-
Notifications
You must be signed in to change notification settings - Fork 206
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- 3 new CVEs: CVE-2024-11184, CVE-2024-11357, CVE-2024-12595 - 0 updated CVEs:
- Loading branch information
cvelistV5 Github Action
committed
Jan 2, 2025
1 parent
5ec8a11
commit 7b341ff
Showing
5 changed files
with
293 additions
and
106 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,83 @@ | ||
| { | ||
| "dataType": "CVE_RECORD", | ||
| "dataVersion": "5.1", | ||
| "cveMetadata": { | ||
| "cveId": "CVE-2024-11184", | ||
| "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", | ||
| "state": "PUBLISHED", | ||
| "assignerShortName": "WPScan", | ||
| "dateReserved": "2024-11-13T15:55:57.036Z", | ||
| "datePublished": "2025-01-02T06:00:04.587Z", | ||
| "dateUpdated": "2025-01-02T06:00:04.587Z" | ||
| }, | ||
| "containers": { | ||
| "cna": { | ||
| "providerMetadata": { | ||
| "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", | ||
| "shortName": "WPScan", | ||
| "dateUpdated": "2025-01-02T06:00:04.587Z" | ||
| }, | ||
| "title": "WP Enabled SVG <= 0.7 - Author+ Stored XSS via SVG", | ||
| "problemTypes": [ | ||
| { | ||
| "descriptions": [ | ||
| { | ||
| "description": "CWE-79 Cross-Site Scripting (XSS)", | ||
| "lang": "en", | ||
| "type": "CWE" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "affected": [ | ||
| { | ||
| "vendor": "Unknown", | ||
| "product": "wp-enable-svg", | ||
| "versions": [ | ||
| { | ||
| "status": "affected", | ||
| "versionType": "semver", | ||
| "version": "0", | ||
| "lessThanOrEqual": "0.7" | ||
| } | ||
| ], | ||
| "defaultStatus": "affected" | ||
| } | ||
| ], | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "The wp-enable-svg WordPress plugin through 0.7 does not sanitize SVG files when uploaded, allowing for authors and above to upload SVGs containing malicious scripts" | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "url": "https://wpscan.com/vulnerability/fc982bcb-9974-481f-aef4-580ae9edc3c8/", | ||
| "tags": [ | ||
| "exploit", | ||
| "vdb-entry", | ||
| "technical-description" | ||
| ] | ||
| } | ||
| ], | ||
| "credits": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "Pierre Rudloff", | ||
| "type": "finder" | ||
| }, | ||
| { | ||
| "lang": "en", | ||
| "value": "WPScan", | ||
| "type": "coordinator" | ||
| } | ||
| ], | ||
| "source": { | ||
| "discovery": "EXTERNAL" | ||
| }, | ||
| "x_generator": { | ||
| "engine": "WPScan CVE Generator" | ||
| } | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,83 @@ | ||
| { | ||
| "dataType": "CVE_RECORD", | ||
| "dataVersion": "5.1", | ||
| "cveMetadata": { | ||
| "cveId": "CVE-2024-11357", | ||
| "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", | ||
| "state": "PUBLISHED", | ||
| "assignerShortName": "WPScan", | ||
| "dateReserved": "2024-11-18T18:33:52.275Z", | ||
| "datePublished": "2025-01-02T06:00:10.840Z", | ||
| "dateUpdated": "2025-01-02T06:00:10.840Z" | ||
| }, | ||
| "containers": { | ||
| "cna": { | ||
| "providerMetadata": { | ||
| "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", | ||
| "shortName": "WPScan", | ||
| "dateUpdated": "2025-01-02T06:00:10.840Z" | ||
| }, | ||
| "title": "Goodlayers Core < 2.0.10 - Contributor+ Stored XSS", | ||
| "problemTypes": [ | ||
| { | ||
| "descriptions": [ | ||
| { | ||
| "description": "CWE-79 Cross-Site Scripting (XSS)", | ||
| "lang": "en", | ||
| "type": "CWE" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "affected": [ | ||
| { | ||
| "vendor": "Unknown", | ||
| "product": "goodlayers-core", | ||
| "versions": [ | ||
| { | ||
| "status": "affected", | ||
| "versionType": "semver", | ||
| "version": "0", | ||
| "lessThan": "2.0.10" | ||
| } | ||
| ], | ||
| "defaultStatus": "unaffected" | ||
| } | ||
| ], | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "The goodlayers-core WordPress plugin before 2.0.10 does not sanitise and escape some of its settings, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks." | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "url": "https://wpscan.com/vulnerability/7e8c6816-9b7a-43e8-9508-789c8051dd9b/", | ||
