diff --git a/advisories/unreviewed/2024/11/GHSA-2m2h-p645-jchp/GHSA-2m2h-p645-jchp.json b/advisories/unreviewed/2024/11/GHSA-2m2h-p645-jchp/GHSA-2m2h-p645-jchp.json new file mode 100644 index 0000000000000..e669eaf46bb2e --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-2m2h-p645-jchp/GHSA-2m2h-p645-jchp.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-2m2h-p645-jchp", + "modified": "2024-11-09T15:32:34Z", + "published": "2024-11-09T15:32:34Z", + "aliases": [ + "CVE-2024-51618" + ], + "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in DuoGeek Custom Admin Menu allows Stored XSS.This issue affects Custom Admin Menu: from n/a through 1.0.0.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51618" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/custom-admin-menu/wordpress-custom-admin-menu-plugin-1-0-0-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-09T14:15:15Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-2rw3-qjj7-c6qf/GHSA-2rw3-qjj7-c6qf.json b/advisories/unreviewed/2024/11/GHSA-2rw3-qjj7-c6qf/GHSA-2rw3-qjj7-c6qf.json new file mode 100644 index 0000000000000..a0094eb8dae5f --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-2rw3-qjj7-c6qf/GHSA-2rw3-qjj7-c6qf.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-2rw3-qjj7-c6qf", + "modified": "2024-11-09T15:32:34Z", + "published": "2024-11-09T15:32:34Z", + "aliases": [ + "CVE-2024-51704" + ], + "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hanusek imPress allows Reflected XSS.This issue affects imPress: from n/a through 0.1.4.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51704" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/wp-js-impress/wordpress-impress-plugin-0-1-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-09T13:15:09Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-3724-jcfq-mvfc/GHSA-3724-jcfq-mvfc.json b/advisories/unreviewed/2024/11/GHSA-3724-jcfq-mvfc/GHSA-3724-jcfq-mvfc.json new file mode 100644 index 0000000000000..6bfe123ab7b30 --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-3724-jcfq-mvfc/GHSA-3724-jcfq-mvfc.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-3724-jcfq-mvfc", + "modified": "2024-11-09T15:32:34Z", + "published": "2024-11-09T15:32:34Z", + "aliases": [ + "CVE-2024-51611" + ], + "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Miguel Peixe WP Feature Box allows Stored XSS.This issue affects WP Feature Box: from n/a through 0.1.3.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51611" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/wp-feature-box/wordpress-wp-feature-box-plugin-0-1-3-stored-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-09T14:15:14Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-3jc7-4mrh-p737/GHSA-3jc7-4mrh-p737.json b/advisories/unreviewed/2024/11/GHSA-3jc7-4mrh-p737/GHSA-3jc7-4mrh-p737.json new file mode 100644 index 0000000000000..5a3a024717ba8 --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-3jc7-4mrh-p737/GHSA-3jc7-4mrh-p737.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-3jc7-4mrh-p737", + "modified": "2024-11-09T15:32:34Z", + "published": "2024-11-09T15:32:34Z", + "aliases": [ + "CVE-2024-51587" + ], + "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Softfirm Definitive Addons for Elementor allows Stored XSS.This issue affects Definitive Addons for Elementor: from n/a through 1.5.16.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51587" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/definitive-addons-for-elementor/wordpress-definitive-addons-for-elementor-plugin-1-5-16-stored-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-09T15:15:04Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-3qm5-69j8-vpx9/GHSA-3qm5-69j8-vpx9.json b/advisories/unreviewed/2024/11/GHSA-3qm5-69j8-vpx9/GHSA-3qm5-69j8-vpx9.json new file mode 100644 index 0000000000000..87bf8bc870022 --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-3qm5-69j8-vpx9/GHSA-3qm5-69j8-vpx9.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-3qm5-69j8-vpx9", + "modified": "2024-11-09T15:32:34Z", + "published": "2024-11-09T15:32:34Z", + "aliases": [ + "CVE-2024-51698" + ], + "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Luis Rock Master Bar allows Reflected XSS.This issue affects Master Bar: from n/a through 1.0.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51698" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/master-bar/wordpress-master-bar-plugin-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-09T13:15:08Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-4247-fw2x-jv5v/GHSA-4247-fw2x-jv5v.json b/advisories/unreviewed/2024/11/GHSA-4247-fw2x-jv5v/GHSA-4247-fw2x-jv5v.json new file mode 100644 index 0000000000000..da06809fd0b52 --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-4247-fw2x-jv5v/GHSA-4247-fw2x-jv5v.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-4247-fw2x-jv5v", + "modified": "2024-11-09T15:32:34Z", + "published": "2024-11-09T15:32:34Z", + "aliases": [ + "CVE-2024-51629" + ], + "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MetricThemes Header Footer Composer for Elementor allows DOM-Based XSS.This issue affects Header Footer Composer for Elementor: from n/a through 1.0.4.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51629" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/header-footer-composer/wordpress-header-footer-composer-for-elementor-plugin-1-0-4-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-09T14:15:16Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-448h-w6gr-56f4/GHSA-448h-w6gr-56f4.json b/advisories/unreviewed/2024/11/GHSA-448h-w6gr-56f4/GHSA-448h-w6gr-56f4.json new file mode 100644 index 0000000000000..5aeebc8b5e553 --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-448h-w6gr-56f4/GHSA-448h-w6gr-56f4.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-448h-w6gr-56f4", + "modified": "2024-11-09T15:32:34Z", + "published": "2024-11-09T15:32:34Z", + "aliases": [ + "CVE-2024-51612" + ], + "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ken Charity Reftagger Shortcode allows Stored XSS.This issue affects Reftagger Shortcode: from n/a through 1.1.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51612" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/reftagger-shortcode/wordpress-reftagger-shortcode-plugin-1-1-stored-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-09T14:15:14Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-4625-58qr-4wp5/GHSA-4625-58qr-4wp5.json b/advisories/unreviewed/2024/11/GHSA-4625-58qr-4wp5/GHSA-4625-58qr-4wp5.json new file mode 100644 index 0000000000000..e825982c92603 --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-4625-58qr-4wp5/GHSA-4625-58qr-4wp5.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-4625-58qr-4wp5", + "modified": "2024-11-09T15:32:34Z", + "published": "2024-11-09T15:32:34Z", + "aliases": [ + "CVE-2024-51695" + ], + "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Fabrica Fabrica Synced Pattern Instances allows Reflected XSS.This issue affects Fabrica Synced Pattern Instances: from n/a through 1.0.8.