-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Weston Steimel <[email protected]>
- Loading branch information
1 parent
1c5489b
commit 460b44a
Showing
67 changed files
with
2,253 additions
and
26 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,39 @@ | ||
| { | ||
| "additionalMetadata": { | ||
| "cna": "wordfence", | ||
| "cveId": "CVE-2024-10174", | ||
| "description": "The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.6.13 via the 'Abstract_Permission' class due to missing validation on the 'user_id' user controlled key. This makes it possible for unauthenticated attackers to spoof their identity to that of an administrator and access all of the plugins REST routes.", | ||
| "reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
| "references": [ | ||
| "https://plugins.trac.wordpress.org/browser/wedevs-project-manager/trunk/core/Permissions/Abstract_Permission.php#L32", | ||
| "https://plugins.trac.wordpress.org/changeset/3185807/wedevs-project-manager/trunk/core/Permissions/Abstract_Permission.php", | ||
| "https://www.wordfence.com/threat-intel/vulnerabilities/id/dea2d045-d3b4-4b55-8b4f-5baa82a18834?source=cve" | ||
| ] | ||
| }, | ||
| "adp": { | ||
| "affected": [ | ||
| { | ||
| "collectionURL": "https://wordpress.org/plugins", | ||
| "cpes": [ | ||
| "cpe:2.3:a:wedevs:wp_project_manager:*:*:*:*:*:wordpress:*:*" | ||
| ], | ||
| "packageName": "wedevs-project-manager", | ||
| "packageType": "wordpress-plugin", | ||
| "product": "WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts", | ||
| "vendor": "wedevs", | ||
| "versions": [ | ||
| { | ||
| "lessThan": "2.6.14", | ||
| "status": "affected", | ||
| "version": "0", | ||
| "versionType": "semver" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "providerMetadata": { | ||
| "orgId": "00000000-0000-4000-8000-000000000000", | ||
| "shortName": "anchoreadp" | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,39 @@ | ||
| { | ||
| "additionalMetadata": { | ||
| "cna": "wordfence", | ||
| "cveId": "CVE-2024-10529", | ||
| "description": "The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_assistant() function in all versions up to, and including, 2.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete GTP assistants.", | ||
| "reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
| "references": [ | ||
| "https://plugins.trac.wordpress.org/browser/chatbot-chatgpt/trunk/includes/utilities/chatbot-assistants.php#L575", | ||
| "https://plugins.trac.wordpress.org/changeset/3183413/chatbot-chatgpt/trunk/includes/utilities/chatbot-assistants.php", | ||
| "https://www.wordfence.com/threat-intel/vulnerabilities/id/f6b302c9-a6b9-4a91-acb5-2ad270817606?source=cve" | ||
| ] | ||
| }, | ||
| "adp": { | ||
| "affected": [ | ||
| { | ||
| "collectionURL": "https://wordpress.org/plugins", | ||
| "cpes": [ | ||
| "cpe:2.3:a:kognetics:kognetiks_chatbot:*:*:*:*:*:wordpress:*:*" | ||
| ], | ||
| "packageName": "chatbot-chatgpt", | ||
| "packageType": "wordpress-plugin", | ||
| "product": "Kognetiks Chatbot for WordPress", | ||
| "vendor": "kognetiks", | ||
| "versions": [ | ||
| { | ||
| "lessThan": "2.1.8", | ||
| "status": "affected", | ||
| "version": "0", | ||
| "versionType": "semver" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "providerMetadata": { | ||
| "orgId": "00000000-0000-4000-8000-000000000000", | ||
| "shortName": "anchoreadp" | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,39 @@ | ||
| { | ||
| "additionalMetadata": { | ||
| "cna": "wordfence", | ||
| "cveId": "CVE-2024-10530", | ||
| "description": "The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the add_new_assistant() function in all versions up to, and including, 2.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to create new GTP assistants.", | ||
| "reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
| "references": [ | ||
| "https://plugins.trac.wordpress.org/browser/chatbot-chatgpt/trunk/includes/utilities/chatbot-assistants.php#L596", | ||
| "https://plugins.trac.wordpress.org/changeset/3183413/chatbot-chatgpt/trunk/includes/utilities/chatbot-assistants.php", | ||
| "https://www.wordfence.com/threat-intel/vulnerabilities/id/a4fd7e76-4d8b-4e4d-9ae9-c7f9933f8324?source=cve" | ||
| ] | ||
| }, | ||
| "adp": { | ||
| "affected": [ | ||
| { | ||
| "collectionURL": "https://wordpress.org/plugins", | ||
| "cpes": [ | ||
| "cpe:2.3:a:kognetics:kognetiks_chatbot:*:*:*:*:*:wordpress:*:*" | ||
| ], | ||
| "packageName": "chatbot-chatgpt", | ||
| "packageType": "wordpress-plugin", | ||
| "product": "Kognetiks Chatbot for WordPress", | ||
