-
Notifications
You must be signed in to change notification settings - Fork 336
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
GHSA-2592-p5m4-vcrw GHSA-2v7h-rhjc-hq44 GHSA-3hm8-gfcv-xw4r GHSA-6jfp-6gwv-4mrw GHSA-6qjm-g6jp-3fc3 GHSA-7jc4-w8g6-3f8v GHSA-89c2-f3pq-cgrh GHSA-c787-p47f-ccwq GHSA-frx6-vfvh-wfv7 GHSA-h9qm-23hq-fwgp GHSA-hg57-gjx2-c4mf GHSA-j3ww-w8f6-35rx GHSA-jrc3-j3vj-52mx GHSA-mhmv-qr4x-4qpx GHSA-mx6h-x8qg-mcrr GHSA-pw66-2xmf-22rc GHSA-qr3c-782g-2642 GHSA-qvmg-rp5m-rgw8 GHSA-v437-gx8j-fg2c
- Loading branch information
1 parent
fb0abab
commit 6bd8d21
Showing
19 changed files
with
722 additions
and
0 deletions.
There are no files selected for viewing
38 changes: 38 additions & 0 deletions
38
advisories/unreviewed/2024/11/GHSA-2592-p5m4-vcrw/GHSA-2592-p5m4-vcrw.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-2592-p5m4-vcrw", | ||
| "modified": "2024-11-17T00:30:41Z", | ||
| "published": "2024-11-17T00:30:41Z", | ||
| "aliases": [ | ||
| "CVE-2024-52408" | ||
| ], | ||
| "details": "Unrestricted Upload of File with Dangerous Type vulnerability in Team PushAssist Push Notifications for WordPress by PushAssist allows Upload a Web Shell to a Web Server.This issue affects Push Notifications for WordPress by PushAssist: from n/a through 3.0.8.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" | ||
| } | ||
| ], | ||
| "affected": [ | ||
|
|
||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52408" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://patchstack.com/database/vulnerability/push-notification-for-wp-by-pushassist/wordpress-push-notifications-for-wordpress-by-pushassist-plugin-3-0-8-arbitrary-file-upload-vulnerability?_s_id=cve" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-434" | ||
| ], | ||
| "severity": "CRITICAL", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-11-16T22:15:06Z" | ||
| } | ||
| } |
38 changes: 38 additions & 0 deletions
38
advisories/unreviewed/2024/11/GHSA-2v7h-rhjc-hq44/GHSA-2v7h-rhjc-hq44.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-2v7h-rhjc-hq44", | ||
| "modified": "2024-11-17T00:30:41Z", | ||
| "published": "2024-11-17T00:30:41Z", | ||
| "aliases": [ | ||
| "CVE-2024-52415" | ||
| ], | ||
| "details": "Cross-Site Request Forgery (CSRF) vulnerability in Skpstorm SK WP Settings Backup allows Object Injection.This issue affects SK WP Settings Backup: from n/a through 1.0.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" | ||
| } | ||
| ], | ||
| "affected": [ | ||
|
|
||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52415" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://patchstack.com/database/vulnerability/sk-wp-settings-backup/wordpress-sk-wp-settings-backup-plugin-1-0-csrf-to-php-object-injection-vulnerability?_s_id=cve" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-352" | ||
| ], | ||
| "severity": "HIGH", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-11-16T22:15:07Z" | ||
| } | ||
| } |
38 changes: 38 additions & 0 deletions
38
advisories/unreviewed/2024/11/GHSA-3hm8-gfcv-xw4r/GHSA-3hm8-gfcv-xw4r.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-3hm8-gfcv-xw4r", | ||
| "modified": "2024-11-17T00:30:41Z", | ||
| "published": "2024-11-17T00:30:41Z", | ||
| "aliases": [ | ||
| "CVE-2024-52400" | ||
| ], | ||
| "details": "Unrestricted Upload of File with Dangerous Type vulnerability in Subhasis Laha Gallerio allows Upload a Web Shell to a Web Server.This issue affects Gallerio: from n/a through 1.01.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" | ||
| } | ||
| ], | ||
| "affected": [ | ||
|
|
||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52400" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://patchstack.com/database/vulnerability/gallerio/wordpress-gallerio-plugin-1-01-arbitrary-file-upload-vulnerability?_s_id=cve" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-434" | ||