| "tags": [ | ||
| "exploit", | ||
| "vdb-entry", | ||
| "technical-description" | ||
| ] | ||
| } | ||
| ], | ||
| "credits": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "Bob Matyas", | ||
| "type": "finder" | ||
| }, | ||
| { | ||
| "lang": "en", | ||
| "value": "WPScan", | ||
| "type": "coordinator" | ||
| } | ||
| ], | ||
| "source": { | ||
| "discovery": "EXTERNAL" | ||
| }, | ||
| "x_generator": { | ||
| "engine": "WPScan CVE Generator" | ||
| } | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,83 @@ | ||
| { | ||
| "dataType": "CVE_RECORD", | ||
| "dataVersion": "5.1", | ||
| "cveMetadata": { | ||
| "cveId": "CVE-2024-12595", | ||
| "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", | ||
| "state": "PUBLISHED", | ||
| "assignerShortName": "WPScan", | ||
| "dateReserved": "2024-12-12T22:04:10.012Z", | ||
| "datePublished": "2025-01-02T06:00:13.479Z", | ||
| "dateUpdated": "2025-01-02T06:00:13.479Z" | ||
| }, | ||
| "containers": { | ||
| "cna": { | ||
| "providerMetadata": { | ||
| "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", | ||
| "shortName": "WPScan", | ||
| "dateUpdated": "2025-01-02T06:00:13.479Z" | ||
| }, | ||
| "title": "AHAthat Plugin <= 1.6 - Reflected XSS via REQUEST_URI", | ||
| "problemTypes": [ | ||
| { | ||
| "descriptions": [ | ||
| { | ||
| "description": "CWE-79 Cross-Site Scripting (XSS)", | ||
| "lang": "en", | ||
| "type": "CWE" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "affected": [ | ||
| { | ||
| "vendor": "Unknown", | ||
| "product": "AHAthat Plugin", | ||
| "versions": [ | ||
| { | ||
| "status": "affected", | ||
| "versionType": "semver", | ||
| "version": "0", | ||
| "lessThanOrEqual": "1.6" | ||
| } | ||
| ], | ||
| "defaultStatus": "affected" | ||
| } | ||
| ], | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "The AHAthat Plugin WordPress plugin through 1.6 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers" | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "url": "https://wpscan.com/vulnerability/7a506438-3106-477f-816d-b9b116ec8555/", | ||
| "tags": [ | ||
| "exploit", | ||
| "vdb-entry", | ||
| "technical-description" | ||
| ] | ||
| } | ||
| ], | ||
| "credits": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "Bob Matyas", | ||
| "type": "finder" | ||
| }, | ||
| { | ||
| "lang": "en", | ||
| "value": "WPScan", | ||
| "type": "coordinator" | ||
| } | ||
| ], | ||
| "source": { | ||
| "discovery": "EXTERNAL" | ||
| }, | ||
| "x_generator": { | ||
| "engine": "WPScan CVE Generator" | ||
| } | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,20 +1,26 @@ | ||
| { | ||
| "fetchTime": "2025-01-02T05:06:52.805Z", | ||
| "numberOfChanges": 2, | ||
| "new": [], | ||
| "updated": [ | ||
| "fetchTime": "2025-01-02T06:00:22.791Z", | ||
| "numberOfChanges": 3, | ||
| "new": [ | ||
| { | ||
| "cveId": "CVE-2002-20002", | ||
| "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2002-20002", | ||
| "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2002/20xxx/CVE-2002-20002.json", | ||
| "dateUpdated": "2025-01-02T05:00:27.855Z" | ||
| "cveId": "CVE-2024-11184", | ||
| "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-11184", | ||
| "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/11xxx/CVE-2024-11184.json", | ||
| "dateUpdated": "2025-01-02T06:00:04.587Z" | ||
| }, | ||
| { | ||
| "cveId": "CVE-2024-56830", | ||
| "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56830", | ||
| "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56830.json", | ||
| "dateUpdated": "2025-01-02T05:00:55.766Z" | ||
| "cveId": "CVE-2024-11357", | ||
| "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-11357", | ||
| "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/11xxx/CVE-2024-11357.json", | ||
| "dateUpdated": "2025-01-02T06:00:10.840Z" | ||
| }, | ||
| { | ||
| "cveId": "CVE-2024-12595", | ||
| "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-12595", | ||
| "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/12xxx/CVE-2024-12595.json", | ||
| "dateUpdated": "2025-01-02T06:00:13.479Z" | ||
| } | ||
| ], | ||
| "updated": [], | ||
| "error": [] | ||
| } |
Oops, something went wrong.