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51695" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/fabrica-reusable-block-instances/wordpress-fabrica-synced-pattern-instances-plugin-1-0-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-09T13:15:07Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-4998-4cwm-v6xh/GHSA-4998-4cwm-v6xh.json b/advisories/unreviewed/2024/11/GHSA-4998-4cwm-v6xh/GHSA-4998-4cwm-v6xh.json new file mode 100644 index 0000000000000..b8e76510bdf31 --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-4998-4cwm-v6xh/GHSA-4998-4cwm-v6xh.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-4998-4cwm-v6xh", + "modified": "2024-11-09T15:32:32Z", + "published": "2024-11-09T15:32:32Z", + "aliases": [ + "CVE-2024-51670" + ], + "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Stored XSS.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.8.7.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51670" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/js-support-ticket/wordpress-js-help-desk-plugin-2-8-7-stored-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-09T13:15:05Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-4g8r-fg9v-3p5j/GHSA-4g8r-fg9v-3p5j.json b/advisories/unreviewed/2024/11/GHSA-4g8r-fg9v-3p5j/GHSA-4g8r-fg9v-3p5j.json new file mode 100644 index 0000000000000..7ed67aac51789 --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-4g8r-fg9v-3p5j/GHSA-4g8r-fg9v-3p5j.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-4g8r-fg9v-3p5j", + "modified": "2024-11-09T15:32:34Z", + "published": "2024-11-09T15:32:34Z", + "aliases": [ + "CVE-2024-51591" + ], + "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in wpgrids Slicko allows DOM-Based XSS.This issue affects Slicko: from n/a through 1.2.0.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51591" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/slicko-for-elementor/wordpress-slicko-plugin-1-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-09T15:15:05Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-4gjx-hcpw-gq83/GHSA-4gjx-hcpw-gq83.json b/advisories/unreviewed/2024/11/GHSA-4gjx-hcpw-gq83/GHSA-4gjx-hcpw-gq83.json new file mode 100644 index 0000000000000..abbd038517d75 --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-4gjx-hcpw-gq83/GHSA-4gjx-hcpw-gq83.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-4gjx-hcpw-gq83", + "modified": "2024-11-09T15:32:34Z", + "published": "2024-11-09T15:32:34Z", + "aliases": [ + "CVE-2024-51696" + ], + "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Benjamin Moody Content Syndication Toolkit Reader allows Reflected XSS.This issue affects Content Syndication Toolkit Reader: from n/a through 1.5.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51696" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/content-syndication-toolkit-reader/wordpress-content-syndication-toolkit-reader-plugin-1-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-09T13:15:07Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-4hrq-p7j8-6hjp/GHSA-4hrq-p7j8-6hjp.json b/advisories/unreviewed/2024/11/GHSA-4hrq-p7j8-6hjp/GHSA-4hrq-p7j8-6hjp.json new file mode 100644 index 0000000000000..b811d82525230 --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-4hrq-p7j8-6hjp/GHSA-4hrq-p7j8-6hjp.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-4hrq-p7j8-6hjp", + "modified": "2024-11-09T15:32:35Z", + "published": "2024-11-09T15:32:34Z", + "aliases": [ + "CVE-2024-51596" + ], + "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Nilesh Shiragave Business allows Stored XSS.This issue affects Business: from n/a through 1.3.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51596" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/business/wordpress-business-plugin-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-09T15:15:06Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-5622-hmc9-88x4/GHSA-5622-hmc9-88x4.json b/advisories/unreviewed/2024/11/GHSA-5622-hmc9-88x4/GHSA-5622-hmc9-88x4.json new file mode 100644 index 0000000000000..c165ae4019e37 --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-5622-hmc9-88x4/GHSA-5622-hmc9-88x4.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-5622-hmc9-88x4", + "modified": "2024-11-09T15:32:34Z", + "published": "2024-11-09T15:32:34Z", + "aliases": [ + "CVE-2024-51590" + ], + "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hoosoft Hoo Addons for Elementor allows DOM-Based XSS.This issue affects Hoo Addons for Elementor: from n/a through 1.0.6.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51590" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/hoo-addons-for-elementor/wordpress-hoo-addons-for-elementor-plugin-1-0-6-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-09T15:15:05Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-5cgm-wxw9-r22r/GHSA-5cgm-wxw9-r22r.json b/advisories/unreviewed/2024/11/GHSA-5cgm-wxw9-r22r/GHSA-5cgm-wxw9-r22r.json new file mode 100644 index 0000000000000..1f3fa306cb194 --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-5cgm-wxw9-r22r/GHSA-5cgm-wxw9-r22r.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-5cgm-wxw9-r22r", + "modified": "2024-11-09T15:32:34Z", + "published": "2024-11-09T15:32:34Z", + "aliases": [ + "CVE-2024-51628" + ], + "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in EzyOnlineBookings EzyOnlineBookings Online Booking System Widget allows DOM-Based XSS.This issue affects EzyOnlineBookings Online Booking System Widget: from n/a through 1.3.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51628" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/ezyonlinebookings-online-booking-system/wordpress-ezyonlinebookings-online-booking-system-widget-plugin-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-09T14:15:16Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-5gc8-82w7-wq2h/GHSA-5gc8-82w7-wq2h.json b/advisories/unreviewed/2024/11/GHSA-5gc8-82w7-wq2h/GHSA-5gc8-82w7-wq2h.json new file mode 100644 index 0000000000000..06b4abff11c96 --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-5gc8-82w7-wq2h/GHSA-5gc8-82w7-wq2h.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-5gc8-82w7-wq2h", + "modified": "2024-11-09T15:32:34Z", + "published": "2024-11-09T15:32:34Z", + "aliases": [ + "CVE-2024-51697" + ], + "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Doofinder allows Reflected XSS.This issue affects Doofinder: from n/a through 0.5.4.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51697" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/doofinder/wordpress-doofinder-plugin-0-5-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-09T13:15:08Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-5hcr-9cwg-vqc7/GHSA-5hcr-9cwg-vqc7.json b/advisories/unreviewed/2024/11/GHSA-5hcr-9cwg-vqc7/GHSA-5hcr-9cwg-vqc7.json new file mode 100644 index 0000000000000..b2a4709a4640f --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-5hcr-9cwg-vqc7/GHSA-5hcr-9cwg-vqc7.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-5hcr-9cwg-vqc7", + "modified": "2024-11-09T15:32:33Z", + "published": "2024-11-09T15:32:33Z", + "aliases": [ + "CVE-2024-51675" + ], + "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in aThemes aThemes Addons for Elementor allows DOM-Based XSS.This issue affects aThemes Addons for Elementor: from n/a through 1.0.7.