Skip to content

Commit 8c95d5e

Browse files
author
cvelistV5 Github Action
committed
5 changes (5 new | 0 updated):
 - 5 new CVEs: CVE-2024-56045, CVE-2024-56061, CVE-2024-56066, CVE-2024-56203, CVE-2024-56204 - 0 updated CVEs:
1 parent 1dc242a commit 8c95d5e

File tree

7 files changed

+734
-14
lines changed

7 files changed

+734
-14
lines changed

cves/2024/56xxx/CVE-2024-56045.json

Lines changed: 140 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,140 @@
1+
{
2+
"dataType": "CVE_RECORD",
3+
"dataVersion": "5.1",
4+
"cveMetadata": {
5+
"cveId": "CVE-2024-56045",
6+
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
7+
"state": "PUBLISHED",
8+
"assignerShortName": "Patchstack",
9+
"dateReserved": "2024-12-14T19:42:58.218Z",
10+
"datePublished": "2024-12-31T13:17:49.414Z",
11+
"dateUpdated": "2024-12-31T13:17:49.414Z"
12+
},
13+
"containers": {
14+
"cna": {
15+
"affected": [
16+
{
17+
"defaultStatus": "unaffected",
18+
"product": "WPLMS",
19+
"vendor": "VibeThemes",
20+
"versions": [
21+
{
22+
"changes": [
23+
{
24+
"at": "1.9.9.5",
25+
"status": "unaffected"
26+
}
27+
],
28+
"lessThan": "1.9.9.5",
29+
"status": "affected",
30+
"version": "n/a",
31+
"versionType": "custom"
32+
}
33+
]
34+
}
35+
],
36+
"credits": [
37+
{
38+
"lang": "en",
39+
"type": "finder",
40+
"user": "00000000-0000-4000-9000-000000000000",
41+
"value": "Rafie Muhammad (Patchstack)"
42+
}
43+
],
44+
"descriptions": [
45+
{
46+
"lang": "en",
47+
"supportingMedia": [
48+
{
49+
"base64": false,
50+
"type": "text/html",
51+
"value": "Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS allows Path Traversal.<p>This issue affects WPLMS: from n/a before 1.9.9.5.</p>"
52+
}
53+
],
54+
"value": "Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS allows Path Traversal.This issue affects WPLMS: from n/a before 1.9.9.5."
55+
}
56+
],
57+
"impacts": [
58+
{
59+
"capecId": "CAPEC-126",
60+
"descriptions": [
61+
{
62+
"lang": "en",
63+
"value": "CAPEC-126 Path Traversal"
64+
}
65+
]
66+
}
67+
],
68+
"metrics": [
69+
{
70+
"cvssV3_1": {
71+
"attackComplexity": "LOW",
72+
"attackVector": "NETWORK",
73+
"availabilityImpact": "HIGH",
74+
"baseScore": 9.3,
75+
"baseSeverity": "CRITICAL",
76+
"confidentialityImpact": "NONE",
77+
"integrityImpact": "LOW",
78+
"privilegesRequired": "NONE",
79+
"scope": "CHANGED",
80+
"userInteraction": "NONE",
81+
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:H",
82+
"version": "3.1"
83+
},
84+
"format": "CVSS",
85+
"scenarios": [
86+
{
87+
"lang": "en",
88+
"value": "GENERAL"
89+
}
90+
]
91+
}
92+
],
93+
"problemTypes": [
94+
{
95+
"descriptions": [
96+
{
97+
"cweId": "CWE-35",
98+
"description": "CWE-35 Path Traversal: '.../...//'",
99+
"lang": "en",
100+
"type": "CWE"
101+
}
102+
]
103+
}
104+
],
105+
"providerMetadata": {
106+
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
107+
"shortName": "Patchstack",
108+
"dateUpdated": "2024-12-31T13:17:49.414Z"
109+
},
110+
"references": [
111+
{
112+
"tags": [
113+
"vdb-entry"
114+
],
115+
"url": "https://patchstack.com/database/wordpress/plugin/wplms-plugin/vulnerability/wordpress-wplms-plugin-1-9-9-5-unauthenticated-arbitrary-directory-deletion-vulnerability?_s_id=cve"
116+
}
117+
],
118+
"solutions": [
119+
{
120+
"lang": "en",
121+
"supportingMedia": [
122+
{
123+
"base64": false,
124+
"type": "text/html",
125+
"value": "Update the WordPress WPLMS plugin to the latest available version (at least 1.9.9.5)."
126+
}
127+
],
128+
"value": "Update the WordPress WPLMS plugin to the latest available version (at least 1.9.9.5)."
129+
}
130+
],
131+
"source": {
132+
"discovery": "EXTERNAL"
133+
},
134+
"title": "WordPress WPLMS plugin < 1.9.9.5 - Unauthenticated Arbitrary Directory Deletion vulnerability",
135+
"x_generator": {
136+
"engine": "Vulnogram 0.2.0"
137+
}
138+
}
139+
}
140+
}

