-
Notifications
You must be signed in to change notification settings - Fork 206
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- 6 new CVEs: CVE-2024-56211, CVE-2024-56212, CVE-2024-56213, CVE-2024-56214, CVE-2024-56216, CVE-2024-56230 - 0 updated CVEs:
- Loading branch information
cvelistV5 Github Action
committed
Dec 31, 2024
1 parent
09c0dad
commit c577752
Showing
8 changed files
with
847 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,110 @@ | ||
| { | ||
| "dataType": "CVE_RECORD", | ||
| "dataVersion": "5.1", | ||
| "cveMetadata": { | ||
| "cveId": "CVE-2024-56211", | ||
| "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", | ||
| "state": "PUBLISHED", | ||
| "assignerShortName": "Patchstack", | ||
| "dateReserved": "2024-12-18T19:03:36.424Z", | ||
| "datePublished": "2024-12-31T10:03:12.435Z", | ||
| "dateUpdated": "2024-12-31T10:03:12.435Z" | ||
| }, | ||
| "containers": { | ||
| "cna": { | ||
| "affected": [ | ||
| { | ||
| "defaultStatus": "unaffected", | ||
| "product": "Userpro", | ||
| "vendor": "DeluxeThemes", | ||
| "versions": [ | ||
| { | ||
| "lessThanOrEqual": "5.1.9", | ||
| "status": "affected", | ||
| "version": "n/a", | ||
| "versionType": "custom" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "credits": [ | ||
| { | ||
| "lang": "en", | ||
| "type": "finder", | ||
| "user": "00000000-0000-4000-9000-000000000000", | ||
| "value": "Rafie Muhammad (Patchstack)" | ||
| } | ||
| ], | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "supportingMedia": [ | ||
| { | ||
| "base64": false, | ||
| "type": "text/html", | ||
| "value": "Missing Authorization vulnerability in DeluxeThemes Userpro.<p>This issue affects Userpro: from n/a through 5.1.9.</p>" | ||
| } | ||
| ], | ||
| "value": "Missing Authorization vulnerability in DeluxeThemes Userpro.This issue affects Userpro: from n/a through 5.1.9." | ||
| } | ||
| ], | ||
| "metrics": [ | ||
| { | ||
| "cvssV3_1": { | ||
| "attackComplexity": "LOW", | ||
| "attackVector": "NETWORK", | ||
| "availabilityImpact": "HIGH", | ||
| "baseScore": 8.8, | ||
| "baseSeverity": "HIGH", | ||
| "confidentialityImpact": "HIGH", | ||
| "integrityImpact": "HIGH", | ||
| "privilegesRequired": "LOW", | ||
| "scope": "UNCHANGED", | ||
| "userInteraction": "NONE", | ||
| "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", | ||
| "version": "3.1" | ||
| }, | ||
| "format": "CVSS", | ||
| "scenarios": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "GENERAL" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "problemTypes": [ | ||
| { | ||
| "descriptions": [ | ||
| { | ||
| "cweId": "CWE-862", | ||
| "description": "CWE-862 Missing Authorization", | ||
| "lang": "en", | ||
| "type": "CWE" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "providerMetadata": { | ||
| "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", | ||
| "shortName": "Patchstack", | ||
| "dateUpdated": "2024-12-31T10:03:12.435Z" | ||
| }, | ||
| "references": [ | ||
| { | ||
| "tags": [ | ||
| "vdb-entry" | ||
| ], | ||
| "url": "https://patchstack.com/database/wordpress/plugin/userpro/vulnerability/wordpress-userpro-plugin-5-1-9-authenticated-arbitrary-user-meta-update-vulnerability?_s_id=cve" | ||
| } | ||
| ], | ||
| "source": { | ||
| "discovery": "EXTERNAL" | ||
| }, | ||
| "title": "WordPress UserPro plugin <= 5.1.9 - Authenticated Arbitrary User Meta Update vulnerability", | ||
| "x_generator": { | ||
| "engine": "Vulnogram 0.2.0" | ||
| } | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,110 @@ | ||
