.830Z" + }, + { + "cveId": "CVE-2024-37467", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37467", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37467.json", + "dateUpdated": "2025-01-02T12:00:54.403Z" + }, + { + "cveId": "CVE-2024-37469", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37469", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37469.json", + "dateUpdated": "2025-01-02T12:00:54.991Z" + }, + { + "cveId": "CVE-2024-37473", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37473", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37473.json", + "dateUpdated": "2025-01-02T12:00:55.611Z" + }, + { + "cveId": "CVE-2024-37478", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37478", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37478.json", + "dateUpdated": "2025-01-02T12:00:56.190Z" + }, + { + "cveId": "CVE-2024-37490", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37490", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37490.json", + "dateUpdated": "2025-01-02T12:00:56.765Z" + }, + { + "cveId": "CVE-2024-37491", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37491", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37491.json", + "dateUpdated": "2025-01-02T12:00:57.359Z" + }, + { + "cveId": "CVE-2024-37493", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37493", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37493.json", + "dateUpdated": "2025-01-02T12:00:57.947Z" + }, + { + "cveId": "CVE-2024-37503", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37503", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37503.json", + "dateUpdated": "2025-01-02T12:00:58.527Z" + }, + { + "cveId": "CVE-2024-37508", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37508", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37508.json", + "dateUpdated": "2025-01-02T12:00:59.095Z" + }, + { + "cveId": "CVE-2024-37511", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37511", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37511.json", + "dateUpdated": "2025-01-02T12:00:59.680Z" + }, + { + "cveId": "CVE-2024-37518", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37518", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37518.json", + "dateUpdated": "2025-01-02T12:01:00.614Z" + }, + { + "cveId": "CVE-2024-37540", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37540", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37540.json", + "dateUpdated": "2025-01-02T12:01:01.252Z" + }, + { + "cveId": "CVE-2024-37543", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37543", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37543.json", + "dateUpdated": "2025-01-02T12:01:02.297Z" + }, + { + "cveId": "CVE-2024-37937", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37937", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37937.json", + "dateUpdated": "2025-01-02T12:01:02.910Z" + }, + { + "cveId": "CVE-2024-38691", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-38691", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/38xxx/CVE-2024-38691.json", + "dateUpdated": "2025-01-02T12:01:03.529Z" + }, + { + "cveId": "CVE-2024-38729", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-38729", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/38xxx/CVE-2024-38729.json", + "dateUpdated": "2025-01-02T12:01:04.146Z" + }, + { + "cveId": "CVE-2024-38751", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-38751", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/38xxx/CVE-2024-38751.json", + "dateUpdated": "2025-01-02T12:01:04.748Z" + }, + { + "cveId": "CVE-2024-38753", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-38753", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/38xxx/CVE-2024-38753.json", + "dateUpdated": "2025-01-02T12:01:05.330Z" + }, + { + "cveId": "CVE-2024-38754", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-38754", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/38xxx/CVE-2024-38754.json", + "dateUpdated": "2025-01-02T12:01:05.907Z" + }, + { + "cveId": "CVE-2024-38762", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-38762", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/38xxx/CVE-2024-38762.json", + "dateUpdated": "2025-01-02T12:01:06.486Z" + }, + { + "cveId": "CVE-2024-38763", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-38763", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/38xxx/CVE-2024-38763.json", + "dateUpdated": "2025-01-02T12:01:07.075Z" + }, + { + "cveId": "CVE-2024-38765", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-38765", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/38xxx/CVE-2024-38765.json", + "dateUpdated": "2025-01-02T12:01:07.664Z" + }, + { + "cveId": "CVE-2024-38766", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-38766", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/38xxx/CVE-2024-38766.json", + "dateUpdated": "2025-01-02T12:01:08.282Z" + }, + { + "cveId": "CVE-2024-38789", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-38789", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/38xxx/CVE-2024-38789