diff --git a/cves/2024/11xxx/CVE-2024-11184.json b/cves/2024/11xxx/CVE-2024-11184.json new file mode 100644 index 000000000000..ee6f7d7da31d --- /dev/null +++ b/cves/2024/11xxx/CVE-2024-11184.json @@ -0,0 +1,83 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-11184", + "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", + "state": "PUBLISHED", + "assignerShortName": "WPScan", + "dateReserved": "2024-11-13T15:55:57.036Z", + "datePublished": "2025-01-02T06:00:04.587Z", + "dateUpdated": "2025-01-02T06:00:04.587Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", + "shortName": "WPScan", + "dateUpdated": "2025-01-02T06:00:04.587Z" + }, + "title": "WP Enabled SVG <= 0.7 - Author+ Stored XSS via SVG", + "problemTypes": [ + { + "descriptions": [ + { + "description": "CWE-79 Cross-Site Scripting (XSS)", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "affected": [ + { + "vendor": "Unknown", + "product": "wp-enable-svg", + "versions": [ + { + "status": "affected", + "versionType": "semver", + "version": "0", + "lessThanOrEqual": "0.7" + } + ], + "defaultStatus": "affected" + } + ], + "descriptions": [ + { + "lang": "en", + "value": "The wp-enable-svg WordPress plugin through 0.7 does not sanitize SVG files when uploaded, allowing for authors and above to upload SVGs containing malicious scripts" + } + ], + "references": [ + { + "url": "https://wpscan.com/vulnerability/fc982bcb-9974-481f-aef4-580ae9edc3c8/", + "tags": [ + "exploit", + "vdb-entry", + "technical-description" + ] + } + ], + "credits": [ + { + "lang": "en", + "value": "Pierre Rudloff", + "type": "finder" + }, + { + "lang": "en", + "value": "WPScan", + "type": "coordinator" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "WPScan CVE Generator" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/11xxx/CVE-2024-11357.json b/cves/2024/11xxx/CVE-2024-11357.json new file mode 100644 index 000000000000..92082273b367 --- /dev/null +++ b/cves/2024/11xxx/CVE-2024-11357.json @@ -0,0 +1,83 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-11357", + "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", + "state": "PUBLISHED", + "assignerShortName": "WPScan", + "dateReserved": "2024-11-18T18:33:52.275Z", + "datePublished": "2025-01-02T06:00:10.840Z", + "dateUpdated": "2025-01-02T06:00:10.840Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", + "shortName": "WPScan", + "dateUpdated": "2025-01-02T06:00:10.840Z" + }, + "title": "Goodlayers Core < 2.0.10 - Contributor+ Stored XSS", + "problemTypes": [ + { + "descriptions": [ + { + "description": "CWE-79 Cross-Site Scripting (XSS)", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "affected": [ + { + "vendor": "Unknown", + "product": "goodlayers-core", + "versions": [ + { + "status": "affected", + "versionType": "semver", + "version": "0", + "lessThan": "2.0.10" + } + ], + "defaultStatus": "unaffected" + } + ], + "descriptions": [ + { + "lang": "en", + "value": "The goodlayers-core WordPress plugin before 2.0.10 does not sanitise and escape some of its settings, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks." + } + ], + "references": [ + { + "url": "https://wpscan.com/vulnerability/7e8c6816-9b7a-43e8-9508-789c8051dd9b/", + "tags": [ + "exploit", + "vdb-entry", + "technical-description" + ] + } + ], + "credits": [ + { + "lang": "en", + "value": "Bob Matyas", + "type": "finder" + }, + { + "lang": "en", + "value": "WPScan", + "type": "coordinator" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "WPScan CVE Generator" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/12xxx/CVE-2024-12595.json b/cves/2024/12xxx/CVE-2024-12595.json new file mode 100644 index 000000000000..b1ebca5ea48f --- /dev/null +++ b/cves/2024/12xxx/CVE-2024-12595.json @@ -0,0 +1,83 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-12595", + "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", + "state": "PUBLISHED", + "assignerShortName": "WPScan", + "dateReserved": "2024-12-12T22:04:10.012Z", + "datePublished": "2025-01-02T06:00:13.479Z", + "dateUpdated": "2025-01-02T06:00:13.479Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", + "shortName": "WPScan", + "dateUpdated": "2025-01-02T06:00:13.479Z" + }, + "title": "AHAthat Plugin <= 1.6 - Reflected XSS via REQUEST_URI", + "problemTypes": [ + { + "descriptions": [ + { + "description": "CWE-79 Cross-Site Scripting (XSS)", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "affected": [ + { + "vendor": "Unknown", + "product": "AHAthat Plugin", + "versions": [ + { + "status": "affected", + "versionType": "semver", + "version": "0", + "lessThanOrEqual": "1.6" + } + ], + "defaultStatus": "affected" + } + ], + "descriptions": [ + { + "lang": "en", + "value": "The AHAthat Plugin WordPress plugin through 1.6 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers" + } + ], + "references": [ + { + "url": "https://wpscan.com/vulnerability/7a506438-3106-477f-816d-b9b116ec8555/", + "tags": [ + "exploit", + "vdb-entry", + "technical-description" + ] + } + ], + "credits": [ + { + "lang": "en", + "value": "Bob Matyas", + "type": "finder" + }, + { + "lang": "en", + "value": "WPScan", + "type": "coordinator" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "x_generator": { + "engine": "WPScan CVE Generator" + } + } + } +} \ No newline at end of file diff --git a/cves/delta.json b/cves/delta.json index b4fa232273e0..a29a3e75a98c 100644 --- a/cves/delta.json +++ b/cves/delta.json @@ -1,20 +1,26 @@ { - "fetchTime": "2025-01-02T05:06:52.805Z", - "numberOfChanges": 