| "vendor": "kognetiks", | ||
| "versions": [ | ||
| { | ||
| "lessThan": "2.1.8", | ||
| "status": "affected", | ||
| "version": "0", | ||
| "versionType": "semver" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "providerMetadata": { | ||
| "orgId": "00000000-0000-4000-8000-000000000000", | ||
| "shortName": "anchoreadp" | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,39 @@ | ||
| { | ||
| "additionalMetadata": { | ||
| "cna": "wordfence", | ||
| "cveId": "CVE-2024-10531", | ||
| "description": "The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_assistant() function in all versions up to, and including, 2.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to update GTP assistants.", | ||
| "reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
| "references": [ | ||
| "https://plugins.trac.wordpress.org/browser/chatbot-chatgpt/trunk/includes/utilities/chatbot-assistants.php#L524", | ||
| "https://plugins.trac.wordpress.org/changeset/3183413/chatbot-chatgpt/trunk/includes/utilities/chatbot-assistants.php", | ||
| "https://www.wordfence.com/threat-intel/vulnerabilities/id/cc083470-3b43-42f3-8979-7fa6cce6ee75?source=cve" | ||
| ] | ||
| }, | ||
| "adp": { | ||
| "affected": [ | ||
| { | ||
| "collectionURL": "https://wordpress.org/plugins", | ||
| "cpes": [ | ||
| "cpe:2.3:a:kognetics:kognetiks_chatbot:*:*:*:*:*:wordpress:*:*" | ||
| ], | ||
| "packageName": "chatbot-chatgpt", | ||
| "packageType": "wordpress-plugin", | ||
| "product": "Kognetiks Chatbot for WordPress", | ||
| "vendor": "kognetiks", | ||
| "versions": [ | ||
| { | ||
| "lessThan": "2.1.8", | ||
| "status": "affected", | ||
| "version": "0", | ||
| "versionType": "semver" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "providerMetadata": { | ||
| "orgId": "00000000-0000-4000-8000-000000000000", | ||
| "shortName": "anchoreadp" | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
| { | ||
| "additionalMetadata": { | ||
| "cna": "wordfence", | ||
| "cveId": "CVE-2024-10684", | ||
| "description": "The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dir' parameter in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", | ||
| "reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
| "references": [ | ||
| "https://plugins.trac.wordpress.org/changeset/3183413/chatbot-chatgpt/trunk/includes/settings/chatbot-settings-support.php", | ||
| "https://www.wordfence.com/threat-intel/vulnerabilities/id/d6fcd334-4d9a-4c11-ab11-b96cdda698c4?source=cve" | ||
| ] | ||
| }, | ||
| "adp": { | ||
| "affected": [ | ||
| { | ||
| "collectionURL": "https://wordpress.org/plugins", | ||
| "cpes": [ | ||
| "cpe:2.3:a:kognetics:kognetiks_chatbot:*:*:*:*:*:wordpress:*:*" | ||
| ], | ||
| "packageName": "chatbot-chatgpt", | ||
| "packageType": "wordpress-plugin", | ||
| "product": "Kognetiks Chatbot for WordPress", | ||
| "vendor": "kognetiks", | ||
| "versions": [ | ||
| { | ||
| "lessThan": "2.1.8", | ||
| "status": "affected", | ||
| "version": "0", | ||
| "versionType": "semver" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "providerMetadata": { | ||
| "orgId": "00000000-0000-4000-8000-000000000000", | ||
| "shortName": "anchoreadp" | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
| { | ||
| "additionalMetadata": { | ||
| "cna": "wordfence", | ||
| "cveId": "CVE-2024-10794", | ||
| "description": "The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.6 via the 'bhf' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created via Elementor that they should not have access to.", | ||
| "reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
| "references": [ | ||
| "https://plugins.trac.wordpress.org/changeset/3185478/boostify-header-footer-builder/trunk/inc/class-boostify-header-footer-builder.php", | ||
| "https://www.wordfence.com/threat-intel/vulnerabilities/id/6e9f6d07-5ba5-48ad-bfcc-084913436b39?source=cve" | ||
| ] | ||
| }, | ||
| "adp": { | ||
| "affected": [ | ||
| { | ||
| "collectionURL": "https://wordpress.org/plugins", | ||
| "cpes": [ | ||
| "cpe:2.3:a:woostify:boostify_header_footer_builder_for_elementor:*:*:*:*:*:wordpress:*:*" | ||
| ], | ||
| "packageName": "boostify-header-footer-builder", | ||
| "packageType": "wordpress-plugin", | ||
| "product": "Boostify Header Footer Builder for Elementor", | ||
| "vendor": "duongancol", | ||
| "versions": [ | ||
| { | ||
| "lessThan": "1.3.7", | ||
| "status": "affected", | ||
| "version": "0", | ||
| "versionType": "semver" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "providerMetadata": { | ||
| "orgId": "00000000-0000-4000-8000-000000000000", | ||