| ], | ||
| "severity": "CRITICAL", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-11-16T22:15:05Z" | ||
| } | ||
| } |
38 changes: 38 additions & 0 deletions
38
advisories/unreviewed/2024/11/GHSA-6jfp-6gwv-4mrw/GHSA-6jfp-6gwv-4mrw.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-6jfp-6gwv-4mrw", | ||
| "modified": "2024-11-17T00:30:40Z", | ||
| "published": "2024-11-17T00:30:40Z", | ||
| "aliases": [ | ||
| "CVE-2024-52386" | ||
| ], | ||
| "details": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Business Directory Team by RadiusTheme Classified Listing classified-listing allows PHP Local File Inclusion.This issue affects Classified Listing: from n/a through 3.1.15.1.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" | ||
| } | ||
| ], | ||
| "affected": [ | ||
|
|
||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52386" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://patchstack.com/database/vulnerability/classified-listing/wordpress-classified-listing-plugin-3-1-15-1-local-file-inclusion-vulnerability?_s_id=cve" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-98" | ||
| ], | ||
| "severity": "MODERATE", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-11-16T22:15:03Z" | ||
| } | ||
| } |
38 changes: 38 additions & 0 deletions
38
advisories/unreviewed/2024/11/GHSA-6qjm-g6jp-3fc3/GHSA-6qjm-g6jp-3fc3.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-6qjm-g6jp-3fc3", | ||
| "modified": "2024-11-17T00:30:41Z", | ||
| "published": "2024-11-17T00:30:41Z", | ||
| "aliases": [ | ||
| "CVE-2024-52397" | ||
| ], | ||
| "details": "Unrestricted Upload of File with Dangerous Type vulnerability in Davor Zeljkovic Convert Docx2post allows Upload a Web Shell to a Web Server.This issue affects Convert Docx2post: from n/a through 1.4.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" | ||
| } | ||
| ], | ||
| "affected": [ | ||
|
|
||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52397" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://patchstack.com/database/vulnerability/convert-docx2post/wordpress-convert-docx2post-plugin-1-4-arbitrary-file-upload-vulnerability?_s_id=cve" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-434" | ||
| ], | ||
| "severity": "CRITICAL", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-11-16T23:15:04Z" | ||
| } | ||
| } |
38 changes: 38 additions & 0 deletions
38
advisories/unreviewed/2024/11/GHSA-7jc4-w8g6-3f8v/GHSA-7jc4-w8g6-3f8v.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-7jc4-w8g6-3f8v", | ||
| "modified": "2024-11-17T00:30:41Z", | ||
| "published": "2024-11-17T00:30:41Z", | ||
| "aliases": [ | ||
| "CVE-2024-52406" | ||
| ], | ||
| "details": "Unrestricted Upload of File with Dangerous Type vulnerability in Wibergs Web CSV to html allows Upload a Web Shell to a Web Server.This issue affects CSV to html: from n/a through 3.04.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" | ||
| } | ||
| ], | ||
| "affected": [ | ||
|
|
||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52406" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://patchstack.com/database/vulnerability/csv-to-html/wordpress-csv-to-html-plugin-3-04-arbitrary-file-upload-vulnerability?_s_id=cve" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-434" | ||
| ], | ||
| "severity": "CRITICAL", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-11-16T22:15:06Z" | ||
| } | ||
| } |
38 changes: 38 additions & 0 deletions
38
advisories/unreviewed/2024/11/GHSA-89c2-f3pq-cgrh/GHSA-89c2-f3pq-cgrh.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-89c2-f3pq-cgrh", | ||
| "modified": "2024-11-17T00:30:40Z", | ||
| "published": "2024-11-17T00:30:40Z", | ||
| "aliases": [ | ||
| "CVE-2024-52398" | ||
| ], | ||
