2025-01-03 update

Signed-off-by: Josh Bressers <[email protected]>

data/anchore/2022/CVE-2022-41995.json

@@ -0,0 +1,44 @@
+{
+  "additionalMetadata": {
+    "cna": "patchstack",
+    "cveId": "CVE-2022-41995",
+    "description": "Missing Authorization vulnerability in Galleryape Gallery Images Ape allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gallery Images Ape: from n/a through 2.2.8.",
+    "reason": "Added CPE configurations because not yet analyzed by NVD.",
+    "references": [
+      "https://patchstack.com/database/wordpress/plugin/gallery-images-ape/vulnerability/wordpress-gallery-images-ape-plugin-2-2-8-auth-broken-access-control-vulnerability?_s_id=cve"
+    ],
+    "upstream": {
+      "datePublished": "2025-01-02T14:51:05.557Z",
+      "dateReserved": "2022-10-19T11:40:57.172Z",
+      "dateUpdated": "2025-01-02T14:51:05.557Z",
+      "digest": "3fc340d8b98db82d3b6a2db5487f0153cd1cee6808a7ed8d9c07c612f2c5d98f"
+    }
+  },
+  "adp": {
+    "affected": [
+      {
+        "collectionURL": "https://wordpress.org/plugins",
+        "cpes": [
+          "cpe:2.3:a:robogallery:gallery_images_ape:*:*:*:*:*:wordpress:*:*"
+        ],
+        "packageName": "gallery-images-ape",
+        "packageType": "wordpress-plugin",
+        "product": "Gallery Images Ape",
+        "repo": "https://plugins.svn.wordpress.org/gallery-images-ape",
+        "vendor": "Galleryape",
+        "versions": [
+          {
+            "lessThanOrEqual": "2.2.8",
+            "status": "affected",
+            "version": "0",
+            "versionType": "custom"
+          }
+        ]
+      }
+    ],
+    "providerMetadata": {
+      "orgId": "00000000-0000-4000-8000-000000000000",
+      "shortName": "anchoreadp"
+    }
+  }
+}

data/anchore/2022/CVE-2022-43476.json

@@ -0,0 +1,44 @@
+{
+  "additionalMetadata": {
+    "cna": "patchstack",
+    "cveId": "CVE-2022-43476",
+    "description": "Missing Authorization vulnerability in Daniel Söderström / Sidney van de Stouwe Subscribe to Category allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Subscribe to Category: from n/a through 2.7.4.",
+    "reason": "Added CPE configurations because not yet analyzed by NVD.",
+    "references": [
+      "https://patchstack.com/database/wordpress/plugin/subscribe-to-category/vulnerability/wordpress-subscribe-to-category-plugin-2-7-1-auth-broken-access-control-vulnerability?_s_id=cve"
+    ],
+    "upstream": {
+      "datePublished": "2025-01-02T14:23:25.250Z",
+      "dateReserved": "2022-10-19T11:40:57.162Z",
+      "dateUpdated": "2025-01-02T14:43:15.256Z",
+      "digest": "8db9fe649c025a50197534fdd29cccb8f1640fd44e0008682f1bba97ac42652a"
+    }
+  },
+  "adp": {
+    "affected": [
+      {
+        "collectionURL": "https://wordpress.org/plugins",
+        "cpes": [
+          "cpe:2.3:a:subscribe_to_category_project:subscribe_to_category:*:*:*:*:*:wordpress:*:*"
+        ],
+        "packageName": "subscribe-to-category",
+        "packageType": "wordpress-plugin",
+        "product": "Subscribe to Category",
+        "repo": "https://plugins.svn.wordpress.org/subscribe-to-category",
+        "vendor": "Daniel Söderström / Sidney van de Stouwe",
+        "versions": [
+          {
+            "lessThanOrEqual": "2.7.4",
+            "status": "affected",
+            "version": "0",
+            "versionType": "custom"
+          }
+        ]
+      }
+    ],
+    "providerMetadata": {
+      "orgId": "00000000-0000-4000-8000-000000000000",
+      "shortName": "anchoreadp"
+    }
+  }
+}

data/anchore/2022/CVE-2022-45830.json

@@ -0,0 +1,47 @@
+{
+  "additionalMetadata": {
+    "cna": "patchstack",
+    "cveId": "CVE-2022-45830",
+    "description": "Missing Authorization vulnerability in Analytify.This issue affects Analytify: from n/a through 4.2.3.",
+    "reason": "Added CPE configurations because not yet analyzed by NVD.",
+    "references": [
+      "https://patchstack.com/database/wordpress/plugin/wp-analytify/vulnerability/wordpress-analytify-google-analytics-dashboard-plugin-4-2-3-privilege-escalation?_s_id=cve"
+    ],
+    "solutions": [
+      "Update the WordPress Analytify plugin to the latest available version (at least 4.3.0)."
+    ],
+    "upstream": {
+      "datePublished": "2025-01-02T15:02:35.509Z",
+      "dateReserved": "2022-11-23T07:45:44.260Z",
+      "dateUpdated": "2025-01-02T15:02:35.509Z",
+      "digest": "ef6a02a786aa10137f4980995dacbe06953cbf232a0e9449e9fa8592986fe3ec"
+    }
+  },
+  "adp": {
+    "affected": [
+      {
+        "collectionURL": "https://wordpress.org/plugins",
+        "cpes": [
+          "cpe:2.3:a:analytify:analytify_-_google_analytics_dashboard:*:*:*:*:*:wordpress:*:*"
+        ],
+        "packageName": "wp-analytify",
+        "packageType": "wordpress-plugin",
+        "product": "Analytify",
+        "repo": "https://plugins.svn.wordpress.org/wp-analytify",
+        "vendor": "Analytify",
+        "versions": [
+          {
+            "lessThan": "4.3.0",
+            "status": "affected",
+            "version": "0",
+            "versionType": "custom"
+          }
+        ]
+      }
+    ],
+    "providerMetadata": {
+      "orgId": "00000000-0000-4000-8000-000000000000",
+      "shortName": "anchoreadp"
+    }
+  }
+}