| "shortName": "anchoreadp" | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,37 @@ | ||
| { | ||
| "additionalMetadata": { | ||
| "cna": "wordfence", | ||
| "cveId": "CVE-2024-10820", | ||
| "description": "The WooCommerce Upload Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload_files() function in all versions up to, and including, 84.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.", | ||
| "reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
| "references": [ | ||
| "https://codecanyon.net/item/woocommerce-upload-files/11442983", | ||
| "https://www.wordfence.com/threat-intel/vulnerabilities/id/b9371b37-53c5-4a4f-a500-c6d58d4d3c5a?source=cve" | ||
| ] | ||
| }, | ||
| "adp": { | ||
| "affected": [ | ||
| { | ||
| "cpes": [ | ||
| "cpe:2.3:a:woocommerce:upload_files:*:*:*:*:*:wordpress:*:*" | ||
| ], | ||
| "packageName": "woocommerce-upload-files", | ||
| "packageType": "wordpress-plugin", | ||
| "product": "WooCommerce Upload Files", | ||
| "vendor": "vanquish", | ||
| "versions": [ | ||
| { | ||
| "lessThan": "84.4", | ||
| "status": "affected", | ||
| "version": "0", | ||
| "versionType": "semver" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "providerMetadata": { | ||
| "orgId": "00000000-0000-4000-8000-000000000000", | ||
| "shortName": "anchoreadp" | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,39 @@ | ||
| { | ||
| "additionalMetadata": { | ||
| "cna": "wordfence", | ||
| "cveId": "CVE-2024-10828", | ||
| "description": "The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.5 via deserialization of untrusted input during Order export when the \"Try to convert serialized values\" option is enabled. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).", | ||
| "reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
| "references": [ | ||
| "https://plugins.trac.wordpress.org/browser/woo-order-export-lite/trunk/classes/PHPExcel/Shared/XMLWriter.php#L83", | ||
| "https://plugins.trac.wordpress.org/browser/woo-order-export-lite/trunk/classes/core/trait-woe-core-extractor.php#L996", | ||
| "https://www.wordfence.com/threat-intel/vulnerabilities/id/a1c6eed6-7b3f-4b37-85f8-6613527daa54?source=cve" | ||
| ] | ||
| }, | ||
| "adp": { | ||
| "affected": [ | ||
| { | ||
| "collectionURL": "https://wordpress.org/plugins", | ||
| "cpes": [ | ||
| "cpe:2.3:a:algolplus:advanced_order_export:*:*:*:*:*:wordpress:*:*" | ||
| ], | ||
| "packageName": "woo-order-export-lite", | ||
| "packageType": "wordpress-plugin", | ||
| "product": "Advanced Order Export For WooCommerce", | ||
| "vendor": "algolplus", | ||
| "versions": [ | ||
| { | ||
| "lessThan": "3.5.6", | ||
| "status": "affected", | ||
| "version": "0", | ||
| "versionType": "semver" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "providerMetadata": { | ||
| "orgId": "00000000-0000-4000-8000-000000000000", | ||
| "shortName": "anchoreadp" | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,39 @@ | ||
| { | ||
| "additionalMetadata": { | ||
| "cna": "wordfence", | ||
| "cveId": "CVE-2024-10882", | ||
| "description": "The Product Delivery Date for WooCommerce – Lite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.8.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", | ||
| "reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
| "references": [ | ||
| "https://plugins.trac.wordpress.org/browser/product-delivery-date-for-woocommerce-lite/tags/2.7.5/includes/admin/class-prdd-lite-view-deliveries-table.php#L129", | ||
| "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3185534%40product-delivery-date-for-woocommerce-lite&new=3185534%40product-delivery-date-for-woocommerce-lite&sfp_email=&sfph_mail=", | ||
| "https://www.wordfence.com/threat-intel/vulnerabilities/id/0e47daed-42cc-4d96-82a1-a3e65af9fa88?source=cve" | ||
| ] | ||
| }, | ||
| "adp": { | ||
| "affected": [ | ||
| { | ||
| "collectionURL": "https://wordpress.org/plugins", | ||
| "cpes": [ | ||
| "cpe:2.3:a:tychesoftwares:product_delivery_date_for_woocommerce:*:*:*:*:lite:wordpress:*:*" | ||
| ], | ||
| "packageName": "product-delivery-date-for-woocommerce-lite", | ||
| "packageType": "wordpress-plugin", | ||
| "product": "Product Delivery Date for WooCommerce – Lite", | ||
| "vendor": "tychesoftwares", | ||
| "versions": [ | ||
| { | ||
| "lessThan": "2.8.1", | ||
| "status": "affected", | ||
| "version": "0", | ||
| "versionType": "semver" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "providerMetadata": { | ||
| "orgId": "00000000-0000-4000-8000-000000000000", | ||
| "shortName": "anchoreadp" | ||
| } | ||
| } | ||
| } |
Oops, something went wrong.