This issue affects Member Directory and Contact Form: from n/a through 1.7.0.
" + } + ], + "value": "Missing Authorization vulnerability in Stephen Sherrard Member Directory and Contact Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Member Directory and Contact Form: from n/a through 1.7.0." + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "metrics": [ + { + "cvssV3_1": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" + }, + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ] + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2024-12-31T10:17:30.410Z" + }, + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/pta-member-directory/vulnerability/wordpress-member-directory-and-contact-form-plugin-1-7-0-broken-access-control-vulnerability?_s_id=cve" + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Member Directory and Contact Form wordpress plugin to the latest available version (at least 1.8.0)." + } + ], + "value": "Update the WordPress Member Directory and Contact Form wordpress plugin to the latest available version (at least 1.8.0)." + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "title": "WordPress Member Directory and Contact Form plugin <= 1.7.0 - Broken Access Control vulnerability", + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/56xxx/CVE-2024-56217.json b/cves/2024/56xxx/CVE-2024-56217.json new file mode 100644 index 000000000000..b198066f499e --- /dev/null +++ b/cves/2024/56xxx/CVE-2024-56217.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-56217", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-12-18T19:03:54.298Z", + "datePublished": "2024-12-31T10:21:50.815Z", + "dateUpdated": "2024-12-31T10:21:50.815Z" + }, + "containers": { + "cna": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "download-manager", + "product": "Download Manager", + "vendor": "W3 Eden, Inc.", + "versions": [ + { + "changes": [ + { + "at": "3.3.04", + "status": "unaffected" + } + ], + "lessThanOrEqual": "3.3.03", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ] + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Rafie Muhammad (Patchstack)" + } + ], + "descriptions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Missing Authorization vulnerability in W3 Eden, Inc. Download Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Manager: from n/a through 3.3.03.
" + } + ], + "value": "Missing Authorization vulnerability in W3 Eden, Inc. Download Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Manager: from n/a through 3.3.03." + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "metrics": [ + { + "cvssV3_1": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" + }, + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ] + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2024-12-31T10:21:50.815Z" + }, + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/download-manager/vulnerability/wordpress-download-manager-plugin-3-3-03-broken-access-control-vulnerability?_s_id=cve" + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Download Manager wordpress plugin to the latest available version (at least 3.3.04)." + } + ], + "value": "Update the WordPress Download Manager wordpress plugin to the latest available version (at least 3.3.04)." + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "title": "WordPress Download Manager plugin <= 3.3.03 - Broken Access Control vulnerability", + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/56xxx/CVE-2024-56219.json b/cves/2024/56xxx/CVE-2024-56219.json new file mode 100644 index 000000000000..8845b4560554 --- /dev/null +++ b/cves/2024/56xxx/CVE-2024-56219.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-56219", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-12-18T19:03:54.298Z", + "datePublished": "2024-12-31T10:22:42.089Z", + "dateUpdated": "2024-12-31T10:22:42.089Z" + }, + "containers": { + "cna": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "widget-options", + "product": "Widget Options", + "vendor": "MarketingFire", + "versions": [ + { + "changes": [ + { + "at": "4.0.8", + "status": "unaffected" + } + ], + "lessThanOrEqual": "4.0.6.1", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ] + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Rafie Muhammad (Patchstack)" + } + ], + "descriptions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Missing Authorization vulnerability in MarketingFire Widget Options allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Widget Options: from n/a through 4.0.6.1.
" + } + ], + "value": "Missing Authorization vulnerability in MarketingFire Widget Options allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Widget Options: from n/a through 4.0.6.1." + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "metrics": [ + { + "cvssV3_1": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" + }, + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ] + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2024-12-31T10:22:42.089Z" + }, + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/widget-options/vulnerability/wordpress-widget-options-plugin-4-0-6-1-broken-access-control-vulnerability?_s_id=cve" + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Widget Options plugin to the latest available version (at least 4.0.8)." + } + ], + "value": "Update the WordPress Widget Options plugin to the latest available version (at least 4.0.8)." + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "title": "WordPress Widget Options plugin <= 4.0.6.1 - Broken Access Control vulnerability", + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/56xxx/CVE-2024-56225.json b/cves/2024/56xxx/CVE-2024-56225.json new file mode 100644 index 000000000000..479ead90e5ba --- /dev/null +++ b/cves/2024/56xxx/CVE-2024-56225.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-56225", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-12-18T19:04:02.339Z", + "datePublished": "2024-12-31T10:23:45.323Z", + "dateUpdated": "2024-12-31T10:23:45.323Z" + }, + "containers": { + "cna": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "premium-addons-for-elementor", + "product": "Premium Addons for Elementor", + "vendor": "Leap13", + "versions": [ + { + "changes": [ + { + "at": "4.10.57", + "status": "unaffected" + } + ], + "lessThanOrEqual": "4.10.56", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ] + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Rafie Muhammad (Patchstack)" + } + ], + "descriptions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Missing Authorization vulnerability in Leap13 Premium Addons for Elementor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Premium Addons for Elementor: from n/a through 4.10.56.