| "details": "Unrestricted Upload of File with Dangerous Type vulnerability in Halyra CDI.This issue affects CDI: from n/a through 5.5.3.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" | ||
| } | ||
| ], | ||
| "affected": [ | ||
|
|
||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52398" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://patchstack.com/database/vulnerability/collect-and-deliver-interface-for-woocommerce/wordpress-cdi-plugin-5-5-3-arbitrary-file-upload-vulnerability?_s_id=cve" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-434" | ||
| ], | ||
| "severity": "CRITICAL", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-11-16T22:15:04Z" | ||
| } | ||
| } |
38 changes: 38 additions & 0 deletions
38
advisories/unreviewed/2024/11/GHSA-c787-p47f-ccwq/GHSA-c787-p47f-ccwq.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-c787-p47f-ccwq", | ||
| "modified": "2024-11-17T00:30:41Z", | ||
| "published": "2024-11-17T00:30:41Z", | ||
| "aliases": [ | ||
| "CVE-2024-52409" | ||
| ], | ||
| "details": "Deserialization of Untrusted Data vulnerability in Phan An AJAX Random Posts allows Object Injection.This issue affects AJAX Random Posts: from n/a through 0.3.3.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" | ||
| } | ||
| ], | ||
| "affected": [ | ||
|
|
||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52409" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://patchstack.com/database/vulnerability/ajax-random-posts/wordpress-ajax-random-posts-plugin-0-3-3-php-object-injection-vulnerability?_s_id=cve" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-502" | ||
| ], | ||
| "severity": "CRITICAL", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-11-16T22:15:06Z" | ||
| } | ||
| } |
38 changes: 38 additions & 0 deletions
38
advisories/unreviewed/2024/11/GHSA-frx6-vfvh-wfv7/GHSA-frx6-vfvh-wfv7.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-frx6-vfvh-wfv7", | ||
| "modified": "2024-11-17T00:30:41Z", | ||
| "published": "2024-11-17T00:30:41Z", | ||
| "aliases": [ | ||
| "CVE-2024-52405" | ||
| ], | ||
| "details": "Unrestricted Upload of File with Dangerous Type vulnerability in Bikram Joshi B-Banner Slider allows Upload a Web Shell to a Web Server.This issue affects B-Banner Slider: from n/a through 1.1.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" | ||
| } | ||
| ], | ||
| "affected": [ | ||
|
|
||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52405" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://patchstack.com/database/vulnerability/b-banner-slider/wordpress-b-banner-slider-plugin-1-1-arbitrary-file-upload-vulnerability?_s_id=cve" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-434" | ||
| ], | ||
| "severity": "CRITICAL", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-11-16T22:15:05Z" | ||
| } | ||
| } |
38 changes: 38 additions & 0 deletions
38
advisories/unreviewed/2024/11/GHSA-h9qm-23hq-fwgp/GHSA-h9qm-23hq-fwgp.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-h9qm-23hq-fwgp", | ||
| "modified": "2024-11-17T00:30:41Z", | ||
| "published": "2024-11-17T00:30:41Z", | ||
| "aliases": [ | ||
| "CVE-2024-52410" | ||
| ], | ||
| "details": "Deserialization of Untrusted Data vulnerability in Phoenixheart Referrer Detector allows Object Injection.This issue affects Referrer Detector: from n/a through 4.2.1.0.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" | ||
| } | ||
| ], | ||
| "affected": [ | ||
|
|
||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52410" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://patchstack.com/database/vulnerability/referrer-detector/wordpress-referrer-detector-plugin-4-2-1-0-php-object-injection-vulnerability?_s_id=cve" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-502" | ||
| ], | ||
| "severity": "CRITICAL", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-11-16T22:15:06Z" | ||
| } | ||
| } |
Oops, something went wrong.