diff --git a/advisories/unreviewed/2024/11/GHSA-2592-p5m4-vcrw/GHSA-2592-p5m4-vcrw.json b/advisories/unreviewed/2024/11/GHSA-2592-p5m4-vcrw/GHSA-2592-p5m4-vcrw.json new file mode 100644 index 0000000000000..1a12520f2cb17 --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-2592-p5m4-vcrw/GHSA-2592-p5m4-vcrw.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-2592-p5m4-vcrw", + "modified": "2024-11-17T00:30:41Z", + "published": "2024-11-17T00:30:41Z", + "aliases": [ + "CVE-2024-52408" + ], + "details": "Unrestricted Upload of File with Dangerous Type vulnerability in Team PushAssist Push Notifications for WordPress by PushAssist allows Upload a Web Shell to a Web Server.This issue affects Push Notifications for WordPress by PushAssist: from n/a through 3.0.8.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52408" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/push-notification-for-wp-by-pushassist/wordpress-push-notifications-for-wordpress-by-pushassist-plugin-3-0-8-arbitrary-file-upload-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-434" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-16T22:15:06Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-2v7h-rhjc-hq44/GHSA-2v7h-rhjc-hq44.json b/advisories/unreviewed/2024/11/GHSA-2v7h-rhjc-hq44/GHSA-2v7h-rhjc-hq44.json new file mode 100644 index 0000000000000..d09d56ad8389a --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-2v7h-rhjc-hq44/GHSA-2v7h-rhjc-hq44.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-2v7h-rhjc-hq44", + "modified": "2024-11-17T00:30:41Z", + "published": "2024-11-17T00:30:41Z", + "aliases": [ + "CVE-2024-52415" + ], + "details": "Cross-Site Request Forgery (CSRF) vulnerability in Skpstorm SK WP Settings Backup allows Object Injection.This issue affects SK WP Settings Backup: from n/a through 1.0.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52415" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/sk-wp-settings-backup/wordpress-sk-wp-settings-backup-plugin-1-0-csrf-to-php-object-injection-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-352" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-16T22:15:07Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-3hm8-gfcv-xw4r/GHSA-3hm8-gfcv-xw4r.json b/advisories/unreviewed/2024/11/GHSA-3hm8-gfcv-xw4r/GHSA-3hm8-gfcv-xw4r.json new file mode 100644 index 0000000000000..f68621b3228fe --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-3hm8-gfcv-xw4r/GHSA-3hm8-gfcv-xw4r.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-3hm8-gfcv-xw4r", + "modified": "2024-11-17T00:30:41Z", + "published": "2024-11-17T00:30:41Z", + "aliases": [ + "CVE-2024-52400" + ], + "details": "Unrestricted Upload of File with Dangerous Type vulnerability in Subhasis Laha Gallerio allows Upload a Web Shell to a Web Server.This issue affects Gallerio: from n/a through 1.01.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52400" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/gallerio/wordpress-gallerio-plugin-1-01-arbitrary-file-upload-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-434" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-16T22:15:05Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-6jfp-6gwv-4mrw/GHSA-6jfp-6gwv-4mrw.json b/advisories/unreviewed/2024/11/GHSA-6jfp-6gwv-4mrw/GHSA-6jfp-6gwv-4mrw.json new file mode 100644 index 0000000000000..56bd8bb5ef28f --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-6jfp-6gwv-4mrw/GHSA-6jfp-6gwv-4mrw.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-6jfp-6gwv-4mrw", + "modified": "2024-11-17T00:30:40Z", + "published": "2024-11-17T00:30:40Z", + "aliases": [ + "CVE-2024-52386" + ], + "details": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Business Directory Team by RadiusTheme Classified Listing classified-listing allows PHP Local File Inclusion.This issue affects Classified Listing: from n/a through 3.1.15.1.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52386" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/classified-listing/wordpress-classified-listing-plugin-3-1-15-1-local-file-inclusion-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-98" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-16T22:15:03Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-6qjm-g6jp-3fc3/GHSA-6qjm-g6jp-3fc3.json b/advisories/unreviewed/2024/11/GHSA-6qjm-g6jp-3fc3/GHSA-6qjm-g6jp-3fc3.json new file mode 100644 index 0000000000000..46a9a48549e4b --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-6qjm-g6jp-3fc3/GHSA-6qjm-g6jp-3fc3.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-6qjm-g6jp-3fc3", + "modified": "2024-11-17T00:30:41Z", + "published": "2024-11-17T00:30:41Z", + "aliases": [ + "CVE-2024-52397" + ], + "details": "Unrestricted Upload of File with Dangerous Type vulnerability in Davor Zeljkovic Convert Docx2post allows Upload a Web Shell to a Web Server.This issue affects Convert Docx2post: from n/a through 1.4.