| { | ||
| "dataType": "CVE_RECORD", | ||
| "dataVersion": "5.1", | ||
| "cveMetadata": { | ||
| "cveId": "CVE-2024-56212", | ||
| "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", | ||
| "state": "PUBLISHED", | ||
| "assignerShortName": "Patchstack", | ||
| "dateReserved": "2024-12-18T19:03:36.424Z", | ||
| "datePublished": "2024-12-31T10:04:12.727Z", | ||
| "dateUpdated": "2024-12-31T10:04:12.727Z" | ||
| }, | ||
| "containers": { | ||
| "cna": { | ||
| "affected": [ | ||
| { | ||
| "defaultStatus": "unaffected", | ||
| "product": "Userpro", | ||
| "vendor": "DeluxeThemes", | ||
| "versions": [ | ||
| { | ||
| "lessThanOrEqual": "5.1.9", | ||
| "status": "affected", | ||
| "version": "n/a", | ||
| "versionType": "custom" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "credits": [ | ||
| { | ||
| "lang": "en", | ||
| "type": "finder", | ||
| "user": "00000000-0000-4000-9000-000000000000", | ||
| "value": "Rafie Muhammad (Patchstack)" | ||
| } | ||
| ], | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "supportingMedia": [ | ||
| { | ||
| "base64": false, | ||
| "type": "text/html", | ||
| "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in DeluxeThemes Userpro.<p>This issue affects Userpro: from n/a through 5.1.9.</p>" | ||
| } | ||
| ], | ||
| "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in DeluxeThemes Userpro.This issue affects Userpro: from n/a through 5.1.9." | ||
| } | ||
| ], | ||
| "metrics": [ | ||
| { | ||
| "cvssV3_1": { | ||
| "attackComplexity": "LOW", | ||
| "attackVector": "NETWORK", | ||
| "availabilityImpact": "LOW", | ||
| "baseScore": 8.5, | ||
| "baseSeverity": "HIGH", | ||
| "confidentialityImpact": "HIGH", | ||
| "integrityImpact": "NONE", | ||
| "privilegesRequired": "LOW", | ||
| "scope": "CHANGED", | ||
| "userInteraction": "NONE", | ||
| "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", | ||
| "version": "3.1" | ||
| }, | ||
| "format": "CVSS", | ||
| "scenarios": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "GENERAL" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "problemTypes": [ | ||
| { | ||
| "descriptions": [ | ||
| { | ||
| "cweId": "CWE-89", | ||
| "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", | ||
| "lang": "en", | ||
| "type": "CWE" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "providerMetadata": { | ||
| "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", | ||
| "shortName": "Patchstack", | ||
| "dateUpdated": "2024-12-31T10:04:12.727Z" | ||
| }, | ||
| "references": [ | ||
| { | ||
| "tags": [ | ||
| "vdb-entry" | ||
| ], | ||
| "url": "https://patchstack.com/database/wordpress/plugin/userpro/vulnerability/wordpress-userpro-plugin-5-1-9-sql-injection-vulnerability?_s_id=cve" | ||
| } | ||
| ], | ||
| "source": { | ||
| "discovery": "EXTERNAL" | ||
| }, | ||
| "title": "WordPress UserPro plugin <= 5.1.9 - SQL Injection vulnerability", | ||
| "x_generator": { | ||
| "engine": "Vulnogram 0.2.0" | ||
| } | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,142 @@ | ||
| { | ||
| "dataType": "CVE_RECORD", | ||
| "dataVersion": "5.1", | ||
| "cveMetadata": { | ||
| "cveId": "CVE-2024-56213", | ||
| "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", | ||
| "state": "PUBLISHED", | ||
| "assignerShortName": "Patchstack", | ||
| "dateReserved": "2024-12-18T19:03:54.296Z", | ||
| "datePublished": "2024-12-31T10:02:21.132Z", | ||
| "dateUpdated": "2024-12-31T10:02:21.132Z" | ||
| }, | ||
| "containers": { | ||