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51675" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/athemes-addons-for-elementor-lite/wordpress-athemes-addons-for-elementor-plugin-1-0-7-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-09T13:15:05Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-5p29-g497-44v2/GHSA-5p29-g497-44v2.json b/advisories/unreviewed/2024/11/GHSA-5p29-g497-44v2/GHSA-5p29-g497-44v2.json new file mode 100644 index 0000000000000..6c6962398dfd0 --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-5p29-g497-44v2/GHSA-5p29-g497-44v2.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-5p29-g497-44v2", + "modified": "2024-11-09T15:32:35Z", + "published": "2024-11-09T15:32:34Z", + "aliases": [ + "CVE-2024-51595" + ], + "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in sksdev SKSDEV Toolkit allows Stored XSS.This issue affects SKSDEV Toolkit: from n/a through 1.0.0.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51595" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/sksdev-toolkit/wordpress-sksdev-toolkit-plugin-1-0-0-stored-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-09T15:15:06Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-652w-6p8v-f5h6/GHSA-652w-6p8v-f5h6.json b/advisories/unreviewed/2024/11/GHSA-652w-6p8v-f5h6/GHSA-652w-6p8v-f5h6.json new file mode 100644 index 0000000000000..728fb8ca8a45a --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-652w-6p8v-f5h6/GHSA-652w-6p8v-f5h6.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-652w-6p8v-f5h6", + "modified": "2024-11-09T15:32:34Z", + "published": "2024-11-09T15:32:34Z", + "aliases": [ + "CVE-2024-51664" + ], + "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mark Kinchin Beds24 Online Booking allows Stored XSS.This issue affects Beds24 Online Booking: from n/a through 2.0.25.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51664" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/beds24-online-booking/wordpress-beds24-online-booking-plugin-2-0-25-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-09T14:15:18Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-6cfj-gp7c-g2p3/GHSA-6cfj-gp7c-g2p3.json b/advisories/unreviewed/2024/11/GHSA-6cfj-gp7c-g2p3/GHSA-6cfj-gp7c-g2p3.json new file mode 100644 index 0000000000000..fd94706190b78 --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-6cfj-gp7c-g2p3/GHSA-6cfj-gp7c-g2p3.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-6cfj-gp7c-g2p3", + "modified": "2024-11-09T15:32:34Z", + "published": "2024-11-09T15:32:34Z", + "aliases": [ + "CVE-2024-51663" + ], + "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bricksable Bricksable for Bricks Builder allows Stored XSS.This issue affects Bricksable for Bricks Builder: from n/a through 1.6.59.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51663" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/bricksable/wordpress-bricksable-for-bricks-builder-plugin-1-6-59-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-09T14:15:17Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-7cc9-rcr5-q73m/GHSA-7cc9-rcr5-q73m.json b/advisories/unreviewed/2024/11/GHSA-7cc9-rcr5-q73m/GHSA-7cc9-rcr5-q73m.json new file mode 100644 index 0000000000000..f05fc235aea9b --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-7cc9-rcr5-q73m/GHSA-7cc9-rcr5-q73m.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-7cc9-rcr5-q73m", + "modified": "2024-11-09T15:32:34Z", + "published": "2024-11-09T15:32:34Z", + "aliases": [ + "CVE-2024-51627" + ], + "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kaedinger Audio Comparison Lite audio-comparison-lite allows Stored XSS.This issue affects Audio Comparison Lite: from n/a through 3.4.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51627" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/audio-comparison-lite/wordpress-audio-comparison-lite-plugin-3-1-stored-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-09T14:15:16Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-7g33-m67p-83j3/GHSA-7g33-m67p-83j3.json b/advisories/unreviewed/2024/11/GHSA-7g33-m67p-83j3/GHSA-7g33-m67p-83j3.json new file mode 100644 index 0000000000000..9d175df096b39 --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-7g33-m67p-83j3/GHSA-7g33-m67p-83j3.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-7g33-m67p-83j3", + "modified": "2024-11-09T15:32:34Z", + "published": "2024-11-09T15:32:34Z", + "aliases": [ + "CVE-2024-51694" + ], + "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Digfish Geotagged Media allows Reflected XSS.This issue affects Geotagged Media: from n/a through 0.3.0.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51694" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/geotagged-media/wordpress-geotagged-media-plugin-0-3-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-09T13:15:07Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-7g89-m9rf-gw7c/GHSA-7g89-m9rf-gw7c.json b/advisories/unreviewed/2024/11/GHSA-7g89-m9rf-gw7c/GHSA-7g89-m9rf-gw7c.json new file mode 100644 index 0000000000000..a7efa6f24d8c1 --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-7g89-m9rf-gw7c/GHSA-7g89-m9rf-gw7c.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-7g89-m9rf-gw7c", + "modified": "2024-11-09T15:32:34Z", + "published": "2024-11-09T15:32:34Z", + "aliases": [ + "CVE-2024-51630" + ], + "details": "Cross-Site Request Forgery (CSRF) vulnerability in Lars Schenk Responsive Flickr Gallery allows Stored XSS.This issue affects Responsive Flickr Gallery: from n/a through 1.3.1.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51630" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/responsive-flickr-gallery/wordpress-responsive-flickr-gallery-plugin-1-3-1-csrf-to-stored-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-352" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-09T14:15:17Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-822r-5337-562q/GHSA-822r-5337-562q.json b/advisories/unreviewed/2024/11/GHSA-822r-5337-562q/GHSA-822r-5337-562q.json new file mode 100644 index 0000000000000..b703475d77f5c --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-822r-5337-562q/GHSA-822r-5337-562q.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-822r-5337-562q", + "modified": "2024-11-09T15:32:34Z", + "published": "2024-11-09T15:32:34Z", + "aliases": [ + "CVE-2024-51593" + ], + "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Glopium Studio Курс валют UAH allows Stored XSS.This issue affects Курс валют UAH: from n/a through 2.0.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51593" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/ukrainian-currency/wordpress-kurs-valyut-uah-plugin-2-0-stored-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-09T15:15:06Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-825p-34rq-g4h6/GHSA-825p-34rq-g4h6.json b/advisories/unreviewed/2024/11/GHSA-825p-34rq-g4h6/GHSA-825p-34rq-g4h6.json new file mode 100644 index 0000000000000..9b61251e61cf6 --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-825p-34rq-g4h6/GHSA-825p-34rq-g4h6.