" + } + ], + "value": "Missing Authorization vulnerability in Leap13 Premium Addons for Elementor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Premium Addons for Elementor: from n/a through 4.10.56." + } + ], + "impacts": [ + { + "capecId": "CAPEC-1", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs" + } + ] + } + ], + "metrics": [ + { + "cvssV3_1": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "version": "3.1" + }, + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ] + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2024-12-31T10:23:45.323Z" + }, + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/premium-addons-for-elementor/vulnerability/wordpress-premium-addons-for-elementor-plugin-4-10-56-broken-access-control-vulnerability?_s_id=cve" + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Premium Addons for Elementor plugin to the latest available version (at least 4.10.57)." + } + ], + "value": "Update the WordPress Premium Addons for Elementor plugin to the latest available version (at least 4.10.57)." + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "title": "WordPress Premium Addons for Elementor plugin <= 4.10.56 - Broken Access Control vulnerability", + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/56xxx/CVE-2024-56227.json b/cves/2024/56xxx/CVE-2024-56227.json new file mode 100644 index 000000000000..03b02c102a46 --- /dev/null +++ b/cves/2024/56xxx/CVE-2024-56227.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-56227", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-12-18T19:04:02.339Z", + "datePublished": "2024-12-31T10:24:38.211Z", + "dateUpdated": "2024-12-31T10:24:38.211Z" + }, + "containers": { + "cna": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "royal-elementor-addons", + "product": "Royal Elementor Addons", + "vendor": "WP Royal", + "versions": [ + { + "changes": [ + { + "at": "1.7.1002", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.7.1001", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ] + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Rafie Muhammad (Patchstack)" + } + ], + "descriptions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Missing Authorization vulnerability in WP Royal Royal Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Royal Elementor Addons: from n/a through 1.7.1001.
" + } + ], + "value": "Missing Authorization vulnerability in WP Royal Royal Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Royal Elementor Addons: from n/a through 1.7.1001." + } + ], + "impacts": [ + { + "capecId": "CAPEC-180", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" + } + ] + } + ], + "metrics": [ + { + "cvssV3_1": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" + }, + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ] + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-862", + "description": "CWE-862 Missing Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2024-12-31T10:24:38.211Z" + }, + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/royal-elementor-addons/vulnerability/wordpress-royal-elementor-addons-plugin-1-7-1001-broken-access-control-vulnerability?_s_id=cve" + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Royal Elementor Addons plugin to the latest available version (at least 1.7.1002)." + } + ], + "value": "Update the WordPress Royal Elementor Addons plugin to the latest available version (at least 1.7.1002)." + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "title": "WordPress Royal Elementor Addons plugin <= 1.7.1001 - Broken Access Control vulnerability", + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/56xxx/CVE-2024-56235.json b/cves/2024/56xxx/CVE-2024-56235.json new file mode 100644 index 000000000000..147dde82a342 --- /dev/null +++ b/cves/2024/56xxx/CVE-2024-56235.json @@ -0,0 +1,123 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-56235", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-12-18T19:04:10.960Z", + "datePublished": "2024-12-31T10:16:40.490Z", + "dateUpdated": "2024-12-31T10:16:40.490Z" + }, + "containers": { + "cna": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "coupon-lite", + "product": "Coupon", + "vendor": "Coupon Plugin", + "versions": [ + { + "lessThanOrEqual": "1.2.1", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ] + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Gab (Patchstack Alliance)" + } + ], + "descriptions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Coupon Plugin Coupon allows DOM-Based XSS.This issue affects Coupon: from n/a through 1.2.1.
" + } + ], + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Coupon Plugin Coupon allows DOM-Based XSS.This issue affects Coupon: from n/a through 1.2.1." + } + ], + "impacts": [ + { + "capecId": "CAPEC-588", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-588 DOM-Based XSS" + } + ] + } + ], + "metrics": [ + { + "cvssV3_1": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" + }, + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ] + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-79", + "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2024-12-31T10:16:40.490Z" + }, + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/coupon-lite/vulnerability/wordpress-coupon-plugin-1-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "title": "WordPress Coupon plugin <= 1.2.1 - Cross Site Scripting (XSS) vulnerability", + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/56xxx/CVE-2024-56256.json b/cves/2024/56xxx/CVE-2024-56256.json new file mode 100644 index 000000000000..79cced930c1d --- /dev/null +++ b/cves/2024/56xxx/CVE-2024-56256.json @@ -0,0 +1,142 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-56256", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-12-18T19:04:26.187Z", + "datePublished": "2024-12-31T10:15:36.923Z", + "dateUpdated": "2024-12-31T10:15:36.923Z" + }, + "containers": { + "cna": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "defaultStatus": "unaffected", + "packageName": "embed-pdf-viewer", + "product": "Embed PDF Viewer", + "vendor": "Andy Fragen", + "versions": [ + { + "changes": [ + { + "at": "2.4.0", + "status": "unaffected" + } + ], + "lessThanOrEqual": "2.3.1", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ] + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Ibnu Ubaeydillah (Patchstack Alliance)" + } + ], + "descriptions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andy Fragen Embed PDF Viewer allows Stored XSS.This issue affects Embed PDF Viewer: from n/a through 2.3.1.
" + } + ], + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andy Fragen Embed PDF Viewer allows Stored XSS.This issue affects Embed PDF Viewer: from n/a through 2.3.1." + } + ], + "impacts": [ + { + "capecId": "CAPEC-592", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-592 Stored XSS" + } + ] + } + ], + "metrics": [ + { + "cvssV3_1": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" + }, + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ] + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-79", + "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2024-12-31T10:15:36.923Z" + }, + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/embed-pdf-viewer/vulnerability/wordpress-embed-pdf-viewer-plugin-2-3-1-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Embed PDF Viewer wordpress plugin to the latest available version (at least 2.4.0)." + } + ], + "value": "Update the WordPress Embed PDF Viewer wordpress plugin to the latest available version (at least 2.4.0)." + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "title": "WordPress Embed PDF Viewer plugin <= 2.3.1 - Cross Site Scripting (XSS) vulnerability", + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/56xxx/CVE-2024-56265.json b/cves/2024/56xxx/CVE-2024-56265.json new file mode 100644 index 000000000000..6605755ae5ad --- /dev/null +++ b/cves/2024/56xxx/CVE-2024-56265.json @@ -0,0 +1,140 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-56265", + "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "state": "PUBLISHED", + "assignerShortName": "Patchstack", + "dateReserved": "2024-12-18T19:04:36.270Z", + "datePublished": "2024-12-31T10:14:03.679Z", + "dateUpdated": "2024-12-31T10:14:03.679Z" + }, + "containers": { + "cna": { + "affected": [ + { + "defaultStatus": "unaffected", + "product": "WooCommerce PDF Vouchers", + "vendor": "WPWeb", + "versions": [ + { + "changes": [ + { + "at": "4.9.9", + "status": "unaffected" + } + ], + "lessThan": "4.9.9", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ] + } + ], + "credits": [ + { + "lang": "en", + "type": "finder", + "user": "00000000-0000-4000-9000-000000000000", + "value": "Bonds (Patchstack Alliance)" + } + ], + "descriptions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPWeb WooCommerce PDF Vouchers allows Reflected XSS.This issue affects WooCommerce PDF Vouchers: from n/a before 4.9.9.
" + } + ], + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPWeb WooCommerce PDF Vouchers allows Reflected XSS.This issue affects WooCommerce PDF Vouchers: from n/a before 4.9.9." + } + ], + "impacts": [ + { + "capecId": "CAPEC-591", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-591 Reflected XSS" + } + ] + } + ], + "metrics": [ + { + "cvssV3_1": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" + }, + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ] + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-79", + "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "providerMetadata": { + "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", + "shortName": "Patchstack", + "dateUpdated": "2024-12-31T10:14:03.679Z" + }, + "references": [ + { + "tags": [ + "vdb-entry" + ], + "url": "https://patchstack.com/database/wordpress/plugin/woocommerce-pdf-vouchers/vulnerability/wordpress-woocommerce-pdf-vouchers-plugin-4-9-9-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress WooCommerce PDF Vouchers plugin to the latest available version (at least 4.9.9)." + } + ], + "value": "Update the WordPress WooCommerce PDF Vouchers plugin to the latest available version (at least 4.9.9)." + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "title": "WordPress WooCommerce - PDF Vouchers plugin < 4.9.9 - Cross Site Scripting (XSS) vulnerability", + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/delta.json b/cves/delta.json index 6c7b0a6b66d4..c373e82b0c7f 100644 --- a/cves/delta.json +++ b/cves/delta.json @@ -1,45 +1,56 @@ { - "fetchTime": "2024-12-31T10:13:53.402Z", - "numberOfChanges": 6, + "fetchTime": "2024-12-31T10:25:09.334Z", + "numberOfChanges": 8, "new": [ { - "cveId": "CVE-2024-56218", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56218", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56218.json", - "dateUpdated": "2024-12-31T10:12:52.349Z" + "cveId": "CVE-2024-56215", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56215", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56215.json", + "dateUpdated": "2024-12-31T10:17:30.410Z" }, { - "cveId": "CVE-2024-56220", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56220", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56220.json", - "dateUpdated": "2024-12-31T10:05:03.942Z" + "cveId": "CVE-2024-56217", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56217", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56217.json", + "dateUpdated": "2024-12-31T10:21:50.815Z" }, { - "cveId": "CVE-2024-56222", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56222", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56222.json", - "dateUpdated": "2024-12-31T10:07:36.348Z" + "cveId": "CVE-2024-56219", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56219", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56219.json", + "dateUpdated": "2024-12-31T10:22:42.089Z" }, { - "cveId": "CVE-2024-56229", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56229", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56229.json", - "dateUpdated": "2024-12-31T10:06:50.315Z" + "cveId": "CVE-2024-56225", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56225", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56225.json", + "dateUpdated": "2024-12-31T10:23:45.323Z" }, { - "cveId": "CVE-2024-56232", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56232", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56232.json", - "dateUpdated": "2024-12-31T10:05:56.024Z" - } - ], - "updated": [ + "cveId": "CVE-2024-56227", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56227", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56227.json", + "dateUpdated": "2024-12-31T10:24:38.211Z" + }, + { + "cveId": "CVE-2024-56235", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56235", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56235.json", + "dateUpdated": "2024-12-31T10:16:40.490Z" + }, + { + "cveId": "CVE-2024-56256", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56256", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56256.json", + "dateUpdated": "2024-12-31T10:15:36.923Z" + }, { - "cveId": "CVE-2024-21520", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-21520", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/21xxx/CVE-2024-21520.json", - "dateUpdated": "2024-12-31T10:10:34.187Z" + "cveId": "CVE-2024-56265", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56265", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56265.json", + "dateUpdated": "2024-12-31T10:14:03.679Z" } ], + "updated": [], "error": [] } \ No newline at end of file diff --git a/cves/deltaLog.json b/cves/deltaLog.json index f14f702511f3..4d597a2b3284 100644 --- a/cves/deltaLog.json +++ b/cves/deltaLog.json @@ -1,4 +1,60 @@ [ + { + "fetchTime": "2024-12-31T10:25:09.334Z", + "numberOfChanges": 8, + "new": [ + { + "cveId": "CVE-2024-56215", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56215", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56215.json", + "dateUpdated": "2024-12-31T10:17:30.410Z" + }, + { + "cveId": "CVE-2024-56217", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56217", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56217.json", + "dateUpdated": "2024-12-31T10:21:50.815Z" + }, + { + "cveId": "CVE-2024-56219", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56219", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56219.json", + "dateUpdated": "2024-12-31T10:22:42.089Z" + }, + { + "cveId": "CVE-2024-56225", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56225", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56225.json", + "dateUpdated": "2024-12-31T10:23:45.323Z" + }, + { + "cveId": "CVE-2024-56227", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56227", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56227.json", + "dateUpdated": "2024-12-31T10:24:38.211Z" + }, + { + "cveId": "CVE-2024-56235", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56235", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56235.json", + "dateUpdated": "2024-12-31T10:16:40.490Z" + }, + { + "cveId": "CVE-2024-56256", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56256", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56256.json", + "dateUpdated": "2024-12-31T10:15:36.923Z" + }, + { + "cveId": "CVE-2024-56265", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56265", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56265.json", + "dateUpdated": "2024-12-31T10:14:03.679Z" + } + ], + "updated": [], + "error": [] + }, { "fetchTime": "2024-12-31T10:13:53.402Z", "numberOfChanges": 6,