cves/2024/56xxx/CVE-2024-56061.json

Lines changed: 142 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,142 @@
1+
{
2+
"dataType": "CVE_RECORD",
3+
"dataVersion": "5.1",
4+
"cveMetadata": {
5+
"cveId": "CVE-2024-56061",
6+
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
7+
"state": "PUBLISHED",
8+
"assignerShortName": "Patchstack",
9+
"dateReserved": "2024-12-14T19:43:05.903Z",
10+
"datePublished": "2024-12-31T13:18:44.063Z",
11+
"dateUpdated": "2024-12-31T13:18:44.063Z"
12+
},
13+
"containers": {
14+
"cna": {
15+
"affected": [
16+
{
17+
"collectionURL": "https://wordpress.org/plugins",
18+
"defaultStatus": "unaffected",
19+
"packageName": "computer-repair-shop",
20+
"product": "Computer Repair Shop",
21+
"vendor": "Webful Creations",
22+
"versions": [
23+
{
24+
"changes": [
25+
{
26+
"at": "3.8120",
27+
"status": "unaffected"
28+
}
29+
],
30+
"lessThanOrEqual": "3.8119",
31+
"status": "affected",
32+
"version": "n/a",
33+
"versionType": "custom"
34+
}
35+
]
36+
}
37+
],
38+
"credits": [
39+
{
40+
"lang": "en",
41+
"type": "finder",
42+
"user": "00000000-0000-4000-9000-000000000000",
43+
"value": "SOPROBRO (Patchstack Alliance)"
44+
}
45+
],
46+
"descriptions": [
47+
{
48+
"lang": "en",
49+
"supportingMedia": [
50+
{
51+
"base64": false,
52+
"type": "text/html",
53+
"value": "Missing Authorization vulnerability in Webful Creations Computer Repair Shop allows Privilege Escalation.<p>This issue affects Computer Repair Shop: from n/a through 3.8119.</p>"
54+
}
55+
],
56+
"value": "Missing Authorization vulnerability in Webful Creations Computer Repair Shop allows Privilege Escalation.This issue affects Computer Repair Shop: from n/a through 3.8119."
57+
}
58+
],
59+
"impacts": [
60+
{
61+
"capecId": "CAPEC-233",
62+
"descriptions": [
63+
{
64+
"lang": "en",
65+
"value": "CAPEC-233 Privilege Escalation"
66+
}
67+
]
68+
}
69+
],
70+
"metrics": [
71+
{
72+
"cvssV3_1": {
73+
"attackComplexity": "LOW",
74+
"attackVector": "NETWORK",
75+
"availabilityImpact": "HIGH",
76+
"baseScore": 8.8,
77+
"baseSeverity": "HIGH",
78+
"confidentialityImpact": "HIGH",
79+
"integrityImpact": "HIGH",
80+
"privilegesRequired": "LOW",
81+
"scope": "UNCHANGED",
82+
"userInteraction": "NONE",
83+
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
84+
"version": "3.1"
85+
},
86+
"format": "CVSS",
87+
"scenarios": [
88+
{
89+
"lang": "en",
90+
"value": "GENERAL"
91+
}
92+
]
93+
}
94+
],
95+
"problemTypes": [
96+
{
97+
"descriptions": [
98+
{
99+
"cweId": "CWE-862",
100+
"description": "CWE-862 Missing Authorization",
101+
"lang": "en",
102+
"type": "CWE"
103+
}
104+
]
105+
}
106+
],
107+
"providerMetadata": {
108+
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
109+
"shortName": "Patchstack",
110+
"dateUpdated": "2024-12-31T13:18:44.063Z"
111+
},
112+
"references": [
113+
{
114+
"tags": [
115+
"vdb-entry"
116+
],
117+
"url": "https://patchstack.com/database/wordpress/plugin/computer-repair-shop/vulnerability/wordpress-repairbuddy-plugin-3-8119-account-takeover-vulnerability?_s_id=cve"
118+
}
119+
],
120+
"solutions": [
121+
{
122+
"lang": "en",
123+
"supportingMedia": [
124+
{
125+
"base64": false,
126+
"type": "text/html",
127+
"value": "Update the WordPress Computer Repair Shop wordpress plugin to the latest available version (at least 3.8120)."
128+
}
129+
],
130+
"value": "Update the WordPress Computer Repair Shop wordpress plugin to the latest available version (at least 3.8120)."
131+
}
132+
],
133+
"source": {
134+
"discovery": "EXTERNAL"
135+
},
136+
"title": "WordPress RepairBuddy plugin <= 3.8119 - Account Takeover vulnerability",
137+
"x_generator": {
138+
"engine": "Vulnogram 0.2.0"
139+
}
140+
}
141+
}
142+
}

0 commit comments

Comments
 (0)