.json", + "dateUpdated": "2025-01-02T12:01:08.872Z" + }, + { + "cveId": "CVE-2024-38790", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-38790", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/38xxx/CVE-2024-38790.json", + "dateUpdated": "2025-01-02T12:01:09.453Z" + }, + { + "cveId": "CVE-2024-43927", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-43927", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/43xxx/CVE-2024-43927.json", + "dateUpdated": "2025-01-02T12:01:10.166Z" + }, + { + "cveId": "CVE-2024-56018", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56018", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56018.json", + "dateUpdated": "2025-01-02T12:01:10.800Z" + }, + { + "cveId": "CVE-2024-56022", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56022", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56022.json", + "dateUpdated": "2025-01-02T12:01:11.406Z" + }, + { + "cveId": "CVE-2024-56023", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56023", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56023.json", + "dateUpdated": "2025-01-02T12:01:12.025Z" + }, + { + "cveId": "CVE-2024-56024", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56024", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56024.json", + "dateUpdated": "2025-01-02T12:01:12.628Z" + }, + { + "cveId": "CVE-2024-56025", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56025", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56025.json", + "dateUpdated": "2025-01-02T12:01:13.211Z" + }, + { + "cveId": "CVE-2024-56026", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56026", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56026.json", + "dateUpdated": "2025-01-02T12:01:13.808Z" + }, + { + "cveId": "CVE-2024-56236", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56236", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56236.json", + "dateUpdated": "2025-01-02T12:01:14.414Z" + }, + { + "cveId": "CVE-2024-56237", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56237", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56237.json", + "dateUpdated": "2025-01-02T12:01:15.266Z" + }, + { + "cveId": "CVE-2024-56238", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56238", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56238.json", + "dateUpdated": "2025-01-02T12:01:15.934Z" + }, + { + "cveId": "CVE-2024-56239", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56239", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56239.json", + "dateUpdated": "2025-01-02T12:01:16.532Z" + }, + { + "cveId": "CVE-2024-56240", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56240", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56240.json", + "dateUpdated": "2025-01-02T12:01:17.162Z" + }, + { + "cveId": "CVE-2024-56241", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56241", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56241.json", + "dateUpdated": "2025-01-02T12:01:17.766Z" + }, + { + "cveId": "CVE-2024-56242", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56242", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56242.json", + "dateUpdated": "2025-01-02T12:01:18.374Z" + }, + { + "cveId": "CVE-2024-56243", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56243", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56243.json", + "dateUpdated": "2025-01-02T12:01:19.001Z" + }, + { + "cveId": "CVE-2024-56244", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56244", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56244.json", + "dateUpdated": "2025-01-02T12:01:19.601Z" + }, + { + "cveId": "CVE-2024-56245", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56245", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56245.json", + "dateUpdated": "2025-01-02T12:01:20.211Z" + }, + { + "cveId": "CVE-2024-56246", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56246", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56246.json", + "dateUpdated": "2025-01-02T12:01:20.794Z" + }, + { + "cveId": "CVE-2024-56247", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56247", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56247.json", + "dateUpdated": "2025-01-02T12:01:21.366Z" + }, + { + "cveId": "CVE-2024-56248", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56248", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56248.json", + "dateUpdated": "2025-01-02T12:01:21.951Z" + }, + { + "cveId": "CVE-2024-56249", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56249", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56249.json", + "dateUpdated": "2025-01-02T12:01:22.533Z" + }, + { + "cveId": "CVE-2024-56250", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56250", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56250.json", + "dateUpdated": "2025-01-02T12:01:23.114Z" + }, + { + "cveId": "CVE-2024-56251", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56251", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56251.json", + "dateUpdated": "2025-01-02T12:01:23.690Z" + }, + { + "cveId": "CVE-2024-56252", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56252", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56252.json", + "dateUpdated": "2025-01-02T12:01:24.262Z" + }, + { + "cveId": "CVE-2024-56253", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56253", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56253.json", + "dateUpdated": "2025-01-02T12:01:24.834Z" + }, + { + "cveId": "CVE-2024-56254", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56254", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56254.json", + "dateUpdated": "2025-01-02T12:01:25.712Z" + }, + { + "cveId": "CVE-2024-56255", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56255", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56255.json", + "dateUpdated": "2025-01-02T12:01:26.295Z" + }, + { + "cveId": "CVE-2024-56258", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56258", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56258.json", + "dateUpdated": "2025-01-02T12:01:26.866Z" + }, + { + "cveId": "CVE-2024-56259", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56259", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56259.json", + "dateUpdated": "2025-01-02T12:01:27.441Z" + }, + { + "cveId": "CVE-2024-56260", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56260", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56260.json", + "dateUpdated": "2025-01-02T12:01:28.057Z" + }, + { + "cveId": "CVE-2024-56261", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56261", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56261.json", + "dateUpdated": "2025-01-02T12:01:28.680Z" + }, + { + "cveId": "CVE-2024-56262", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56262", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56262.json", + "dateUpdated": "2025-01-02T12:01:29.260Z" + }, + { + "cveId": "CVE-2024-56263", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56263", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56263.json", + "dateUpdated": "2025-01-02T12:01:29.828Z" + }, + { + "cveId": "CVE-2024-56264", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56264", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56264.json", + "dateUpdated": "2025-01-02T12:01:30.462Z" + }, + { + "cveId": "CVE-2024-56266", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56266", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56266.json", + "dateUpdated": "2025-01-02T12:01:31.084Z" + }, + { + "cveId": "CVE-2024-56267", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56267", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56267.json", + "dateUpdated": "2025-01-02T12:01:31.691Z" + }, + { + "cveId": "CVE-2024-56302", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56302", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56302.json", + "dateUpdated": "2025-01-02T12:01:32.295Z" + } + ], + "updated": [], + "error": [] + }, { "fetchTime": "2025-01-02T11:33:18.448Z", "numberOfChanges": 1, @@ -116383,69 +117285,5 @@ ], "updated": [], "error": [] - }, - { - "fetchTime": "2024-12-03T11:45:48.852Z", - "numberOfChanges": 4, - "new": [], - "updated": [ - { - "cveId": "CVE-2024-49416", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-49416", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/49xxx/CVE-2024-49416.json", - "dateUpdated": "2024-12-03T11:43:45.274Z" - }, - { - "cveId": "CVE-2024-49417", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-49417", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/49xxx/CVE-2024-49417.json", - "dateUpdated": "2024-12-03T11:43:45.039Z" - }, - { - "cveId": "CVE-2024-49418", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-49418", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/49xxx/CVE-2024-49418.json", - "dateUpdated": "2024-12-03T11:43:44.884Z" - }, - { - "cveId": "CVE-2024-49419", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-49419", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/49xxx/CVE-2024-49419.json", - "dateUpdated": "2024-12-03T11:43:44.738Z" - } - ], - "error": [] - }, - { - "fetchTime": "2024-12-03T11:38:11.455Z", - "numberOfChanges": 4, - "new": [], - "updated": [ - { - "cveId": "CVE-2024-49410", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-49410", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/49xxx/CVE-2024-49410.json", - "dateUpdated": "2024-12-03T11:31:24.049Z" - }, - { - "cveId": "CVE-2024-49411", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-49411", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/49xxx/CVE-2024-49411.json", - "dateUpdated": "2024-12-03T11:31:00.965Z" - }, - { - "cveId": "CVE-2024-49412", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-49412", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/49xxx/CVE-2024-49412.json", - "dateUpdated": "2024-12-03T11:30:22.006Z" - }, - { - "cveId": "CVE-2024-49413", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-49413", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/49xxx/CVE-2024-49413.json", - "dateUpdated": "2024-12-03T11:33:43.124Z" - } - ], - "error": [] } ] \ No newline at end of file