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52397" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/convert-docx2post/wordpress-convert-docx2post-plugin-1-4-arbitrary-file-upload-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-434" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-16T23:15:04Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-7jc4-w8g6-3f8v/GHSA-7jc4-w8g6-3f8v.json b/advisories/unreviewed/2024/11/GHSA-7jc4-w8g6-3f8v/GHSA-7jc4-w8g6-3f8v.json new file mode 100644 index 0000000000000..323996bff56ba --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-7jc4-w8g6-3f8v/GHSA-7jc4-w8g6-3f8v.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-7jc4-w8g6-3f8v", + "modified": "2024-11-17T00:30:41Z", + "published": "2024-11-17T00:30:41Z", + "aliases": [ + "CVE-2024-52406" + ], + "details": "Unrestricted Upload of File with Dangerous Type vulnerability in Wibergs Web CSV to html allows Upload a Web Shell to a Web Server.This issue affects CSV to html: from n/a through 3.04.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52406" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/csv-to-html/wordpress-csv-to-html-plugin-3-04-arbitrary-file-upload-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-434" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-16T22:15:06Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-89c2-f3pq-cgrh/GHSA-89c2-f3pq-cgrh.json b/advisories/unreviewed/2024/11/GHSA-89c2-f3pq-cgrh/GHSA-89c2-f3pq-cgrh.json new file mode 100644 index 0000000000000..20a0c4fdcd0c8 --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-89c2-f3pq-cgrh/GHSA-89c2-f3pq-cgrh.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-89c2-f3pq-cgrh", + "modified": "2024-11-17T00:30:40Z", + "published": "2024-11-17T00:30:40Z", + "aliases": [ + "CVE-2024-52398" + ], + "details": "Unrestricted Upload of File with Dangerous Type vulnerability in Halyra CDI.This issue affects CDI: from n/a through 5.5.3.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52398" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/collect-and-deliver-interface-for-woocommerce/wordpress-cdi-plugin-5-5-3-arbitrary-file-upload-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-434" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-16T22:15:04Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-c787-p47f-ccwq/GHSA-c787-p47f-ccwq.json b/advisories/unreviewed/2024/11/GHSA-c787-p47f-ccwq/GHSA-c787-p47f-ccwq.json new file mode 100644 index 0000000000000..4d3dcd73f794b --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-c787-p47f-ccwq/GHSA-c787-p47f-ccwq.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-c787-p47f-ccwq", + "modified": "2024-11-17T00:30:41Z", + "published": "2024-11-17T00:30:41Z", + "aliases": [ + "CVE-2024-52409" + ], + "details": "Deserialization of Untrusted Data vulnerability in Phan An AJAX Random Posts allows Object Injection.This issue affects AJAX Random Posts: from n/a through 0.3.3.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52409" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/ajax-random-posts/wordpress-ajax-random-posts-plugin-0-3-3-php-object-injection-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-502" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-16T22:15:06Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-frx6-vfvh-wfv7/GHSA-frx6-vfvh-wfv7.json b/advisories/unreviewed/2024/11/GHSA-frx6-vfvh-wfv7/GHSA-frx6-vfvh-wfv7.json new file mode 100644 index 0000000000000..b2db710330a20 --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-frx6-vfvh-wfv7/GHSA-frx6-vfvh-wfv7.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-frx6-vfvh-wfv7", + "modified": "2024-11-17T00:30:41Z", + "published": "2024-11-17T00:30:41Z", + "aliases": [ + "CVE-2024-52405" + ], + "details": "Unrestricted Upload of File with Dangerous Type vulnerability in Bikram Joshi B-Banner Slider allows Upload a Web Shell to a Web Server.This issue affects B-Banner Slider: from n/a through 1.1.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52405" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/b-banner-slider/wordpress-b-banner-slider-plugin-1-1-arbitrary-file-upload-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-434" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-16T22:15:05Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-h9qm-23hq-fwgp/GHSA-h9qm-23hq-fwgp.json b/advisories/unreviewed/2024/11/GHSA-h9qm-23hq-fwgp/GHSA-h9qm-23hq-fwgp.json new file mode 100644 index 0000000000000..208e96e8f50d7 --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-h9qm-23hq-fwgp/GHSA-h9qm-23hq-fwgp.