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-825p-34rq-g4h6", + "modified": "2024-11-09T15:32:35Z", + "published": "2024-11-09T15:32:35Z", + "aliases": [ + "CVE-2024-51599" + ], + "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Russell Albin Simple Business Manager allows Stored XSS.This issue affects Simple Business Manager: from n/a through 4.6.7.4.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51599" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/simple-business-manager/wordpress-simple-business-manager-plugin-4-6-7-4-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-09T15:15:07Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-89p7-8g57-w97p/GHSA-89p7-8g57-w97p.json b/advisories/unreviewed/2024/11/GHSA-89p7-8g57-w97p/GHSA-89p7-8g57-w97p.json new file mode 100644 index 0000000000000..4bf17da7eeebf --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-89p7-8g57-w97p/GHSA-89p7-8g57-w97p.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-89p7-8g57-w97p", + "modified": "2024-11-09T15:32:34Z", + "published": "2024-11-09T15:32:34Z", + "aliases": [ + "CVE-2024-51614" + ], + "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Aajoda Aajoda Testimonials allows Stored XSS.This issue affects Aajoda Testimonials: from n/a through 2.2.2.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51614" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/aajoda-testimonials/wordpress-aajoda-testimonials-plugin-2-2-2-stored-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-09T14:15:15Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-8h88-9m7w-74qc/GHSA-8h88-9m7w-74qc.json b/advisories/unreviewed/2024/11/GHSA-8h88-9m7w-74qc/GHSA-8h88-9m7w-74qc.json new file mode 100644 index 0000000000000..e86dd35c4dc95 --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-8h88-9m7w-74qc/GHSA-8h88-9m7w-74qc.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-8h88-9m7w-74qc", + "modified": "2024-11-09T15:32:34Z", + "published": "2024-11-09T15:32:34Z", + "aliases": [ + "CVE-2024-51647" + ], + "details": "Cross-Site Request Forgery (CSRF) vulnerability in Chaser324 Featured Posts Scroll allows Stored XSS.This issue affects Featured Posts Scroll: from n/a through 1.25.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51647" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/featured-posts-scroll/wordpress-featured-posts-scroll-plugin-1-25-csrf-to-stored-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-352" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-09T14:15:17Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-9526-7wgv-6xr7/GHSA-9526-7wgv-6xr7.json b/advisories/unreviewed/2024/11/GHSA-9526-7wgv-6xr7/GHSA-9526-7wgv-6xr7.json new file mode 100644 index 0000000000000..46b3fbe0cb942 --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-9526-7wgv-6xr7/GHSA-9526-7wgv-6xr7.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-9526-7wgv-6xr7", + "modified": "2024-11-09T15:32:34Z", + "published": "2024-11-09T15:32:34Z", + "aliases": [ + "CVE-2024-51588" + ], + "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themehat Super Addons for Elementor allows DOM-Based XSS.This issue affects Super Addons for Elementor: from n/a through 1.0.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51588" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/super-addons-for-elementor/wordpress-super-addons-for-elementor-plugin-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-09T15:15:05Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-9595-96v5-9pxp/GHSA-9595-96v5-9pxp.json b/advisories/unreviewed/2024/11/GHSA-9595-96v5-9pxp/GHSA-9595-96v5-9pxp.json new file mode 100644 index 0000000000000..c0bebd98eb27b --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-9595-96v5-9pxp/GHSA-9595-96v5-9pxp.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-9595-96v5-9pxp", + "modified": "2024-11-09T15:32:35Z", + "published": "2024-11-09T15:32:35Z", + "aliases": [ + "CVE-2024-51609" + ], + "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Elsner Technologies Pvt. Ltd. Emoji Shortcode allows Stored XSS.This issue affects Emoji Shortcode: from n/a through 1.0.0.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51609" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/emoji-shortcode/wordpress-emoji-shortcode-plugin-1-0-0-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-09T15:15:08Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-95cq-9p3h-jww2/GHSA-95cq-9p3h-jww2.json b/advisories/unreviewed/2024/11/GHSA-95cq-9p3h-jww2/GHSA-95cq-9p3h-jww2.json new file mode 100644 index 0000000000000..55624745a0428 --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-95cq-9p3h-jww2/GHSA-95cq-9p3h-jww2.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-95cq-9p3h-jww2", + "modified": "2024-11-09T15:32:33Z", + "published": "2024-11-09T15:32:33Z", + "aliases": [ + "CVE-2024-51690" + ], + "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Neelam Samariya Thakor Wp Slide Categorywise allows Reflected XSS.This issue affects Wp Slide Categorywise: from n/a through 1.1.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51690" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/wp-slide-categorywise/wordpress-wp-slide-categorywise-plugin-1-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-09T13:15:06Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-9vm5-wv94-3p76/GHSA-9vm5-wv94-3p76.json b/advisories/unreviewed/2024/11/GHSA-9vm5-wv94-3p76/GHSA-9vm5-wv94-3p76.json new file mode 100644 index 0000000000000..635b12229c8db --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-9vm5-wv94-3p76/GHSA-9vm5-wv94-3p76.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-9vm5-wv94-3p76", + "modified": "2024-11-09T15:32:33Z", + "published": "2024-11-09T15:32:33Z", + "aliases": [ + "CVE-2024-51693" + ], + "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in laboratorio d’Avanguardia Search order by product SKU for WooCommerce allows Reflected XSS.This issue affects Search order by product SKU for WooCommerce: from n/a through 0.2.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51693" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/search-order-by-product-sku-for-woocommerce/wordpress-search-order-by-product-sku-for-woocommerce-plugin-0-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-09T13:15:07Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-9vx3-4968-cg3x/GHSA-9vx3-4968-cg3x.json b/advisories/unreviewed/2024/11/GHSA-9vx3-4968-cg3x/GHSA-9vx3-4968-cg3x.json new file mode 100644 index 0000000000000..7e917c0eaa0f2 --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-9vx3-4968-cg3x/GHSA-9vx3-4968-cg3x.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-9vx3-4968-cg3x", + "modified": "2024-11-09T15:32:35Z", + "published": "2024-11-09T15:32:35Z", + "aliases": [ + "CVE-2024-51605" + ], + "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Genoo, LLC Genoo allows DOM-Based XSS.This issue affects Genoo: from n/a through 6.0.10.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51605" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/genoo/wordpress-genoo-plugin-6-0-10-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-09T15:15:08Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-f4vp-j9wr-r6x3/GHSA-f4vp-j9wr-r6x3.json b/advisories/unreviewed/2024/11/GHSA-f4vp-j9wr-r6x3/GHSA-f4vp-j9wr-r6x3.json new file mode 100644 index 0000000000000..6e96ef13a3925 --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-f4vp-j9wr-r6x3/GHSA-f4vp-j9wr-r6x3.