| "cna": { | ||
| "affected": [ | ||
| { | ||
| "collectionURL": "https://wordpress.org/plugins", | ||
| "defaultStatus": "unaffected", | ||
| "packageName": "wp-event-solution", | ||
| "product": "Eventin", | ||
| "vendor": "Themewinter", | ||
| "versions": [ | ||
| { | ||
| "changes": [ | ||
| { | ||
| "at": "4.0.9", | ||
| "status": "unaffected" | ||
| } | ||
| ], | ||
| "lessThanOrEqual": "4.0.7", | ||
| "status": "affected", | ||
| "version": "n/a", | ||
| "versionType": "custom" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "credits": [ | ||
| { | ||
| "lang": "en", | ||
| "type": "finder", | ||
| "user": "00000000-0000-4000-9000-000000000000", | ||
| "value": "João Pedro Soares de Alcântara - Kinorth (Patchstack Alliance)" | ||
| } | ||
| ], | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "supportingMedia": [ | ||
| { | ||
| "base64": false, | ||
| "type": "text/html", | ||
| "value": "Path Traversal: '.../...//' vulnerability in Themewinter Eventin allows Path Traversal.<p>This issue affects Eventin: from n/a through 4.0.7.</p>" | ||
| } | ||
| ], | ||
| "value": "Path Traversal: '.../...//' vulnerability in Themewinter Eventin allows Path Traversal.This issue affects Eventin: from n/a through 4.0.7." | ||
| } | ||
| ], | ||
| "impacts": [ | ||
| { | ||
| "capecId": "CAPEC-126", | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "CAPEC-126 Path Traversal" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "metrics": [ | ||
| { | ||
| "cvssV3_1": { | ||
| "attackComplexity": "LOW", | ||
| "attackVector": "NETWORK", | ||
| "availabilityImpact": "NONE", | ||
| "baseScore": 6.5, | ||
| "baseSeverity": "MEDIUM", | ||
| "confidentialityImpact": "HIGH", | ||
| "integrityImpact": "NONE", | ||
| "privilegesRequired": "LOW", | ||
| "scope": "UNCHANGED", | ||
| "userInteraction": "NONE", | ||
| "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", | ||
| "version": "3.1" | ||
| }, | ||
| "format": "CVSS", | ||
| "scenarios": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "GENERAL" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "problemTypes": [ | ||
| { | ||
| "descriptions": [ | ||
| { | ||
| "cweId": "CWE-35", | ||
| "description": "CWE-35 Path Traversal: '.../...//'", | ||
| "lang": "en", | ||
| "type": "CWE" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "providerMetadata": { | ||
| "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", | ||
| "shortName": "Patchstack", | ||
| "dateUpdated": "2024-12-31T10:02:21.132Z" | ||
| }, | ||
| "references": [ | ||
| { | ||
| "tags": [ | ||
| "vdb-entry" | ||
| ], | ||
| "url": "https://patchstack.com/database/wordpress/plugin/wp-event-solution/vulnerability/wordpress-eventin-plugin-4-0-7-contributor-limited-local-file-inclusion-vulnerability?_s_id=cve" | ||
| } | ||
| ], | ||
| "solutions": [ | ||
| { | ||
| "lang": "en", | ||
| "supportingMedia": [ | ||
| { | ||
| "base64": false, | ||
| "type": "text/html", | ||
| "value": "Update the WordPress Eventin wordpress plugin to the latest available version (at least 4.0.9)." | ||
| } | ||
| ], | ||
| "value": "Update the WordPress Eventin wordpress plugin to the latest available version (at least 4.0.9)." | ||
| } | ||
| ], | ||
| "source": { | ||
| "discovery": "EXTERNAL" | ||
| }, | ||
| "title": "WordPress Eventin plugin <= 4.0.7 - Contributor+ Limited Local File Inclusion vulnerability", | ||
| "x_generator": { | ||
| "engine": "Vulnogram 0.2.0" | ||
| } | ||
| } | ||
| } | ||
| } |
Oops, something went wrong.