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-h9qm-23hq-fwgp", + "modified": "2024-11-17T00:30:41Z", + "published": "2024-11-17T00:30:41Z", + "aliases": [ + "CVE-2024-52410" + ], + "details": "Deserialization of Untrusted Data vulnerability in Phoenixheart Referrer Detector allows Object Injection.This issue affects Referrer Detector: from n/a through 4.2.1.0.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52410" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/referrer-detector/wordpress-referrer-detector-plugin-4-2-1-0-php-object-injection-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-502" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-16T22:15:06Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-hg57-gjx2-c4mf/GHSA-hg57-gjx2-c4mf.json b/advisories/unreviewed/2024/11/GHSA-hg57-gjx2-c4mf/GHSA-hg57-gjx2-c4mf.json new file mode 100644 index 0000000000000..e4d494a4e29c0 --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-hg57-gjx2-c4mf/GHSA-hg57-gjx2-c4mf.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-hg57-gjx2-c4mf", + "modified": "2024-11-17T00:30:41Z", + "published": "2024-11-17T00:30:41Z", + "aliases": [ + "CVE-2024-52416" + ], + "details": "Missing Authorization vulnerability in Eugen Bobrowski Debug Tool allows Upload a Web Shell to a Web Server.This issue affects Debug Tool: from n/a through 2.2.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52416" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/debug-tool/wordpress-debug-tool-plugin-2-2-remote-code-execution-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-16T22:15:08Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-j3ww-w8f6-35rx/GHSA-j3ww-w8f6-35rx.json b/advisories/unreviewed/2024/11/GHSA-j3ww-w8f6-35rx/GHSA-j3ww-w8f6-35rx.json new file mode 100644 index 0000000000000..a850c68560547 --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-j3ww-w8f6-35rx/GHSA-j3ww-w8f6-35rx.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-j3ww-w8f6-35rx", + "modified": "2024-11-17T00:30:41Z", + "published": "2024-11-17T00:30:40Z", + "aliases": [ + "CVE-2024-52404" + ], + "details": "Unrestricted Upload of File with Dangerous Type vulnerability in Bigfive CF7 Reply Manager.This issue affects CF7 Reply Manager: from n/a through 1.2.3.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52404" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/cf7-reply-manager/wordpress-cf7-reply-manager-plugin-1-2-3-arbitrary-file-upload-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-434" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-16T22:15:05Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-jrc3-j3vj-52mx/GHSA-jrc3-j3vj-52mx.json b/advisories/unreviewed/2024/11/GHSA-jrc3-j3vj-52mx/GHSA-jrc3-j3vj-52mx.json new file mode 100644 index 0000000000000..4bd4bb3a470a5 --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-jrc3-j3vj-52mx/GHSA-jrc3-j3vj-52mx.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-jrc3-j3vj-52mx", + "modified": "2024-11-17T00:30:41Z", + "published": "2024-11-17T00:30:41Z", + "aliases": [ + "CVE-2024-52412" + ], + "details": "Deserialization of Untrusted Data vulnerability in Stephen Cui Xin allows Object Injection.This issue affects Xin: from n/a through 1.0.8.1.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52412" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/xin/wordpress-xin-theme-1-0-8-1-php-object-injection-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-502" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-16T22:15:07Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-mhmv-qr4x-4qpx/GHSA-mhmv-qr4x-4qpx.json b/advisories/unreviewed/2024/11/GHSA-mhmv-qr4x-4qpx/GHSA-mhmv-qr4x-4qpx.json new file mode 100644 index 0000000000000..0ed80753004cc --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-mhmv-qr4x-4qpx/GHSA-mhmv-qr4x-4qpx.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-mhmv-qr4x-4qpx", + "modified": "2024-11-17T00:30:41Z", + "published": "2024-11-17T00:30:41Z", + "aliases": [ + "CVE-2024-52407" + ], + "details": "Unrestricted Upload of File with Dangerous Type vulnerability in codeSavory BasePress Migration Tools allows Upload a Web Shell to a Web Server.This issue affects BasePress Migration Tools: from n/a through 1.0.0.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52407" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/basepress-migration-tools/wordpress-basepress-migration-tools-plugin-1-0-0-arbitrary-file-upload-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-434" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-16T22:15:06Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-mx6h-x8qg-mcrr/GHSA-mx6h-x8qg-mcrr.json b/advisories/unreviewed/2024/11/GHSA-mx6h-x8qg-mcrr/GHSA-mx6h-x8qg-mcrr.json new file mode 100644 index 0000000000000..c40f8a3858044 --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-mx6h-x8qg-mcrr/GHSA-mx6h-x8qg-mcrr.