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-f4vp-j9wr-r6x3", + "modified": "2024-11-09T15:32:34Z", + "published": "2024-11-09T15:32:34Z", + "aliases": [ + "CVE-2024-51668" + ], + "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mark Tilly MyCurator Content Curation allows Stored XSS.This issue affects MyCurator Content Curation: from n/a through 3.78.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51668" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/mycurator/wordpress-mycurator-content-curation-plugin-3-78-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-09T14:15:18Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-f757-rgpg-974r/GHSA-f757-rgpg-974r.json b/advisories/unreviewed/2024/11/GHSA-f757-rgpg-974r/GHSA-f757-rgpg-974r.json new file mode 100644 index 0000000000000..06bed19d808a4 --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-f757-rgpg-974r/GHSA-f757-rgpg-974r.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-f757-rgpg-974r", + "modified": "2024-11-09T15:32:33Z", + "published": "2024-11-09T15:32:33Z", + "aliases": [ + "CVE-2024-51674" + ], + "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in TemplatesCoder Sastra Essential Addons for Elementor allows DOM-Based XSS.This issue affects Sastra Essential Addons for Elementor: from n/a through 1.0.5.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51674" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/sastra-essential-addons-for-elementor/wordpress-sastra-essential-addons-for-elementor-plugin-1-0-5-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-09T13:15:05Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-fr65-5v6g-4fcv/GHSA-fr65-5v6g-4fcv.json b/advisories/unreviewed/2024/11/GHSA-fr65-5v6g-4fcv/GHSA-fr65-5v6g-4fcv.json new file mode 100644 index 0000000000000..9f7a13a72c874 --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-fr65-5v6g-4fcv/GHSA-fr65-5v6g-4fcv.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-fr65-5v6g-4fcv", + "modified": "2024-11-09T15:32:35Z", + "published": "2024-11-09T15:32:35Z", + "aliases": [ + "CVE-2024-51598" + ], + "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kendysond Selar.Co Widget allows DOM-Based XSS.This issue affects Selar.Co Widget: from n/a through 1.2.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51598" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/selar-co-widget/wordpress-selar-co-widget-plugin-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-09T15:15:07Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-g2v9-v7xm-g6wm/GHSA-g2v9-v7xm-g6wm.json b/advisories/unreviewed/2024/11/GHSA-g2v9-v7xm-g6wm/GHSA-g2v9-v7xm-g6wm.json new file mode 100644 index 0000000000000..ab7f7930939eb --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-g2v9-v7xm-g6wm/GHSA-g2v9-v7xm-g6wm.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-g2v9-v7xm-g6wm", + "modified": "2024-11-09T15:32:34Z", + "published": "2024-11-09T15:32:34Z", + "aliases": [ + "CVE-2024-51703" + ], + "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Genethick WP-Basics allows Reflected XSS.This issue affects WP-Basics: from n/a through 2.0.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51703" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/wp-basics/wordpress-wp-basics-plugin-2-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-09T13:15:09Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-g8gw-5fvw-mw4j/GHSA-g8gw-5fvw-mw4j.json b/advisories/unreviewed/2024/11/GHSA-g8gw-5fvw-mw4j/GHSA-g8gw-5fvw-mw4j.json new file mode 100644 index 0000000000000..30dd2f87e96a6 --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-g8gw-5fvw-mw4j/GHSA-g8gw-5fvw-mw4j.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-g8gw-5fvw-mw4j", + "modified": "2024-11-09T15:32:34Z", + "published": "2024-11-09T15:32:34Z", + "aliases": [ + "CVE-2024-51586" + ], + "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BRAFT Elementary Addons allows Stored XSS.This issue affects Elementary Addons: from n/a through 2.0.4.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51586" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/elementary-addons/wordpress-elementary-addons-plugin-2-0-4-stored-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-09T15:15:04Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-h2r5-7qqj-7p84/GHSA-h2r5-7qqj-7p84.json b/advisories/unreviewed/2024/11/GHSA-h2r5-7qqj-7p84/GHSA-h2r5-7qqj-7p84.json new file mode 100644 index 0000000000000..18094ecf72467 --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-h2r5-7qqj-7p84/GHSA-h2r5-7qqj-7p84.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-h2r5-7qqj-7p84", + "modified": "2024-11-09T15:32:35Z", + "published": "2024-11-09T15:32:35Z", + "aliases": [ + "CVE-2024-51606" + ], + "details": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Blrt Blrt WP Embed allows SQL Injection.This issue affects Blrt WP Embed: from n/a through 1.6.9.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51606" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/blrt-wp-embed/wordpress-blrt-wp-embed-plugin-1-6-9-sql-injection-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-89" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-09T15:15:08Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-h554-ch49-fmwh/GHSA-h554-ch49-fmwh.json b/advisories/unreviewed/2024/11/GHSA-h554-ch49-fmwh/GHSA-h554-ch49-fmwh.json new file mode 100644 index 0000000000000..520c47650b007 --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-h554-ch49-fmwh/GHSA-h554-ch49-fmwh.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-h554-ch49-fmwh", + "modified": "2024-11-09T15:32:33Z", + "published": "2024-11-09T15:32:33Z", + "aliases": [ + "CVE-2024-51676" + ], + "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Delicious Delisho allows Reflected XSS.This issue affects Delisho: from n/a through 1.0.6.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51676" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/dr-widgets-blocks/wordpress-delisho-plugin-1-0-6-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-09T13:15:05Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-h5pp-286r-62gf/GHSA-h5pp-286r-62gf.json b/advisories/unreviewed/2024/11/GHSA-h5pp-286r-62gf/GHSA-h5pp-286r-62gf.json new file mode 100644 index 0000000000000..b2a03fa1fa567 --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-h5pp-286r-62gf/GHSA-h5pp-286r-62gf.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-h5pp-286r-62gf", + "modified": "2024-11-09T15:32:35Z", + "published": "2024-11-09T15:32:35Z", + "aliases": [ + "CVE-2024-51610" + ], + "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SEO Themes Display Terms Shortcode allows Stored XSS.This issue affects Display Terms Shortcode: from n/a through 1.0.4.