2, - "new": [], - "updated": [ + "fetchTime": "2025-01-02T06:00:22.791Z", + "numberOfChanges": 3, + "new": [ { - "cveId": "CVE-2002-20002", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2002-20002", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2002/20xxx/CVE-2002-20002.json", - "dateUpdated": "2025-01-02T05:00:27.855Z" + "cveId": "CVE-2024-11184", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-11184", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/11xxx/CVE-2024-11184.json", + "dateUpdated": "2025-01-02T06:00:04.587Z" }, { - "cveId": "CVE-2024-56830", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56830", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56830.json", - "dateUpdated": "2025-01-02T05:00:55.766Z" + "cveId": "CVE-2024-11357", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-11357", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/11xxx/CVE-2024-11357.json", + "dateUpdated": "2025-01-02T06:00:10.840Z" + }, + { + "cveId": "CVE-2024-12595", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-12595", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/12xxx/CVE-2024-12595.json", + "dateUpdated": "2025-01-02T06:00:13.479Z" } ], + "updated": [], "error": [] } \ No newline at end of file diff --git a/cves/deltaLog.json b/cves/deltaLog.json index e0474aa201ca..434eb21e95b1 100644 --- a/cves/deltaLog.json +++ b/cves/deltaLog.json @@ -1,4 +1,30 @@ [ + { + "fetchTime": "2025-01-02T06:00:22.791Z", + "numberOfChanges": 3, + "new": [ + { + "cveId": "CVE-2024-11184", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-11184", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/11xxx/CVE-2024-11184.json", + "dateUpdated": "2025-01-02T06:00:04.587Z" + }, + { + "cveId": "CVE-2024-11357", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-11357", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/11xxx/CVE-2024-11357.json", + "dateUpdated": "2025-01-02T06:00:10.840Z" + }, + { + "cveId": "CVE-2024-12595", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-12595", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/12xxx/CVE-2024-12595.json", + "dateUpdated": "2025-01-02T06:00:13.479Z" + } + ], + "updated": [], + "error": [] + }, { "fetchTime": "2025-01-02T05:06:52.805Z", "numberOfChanges": 2, @@ -116533,99 +116559,5 @@ } ], "error": [] - }, - { - "fetchTime": "2024-12-03T05:51:37.642Z", - "numberOfChanges": 12, - "new": [ - { - "cveId": "CVE-2024-49410", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-49410", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/49xxx/CVE-2024-49410.json", - "dateUpdated": "2024-12-03T05:47:52.309Z" - }, - { - "cveId": "CVE-2024-49411", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-49411", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/49xxx/CVE-2024-49411.json", - "dateUpdated": "2024-12-03T05:47:53.600Z" - }, - { - "cveId": "CVE-2024-49412", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-49412", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/49xxx/CVE-2024-49412.json", - "dateUpdated": "2024-12-03T05:47:54.841Z" - }, - { - "cveId": "CVE-2024-49413", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-49413", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/49xxx/CVE-2024-49413.json", - "dateUpdated": "2024-12-03T05:47:56.157Z" - }, - { - "cveId": "CVE-2024-49414", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-49414", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/49xxx/CVE-2024-49414.json", - "dateUpdated": "2024-12-03T05:47:57.426Z" - }, - { - "cveId": "CVE-2024-49415", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-49415", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/49xxx/CVE-2024-49415.json", - "dateUpdated": "2024-12-03T05:47:58.657Z" - }, - { - "cveId": "CVE-2024-49416", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-49416", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/49xxx/CVE-2024-49416.json", - "dateUpdated": "2024-12-03T05:47:59.990Z" - }, - { - "cveId": "CVE-2024-49417", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-49417", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/49xxx/CVE-2024-49417.json", - "dateUpdated": "2024-12-03T05:48:01.520Z" - }, - { - "cveId": "CVE-2024-49418", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-49418", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/49xxx/CVE-2024-49418.json", - "dateUpdated": "2024-12-03T05:48:02.786Z" - }, - { - "cveId": "CVE-2024-49419", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-49419", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/49xxx/CVE-2024-49419.json", - "dateUpdated": "2024-12-03T05:48:04.036Z" - }, - { - "cveId": "CVE-2024-49420", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-49420", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/49xxx/CVE-2024-49420.json", - "dateUpdated": "2024-12-03T05:48:05.296Z" - }, - { - "cveId": "CVE-2024-49421", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-49421", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/49xxx/CVE-2024-49421.json", - "dateUpdated": "2024-12-03T05:48:06.555Z" - } - ], - "updated": [], - "error": [] - }, - { - "fetchTime": "2024-12-03T05:34:50.515Z", - "numberOfChanges": 1, - "new": [ - { - "cveId": "CVE-2024-10484", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-10484", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/10xxx/CVE-2024-10484.json", - "dateUpdated": "2024-12-03T05:33:26.364Z" - } - ], - "updated": [], - "error": [] } ] \ No newline at end of file