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-mx6h-x8qg-mcrr", + "modified": "2024-11-17T00:30:41Z", + "published": "2024-11-17T00:30:40Z", + "aliases": [ + "CVE-2024-52403" + ], + "details": "Unrestricted Upload of File with Dangerous Type vulnerability in WPExperts User Management allows Upload a Web Shell to a Web Server.This issue affects User Management: from n/a through 1.1.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52403" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/user-management/wordpress-user-management-plugin-1-1-arbitrary-file-upload-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-434" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-16T22:15:05Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-pw66-2xmf-22rc/GHSA-pw66-2xmf-22rc.json b/advisories/unreviewed/2024/11/GHSA-pw66-2xmf-22rc/GHSA-pw66-2xmf-22rc.json new file mode 100644 index 0000000000000..64b87070940a3 --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-pw66-2xmf-22rc/GHSA-pw66-2xmf-22rc.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pw66-2xmf-22rc", + "modified": "2024-11-17T00:30:41Z", + "published": "2024-11-17T00:30:41Z", + "aliases": [ + "CVE-2024-52414" + ], + "details": "Deserialization of Untrusted Data vulnerability in Anthony Carbon WDES Responsive Mobile Menu allows Object Injection.This issue affects WDES Responsive Mobile Menu: from n/a through 5.3.18.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52414" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/wdes-responsive-mobile-menu/wordpress-wdes-responsive-mobile-menu-plugin-5-3-18-php-object-injection-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-502" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-16T22:15:07Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-qr3c-782g-2642/GHSA-qr3c-782g-2642.json b/advisories/unreviewed/2024/11/GHSA-qr3c-782g-2642/GHSA-qr3c-782g-2642.json new file mode 100644 index 0000000000000..530d3841be18a --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-qr3c-782g-2642/GHSA-qr3c-782g-2642.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qr3c-782g-2642", + "modified": "2024-11-17T00:30:41Z", + "published": "2024-11-17T00:30:41Z", + "aliases": [ + "CVE-2024-52411" + ], + "details": "Deserialization of Untrusted Data vulnerability in Flowcraft UX Design Studio Advanced Personalization allows Object Injection.This issue affects Advanced Personalization: from n/a through 1.1.2.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52411" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/personalization-by-flowcraft/wordpress-advanced-personalization-plugin-1-1-2-php-object-injection-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-502" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-16T22:15:07Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-qvmg-rp5m-rgw8/GHSA-qvmg-rp5m-rgw8.json b/advisories/unreviewed/2024/11/GHSA-qvmg-rp5m-rgw8/GHSA-qvmg-rp5m-rgw8.json new file mode 100644 index 0000000000000..8aee2ef53087f --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-qvmg-rp5m-rgw8/GHSA-qvmg-rp5m-rgw8.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qvmg-rp5m-rgw8", + "modified": "2024-11-17T00:30:40Z", + "published": "2024-11-17T00:30:40Z", + "aliases": [ + "CVE-2024-52399" + ], + "details": "Unrestricted Upload of File with Dangerous Type vulnerability in Clarisse K. Writer Helper allows Upload a Web Shell to a Web Server.This issue affects Writer Helper: from n/a through 3.1.6.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52399" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/writer-helper/wordpress-writer-helper-plugin-3-1-6-arbitrary-file-upload-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-434" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-16T22:15:04Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-v437-gx8j-fg2c/GHSA-v437-gx8j-fg2c.json b/advisories/unreviewed/2024/11/GHSA-v437-gx8j-fg2c/GHSA-v437-gx8j-fg2c.json new file mode 100644 index 0000000000000..7bd48118ee98c --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-v437-gx8j-fg2c/GHSA-v437-gx8j-fg2c.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-v437-gx8j-fg2c", + "modified": "2024-11-17T00:30:41Z", + "published": "2024-11-17T00:30:41Z", + "aliases": [ + "CVE-2024-52413" + ], + "details": "Deserialization of Untrusted Data vulnerability in DMC Airin Blog allows Object Injection.This issue affects Airin Blog: from n/a through 1.6.1.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52413" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/airin-blog/wordpress-airin-blog-theme-1-6-1-php-object-injection-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-502" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-16T22:15:07Z" + } +} \ No newline at end of file