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51610" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/display-terms-shortcode/wordpress-display-terms-shortcode-plugin-1-0-4-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-09T15:15:09Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-hwx8-x488-7jww/GHSA-hwx8-x488-7jww.json b/advisories/unreviewed/2024/11/GHSA-hwx8-x488-7jww/GHSA-hwx8-x488-7jww.json new file mode 100644 index 0000000000000..ba854df4da2c5 --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-hwx8-x488-7jww/GHSA-hwx8-x488-7jww.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-hwx8-x488-7jww", + "modified": "2024-11-09T15:32:34Z", + "published": "2024-11-09T15:32:34Z", + "aliases": [ + "CVE-2024-51585" + ], + "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NicheAddons Sales Page Addon – Elementor & Beaver Builder allows Stored XSS.This issue affects Sales Page Addon – Elementor & Beaver Builder: from n/a through 1.4.2.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51585" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/sales-page-addon/wordpress-sales-page-addon-plugin-1-4-2-stored-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-09T15:15:04Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-j2vr-78j4-f882/GHSA-j2vr-78j4-f882.json b/advisories/unreviewed/2024/11/GHSA-j2vr-78j4-f882/GHSA-j2vr-78j4-f882.json new file mode 100644 index 0000000000000..a6b207092d07c --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-j2vr-78j4-f882/GHSA-j2vr-78j4-f882.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-j2vr-78j4-f882", + "modified": "2024-11-09T15:32:35Z", + "published": "2024-11-09T15:32:35Z", + "aliases": [ + "CVE-2024-51604" + ], + "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Carlo Andro Mabugay Media Modal allows DOM-Based XSS.This issue affects Media Modal: from n/a through 1.0.2.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51604" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/media-modal/wordpress-media-modal-plugin-1-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-09T15:15:07Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-jjh7-589h-xm36/GHSA-jjh7-589h-xm36.json b/advisories/unreviewed/2024/11/GHSA-jjh7-589h-xm36/GHSA-jjh7-589h-xm36.json new file mode 100644 index 0000000000000..4595f30a4af1d --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-jjh7-589h-xm36/GHSA-jjh7-589h-xm36.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-jjh7-589h-xm36", + "modified": "2024-11-09T15:32:34Z", + "published": "2024-11-09T15:32:34Z", + "aliases": [ + "CVE-2024-51702" + ], + "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Benjamin Moody, Eric Holmes SrcSet Responsive Images for WordPress allows Reflected XSS.This issue affects SrcSet Responsive Images for WordPress: from n/a through 1.4.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51702" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/truenorth-srcset/wordpress-srcset-responsive-images-for-wordpress-plugin-1-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-09T13:15:08Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-m6qh-mq3m-cxph/GHSA-m6qh-mq3m-cxph.json b/advisories/unreviewed/2024/11/GHSA-m6qh-mq3m-cxph/GHSA-m6qh-mq3m-cxph.json new file mode 100644 index 0000000000000..8b8b71218af39 --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-m6qh-mq3m-cxph/GHSA-m6qh-mq3m-cxph.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-m6qh-mq3m-cxph", + "modified": "2024-11-09T15:32:34Z", + "published": "2024-11-09T15:32:34Z", + "aliases": [ + "CVE-2024-51705" + ], + "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in James Bruner WP MMenu Lite allows Reflected XSS.This issue affects WP MMenu Lite: from n/a through 1.0.0.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51705" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/wp-mmenu-lite/wordpress-wp-mmenu-lite-plugin-1-0-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-09T13:15:09Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-mc7j-w338-w6v9/GHSA-mc7j-w338-w6v9.json b/advisories/unreviewed/2024/11/GHSA-mc7j-w338-w6v9/GHSA-mc7j-w338-w6v9.json new file mode 100644 index 0000000000000..1e7bce3e3f6ed --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-mc7j-w338-w6v9/GHSA-mc7j-w338-w6v9.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-mc7j-w338-w6v9", + "modified": "2024-11-09T15:32:34Z", + "published": "2024-11-09T15:32:34Z", + "aliases": [ + "CVE-2024-51623" + ], + "details": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mehrdad Farahani WP EIS allows SQL Injection.This issue affects WP EIS: from n/a through 1.3.3.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51623" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/wp-eis/wordpress-wp-eis-plugin-1-3-3-sql-injection-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-89" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-09T14:15:16Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-mh7v-f7qh-pr88/GHSA-mh7v-f7qh-pr88.json b/advisories/unreviewed/2024/11/GHSA-mh7v-f7qh-pr88/GHSA-mh7v-f7qh-pr88.json new file mode 100644 index 0000000000000..bc4f608bda7ab --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-mh7v-f7qh-pr88/GHSA-mh7v-f7qh-pr88.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-mh7v-f7qh-pr88", + "modified": "2024-11-09T15:32:33Z", + "published": "2024-11-09T15:32:33Z", + "aliases": [ + "CVE-2024-51691" + ], + "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Aryan Duntley Admin Amplify allows Reflected XSS.This issue affects Admin Amplify: from n/a through 1.3.0.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51691" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/wpr-admin-amplify/wordpress-admin-amplify-plugin-1-3-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-09T13:15:06Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-mhc4-cvh2-xf9v/GHSA-mhc4-cvh2-xf9v.json b/advisories/unreviewed/2024/11/GHSA-mhc4-cvh2-xf9v/GHSA-mhc4-cvh2-xf9v.json new file mode 100644 index 0000000000000..ff296e1b42375 --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-mhc4-cvh2-xf9v/GHSA-mhc4-cvh2-xf9v.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-mhc4-cvh2-xf9v", + "modified": "2024-11-09T15:32:35Z", + "published": "2024-11-09T15:32:35Z", + "aliases": [ + "CVE-2024-51608" + ], + "details": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pluginhandy AmaDiscount allows SQL Injection.This issue affects AmaDiscount: from n/a through 1.0.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51608" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/amadiscount/wordpress-amadiscount-plugin-plugin-1-0-sql-injection-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-89" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-09T15:15:08Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-mv87-jvc7-4388/GHSA-mv87-jvc7-4388.json b/advisories/unreviewed/2024/11/GHSA-mv87-jvc7-4388/GHSA-mv87-jvc7-4388.json new file mode 100644 index 0000000000000..13ab1cea118c5 --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-mv87-jvc7-4388/GHSA-mv87-jvc7-4388.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-mv87-jvc7-4388", + "modified": "2024-11-09T15:32:34Z", + "published": "2024-11-09T15:32:34Z", + "aliases": [ + "CVE-2024-51616" + ], + "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Nazmul Hasan Rupok AwesomePress allows Stored XSS.This issue affects AwesomePress: from n/a through 1.0.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51616" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/awesomepress/wordpress-awesomepress-plugin-1-0-stored-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-09T14:15:15Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-q449-g9rp-9323/GHSA-q449-g9rp-9323.json b/advisories/unreviewed/2024/11/GHSA-q449-g9rp-9323/GHSA-q449-g9rp-9323.json new file mode 100644 index 0000000000000..ae5cfc7873004 --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-q449-g9rp-9323/GHSA-q449-g9rp-9323.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-q449-g9rp-9323", + "modified": "2024-11-09T15:32:33Z", + "published": "2024-11-09T15:32:33Z", + "aliases": [ + "CVE-2024-51689" + ], + "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tobias Conrad CF7 WOW Styler allows Reflected XSS.This issue affects CF7 WOW Styler: from n/a through 1.6.8.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51689" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/cf7-styler/wordpress-cf7-wow-styler-plugin-1-6-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-09T13:15:06Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-q4pp-3f9p-qrgh/GHSA-q4pp-3f9p-qrgh.json b/advisories/unreviewed/2024/11/GHSA-q4pp-3f9p-qrgh/GHSA-q4pp-3f9p-qrgh.json new file mode 100644 index 0000000000000..2af2154e9a031 --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-q4pp-3f9p-qrgh/GHSA-q4pp-3f9p-qrgh.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-q4pp-3f9p-qrgh", + "modified": "2024-11-09T15:32:34Z", + "published": "2024-11-09T15:32:34Z", + "aliases": [ + "CVE-2024-51592" + ], + "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in bnayawpguy Meta Store Elements allows DOM-Based XSS.This issue affects Meta Store Elements: from n/a through 1.0.9.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51592" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/meta-store-elements/wordpress-meta-store-elements-plugin-1-0-9-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-09T15:15:05Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-q8pw-rwhq-9rj8/GHSA-q8pw-rwhq-9rj8.json b/advisories/unreviewed/2024/11/GHSA-q8pw-rwhq-9rj8/GHSA-q8pw-rwhq-9rj8.json new file mode 100644 index 0000000000000..5399174be8f78 --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-q8pw-rwhq-9rj8/GHSA-q8pw-rwhq-9rj8.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-q8pw-rwhq-9rj8", + "modified": "2024-11-09T15:32:34Z", + "published": "2024-11-09T15:32:34Z", + "aliases": [ + "CVE-2024-51589" + ], + "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in wpcirqle Bigmart Elements allows DOM-Based XSS.This issue affects Bigmart Elements: from n/a through 1.0.3.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51589" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/bigmart-elements/wordpress-bigmart-elements-plugin-1-0-3-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-09T15:15:05Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-qp9c-9wjq-x5fg/GHSA-qp9c-9wjq-x5fg.json b/advisories/unreviewed/2024/11/GHSA-qp9c-9wjq-x5fg/GHSA-qp9c-9wjq-x5fg.json new file mode 100644 index 0000000000000..b9954958a78ba --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-qp9c-9wjq-x5fg/GHSA-qp9c-9wjq-x5fg.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qp9c-9wjq-x5fg", + "modified": "2024-11-09T15:32:34Z", + "published": "2024-11-09T15:32:34Z", + "aliases": [ + "CVE-2024-51613" + ], + "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Andrew Connell TradeMe widgets allows Stored XSS.This issue affects TradeMe widgets: from n/a through 1.2.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51613" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/trademe-widget/wordpress-trademe-widgets-plugin-1-2-stored-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-09T14:15:14Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-qpj5-r5g2-7h68/GHSA-qpj5-r5g2-7h68.json b/advisories/unreviewed/2024/11/GHSA-qpj5-r5g2-7h68/GHSA-qpj5-r5g2-7h68.json new file mode 100644 index 0000000000000..91aaa58f68cdc --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-qpj5-r5g2-7h68/GHSA-qpj5-r5g2-7h68.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qpj5-r5g2-7h68", + "modified": "2024-11-09T15:32:34Z", + "published": "2024-11-09T15:32:34Z", + "aliases": [ + "CVE-2024-51622" + ], + "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Experts Team WP EASY RECIPE allows Stored XSS.This issue affects WP EASY RECIPE: from n/a through 1.6.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51622" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/wp-easy-recipe/wordpress-wp-easy-recipe-plugin-1-6-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-09T14:15:15Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-r8wm-m82j-j2jj/GHSA-r8wm-m82j-j2jj.json b/advisories/unreviewed/2024/11/GHSA-r8wm-m82j-j2jj/GHSA-r8wm-m82j-j2jj.json new file mode 100644 index 0000000000000..7882abeea8faa --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-r8wm-m82j-j2jj/GHSA-r8wm-m82j-j2jj.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-r8wm-m82j-j2jj", + "modified": "2024-11-09T15:32:35Z", + "published": "2024-11-09T15:32:35Z", + "aliases": [ + "CVE-2024-51603" + ], + "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mircea N. NMR Strava activities allows DOM-Based XSS.This issue affects NMR Strava activities: from n/a through 1.0.6.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51603" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/nmr-strava-activities/wordpress-nmr-strava-activities-plugin-1-0-6-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-09T15:15:07Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-rh93-6c74-4gcj/GHSA-rh93-6c74-4gcj.json b/advisories/unreviewed/2024/11/GHSA-rh93-6c74-4gcj/GHSA-rh93-6c74-4gcj.json new file mode 100644 index 0000000000000..ce05a232b39ef --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-rh93-6c74-4gcj/GHSA-rh93-6c74-4gcj.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rh93-6c74-4gcj", + "modified": "2024-11-09T15:32:32Z", + "published": "2024-11-09T15:32:32Z", + "aliases": [ + "CVE-2024-51673" + ], + "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in HasThemes HT Politic allows DOM-Based XSS.This issue affects HT Politic: from n/a through 2.4.4.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51673" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/wp-politic/wordpress-ht-politic-plugin-2-4-4-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-09T13:15:05Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-v5hq-8qjj-3rmr/GHSA-v5hq-8qjj-3rmr.json b/advisories/unreviewed/2024/11/GHSA-v5hq-8qjj-3rmr/GHSA-v5hq-8qjj-3rmr.json new file mode 100644 index 0000000000000..2d3edf260cf20 --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-v5hq-8qjj-3rmr/GHSA-v5hq-8qjj-3rmr.json @@ -0,0 +1,50 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-v5hq-8qjj-3rmr", + "modified": "2024-11-09T15:32:32Z", + "published": "2024-11-09T15:32:32Z", + "aliases": [ + "CVE-2024-10837" + ], + "details": "The SysBasics Customize My Account for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in all versions up to, and including, 2.7.29 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10837" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/browser/customize-my-account-for-woocommerce/tags/2.7.19/phppoet-checkout-fields/include/admin/pcfme_admin_settings.php#L840" + }, + { + "type": "WEB", + "url": "https://plugins.trac.wordpress.org/changeset/3183607" + }, + { + "type": "WEB", + "url": "https://wordpress.org/plugins/customize-my-account-for-woocommerce/#developers" + }, + { + "type": "WEB", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0ced1c79-97fe-4841-9a02-ffb9f336212a?source=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-09T13:15:04Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-v5jm-c265-3fv8/GHSA-v5jm-c265-3fv8.json b/advisories/unreviewed/2024/11/GHSA-v5jm-c265-3fv8/GHSA-v5jm-c265-3fv8.json new file mode 100644 index 0000000000000..45af2430adf5d --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-v5jm-c265-3fv8/GHSA-v5jm-c265-3fv8.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-v5jm-c265-3fv8", + "modified": "2024-11-09T15:32:34Z", + "published": "2024-11-09T15:32:34Z", + "aliases": [ + "CVE-2024-51662" + ], + "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Modernaweb Studio Black Widgets For Elementor allows Stored XSS.This issue affects Black Widgets For Elementor: from n/a through 1.3.6.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51662" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/black-widgets/wordpress-black-widgets-for-elementor-plugin-1-3-6-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-09T14:15:17Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-vp8w-6pmf-7wmp/GHSA-vp8w-6pmf-7wmp.json b/advisories/unreviewed/2024/11/GHSA-vp8w-6pmf-7wmp/GHSA-vp8w-6pmf-7wmp.json new file mode 100644 index 0000000000000..611f6b45e09b3 --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-vp8w-6pmf-7wmp/GHSA-vp8w-6pmf-7wmp.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vp8w-6pmf-7wmp", + "modified": "2024-11-09T15:32:34Z", + "published": "2024-11-09T15:32:34Z", + "aliases": [ + "CVE-2024-51701" + ], + "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mahesh Waghmare MG Post Contributors allows Reflected XSS.This issue affects MG Post Contributors: from n/a through 1.3..", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51701" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/mg-post-contributors/wordpress-mg-post-contributors-plugin-1-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-09T13:15:08Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-vvx4-w3c3-757p/GHSA-vvx4-w3c3-757p.json b/advisories/unreviewed/2024/11/GHSA-vvx4-w3c3-757p/GHSA-vvx4-w3c3-757p.json new file mode 100644 index 0000000000000..d575504a06a67 --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-vvx4-w3c3-757p/GHSA-vvx4-w3c3-757p.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vvx4-w3c3-757p", + "modified": "2024-11-09T15:32:33Z", + "published": "2024-11-09T15:32:33Z", + "aliases": [ + "CVE-2024-51692" + ], + "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Askew Brook Bing Search API Integration allows Reflected XSS.This issue affects Bing Search API Integration: from n/a through 0.3.3.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51692" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/abbs-bing-search/wordpress-bing-search-api-integration-plugin-0-3-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-09T13:15:06Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-w2p8-cxfv-fwhf/GHSA-w2p8-cxfv-fwhf.json b/advisories/unreviewed/2024/11/GHSA-w2p8-cxfv-fwhf/GHSA-w2p8-cxfv-fwhf.json new file mode 100644 index 0000000000000..926c56b2abd1f --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-w2p8-cxfv-fwhf/GHSA-w2p8-cxfv-fwhf.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w2p8-cxfv-fwhf", + "modified": "2024-11-09T15:32:34Z", + "published": "2024-11-09T15:32:34Z", + "aliases": [ + "CVE-2024-51706" + ], + "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Upeksha Wisidagama UW Freelancer allows Reflected XSS.This issue affects UW Freelancer: from n/a through 0.1.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51706" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/uw-freelancer/wordpress-uw-freelancer-plugin-0-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-09T13:15:09Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-wc95-gm6x-rx83/GHSA-wc95-gm6x-rx83.json b/advisories/unreviewed/2024/11/GHSA-wc95-gm6x-rx83/GHSA-wc95-gm6x-rx83.json new file mode 100644 index 0000000000000..2469ccc6a249f --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-wc95-gm6x-rx83/GHSA-wc95-gm6x-rx83.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wc95-gm6x-rx83", + "modified": "2024-11-09T15:32:34Z", + "published": "2024-11-09T15:32:34Z", + "aliases": [ + "CVE-2024-51699" + ], + "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Buooy Buooy Sticky Header allows Reflected XSS.This issue affects Buooy Sticky Header: from n/a through 0.5.2.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51699" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/buooy-sticky-header/wordpress-buooy-sticky-header-plugin-0-5-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-09T13:15:08Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-wwm4-8xw3-v6v2/GHSA-wwm4-8xw3-v6v2.json b/advisories/unreviewed/2024/11/GHSA-wwm4-8xw3-v6v2/GHSA-wwm4-8xw3-v6v2.json new file mode 100644 index 0000000000000..4538e56756e94 --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-wwm4-8xw3-v6v2/GHSA-wwm4-8xw3-v6v2.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wwm4-8xw3-v6v2", + "modified": "2024-11-09T15:32:35Z", + "published": "2024-11-09T15:32:35Z", + "aliases": [ + "CVE-2024-51597" + ], + "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeShark ThemeShark Templates & Widgets for Elementor allows Stored XSS.This issue affects ThemeShark Templates & Widgets for Elementor: from n/a through 1.1.7.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51597" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/themeshark-elementor/wordpress-themeshark-templates-widgets-for-elementor-plugin-1-1-7-stored-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-09T15:15:07Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/11/GHSA-xh37-q5jv-v72j/GHSA-xh37-q5jv-v72j.json b/advisories/unreviewed/2024/11/GHSA-xh37-q5jv-v72j/GHSA-xh37-q5jv-v72j.json new file mode 100644 index 0000000000000..f460ee81d71c5 --- /dev/null +++ b/advisories/unreviewed/2024/11/GHSA-xh37-q5jv-v72j/GHSA-xh37-q5jv-v72j.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xh37-q5jv-v72j", + "modified": "2024-11-09T15:32:34Z", + "published": "2024-11-09T15:32:34Z", + "aliases": [ + "CVE-2024-51594" + ], + "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Rafel Sansó Gmap Point List allows Stored XSS.This issue affects Gmap Point List: from n/a through 1.1.2.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51594" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/vulnerability/gmap-point-list/wordpress-gmap-point-list-plugin-1-1-2-stored-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-11-09T15:15:06Z" + } +} \ No newline at end of file