data/anchore/2022/CVE-2022-47601.json

@@ -0,0 +1,43 @@
+{
+  "additionalMetadata": {
+    "cna": "patchstack",
+    "cveId": "CVE-2022-47601",
+    "description": "Missing Authorization vulnerability in JoomUnited WP Table Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Table Manager: from n/a through 3.5.2.",
+    "reason": "Added CPE configurations because not yet analyzed by NVD.",
+    "references": [
+      "https://patchstack.com/database/wordpress/plugin/wp-table-manager/vulnerability/wordpress-wp-table-manager-plugin-3-5-2-broken-access-control?_s_id=cve"
+    ],
+    "solutions": [
+      "Update the WordPress WP Table Manager plugin to the latest available version (at least 3.5.3)."
+    ],
+    "upstream": {
+      "datePublished": "2025-01-02T15:07:30.729Z",
+      "dateReserved": "2022-12-20T08:12:15.178Z",
+      "dateUpdated": "2025-01-02T15:07:30.729Z",
+      "digest": "80f89c2cf08b25a58cad0728e93b66d90ed59c2a16a34466d94256f68136d4ec"
+    }
+  },
+  "adp": {
+    "affected": [
+      {
+        "cpes": [
+          "cpe:2.3:a:joomunited:wp_table_manager:*:*:*:*:*:wordpress:*:*"
+        ],
+        "product": "WP Table Manager",
+        "vendor": "JoomUnited",
+        "versions": [
+          {
+            "lessThan": "3.5.3",
+            "status": "affected",
+            "version": "0",
+            "versionType": "custom"
+          }
+        ]
+      }
+    ],
+    "providerMetadata": {
+      "orgId": "00000000-0000-4000-8000-000000000000",
+      "shortName": "anchoreadp"
+    }
+  }
+}

data/anchore/2023/CVE-2023-23672.json

@@ -0,0 +1,47 @@
+{
+  "additionalMetadata": {
+    "cna": "patchstack",
+    "cveId": "CVE-2023-23672",
+    "description": "Missing Authorization vulnerability in Liquid Web / StellarWP GiveWP.This issue affects GiveWP: from n/a through 2.25.1.",
+    "reason": "Added CPE configurations because not yet analyzed by NVD.",
+    "references": [
+      "https://patchstack.com/database/wordpress/plugin/give/vulnerability/wordpress-givewp-plugin-2-25-1-arbitrary-content-deletion-vulnerability?_s_id=cve"
+    ],
+    "solutions": [
+      "Update the WordPress GiveWP plugin to the latest available version (at least 2.25.2)."
+    ],
+    "upstream": {
+      "datePublished": "2025-01-02T15:06:38.479Z",
+      "dateReserved": "2023-01-17T05:01:33.475Z",
+      "dateUpdated": "2025-01-02T15:06:38.479Z",
+      "digest": "5a05702feae8aec23b5d8bf64be20ad7e4fcb1c00498c001e861066a73986f70"
+    }
+  },
+  "adp": {
+    "affected": [
+      {
+        "collectionURL": "https://wordpress.org/plugins",
+        "cpes": [
+          "cpe:2.3:a:givewp:givewp:*:*:*:*:*:wordpress:*:*"
+        ],
+        "packageName": "give",
+        "packageType": "wordpress-plugin",
+        "product": "GiveWP",
+        "repo": "https://plugins.svn.wordpress.org/give",
+        "vendor": "Liquid Web / StellarWP",
+        "versions": [
+          {
+            "lessThan": "2.25.2",
+            "status": "affected",
+            "version": "0",
+            "versionType": "custom"
+          }
+        ]
+      }
+    ],
+    "providerMetadata": {
+      "orgId": "00000000-0000-4000-8000-000000000000",
+      "shortName": "anchoreadp"
+    }
+  }
+}

data/anchore/2023/CVE-2023-32240.json

@@ -0,0 +1,44 @@
+{
+  "additionalMetadata": {
+    "cna": "patchstack",
+    "cveId": "CVE-2023-32240",
+    "description": "Missing Authorization vulnerability in Xtemos WoodMart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WoodMart: from n/a through 7.2.1.",
+    "reason": "Added CPE configurations because not yet analyzed by NVD.",
+    "references": [
+      "https://patchstack.com/database/wordpress/theme/woodmart/vulnerability/wordpress-woodmart-theme-7-2-1-broken-access-control-vulnerability?_s_id=cve"
+    ],
+    "solutions": [
+      "Update to 7.2.2 or a higher version."
+    ],
+    "upstream": {
+      "datePublished": "2025-01-02T15:05:19.181Z",
+      "dateReserved": "2023-05-05T08:13:46.345Z",
+      "dateUpdated": "2025-01-02T15:05:19.181Z",
+      "digest": "05364c2f1e46157f827ad7f9918987bb7a23a4ebe8dc625011d7aa51bace5c33"
+    }
+  },
+  "adp": {
+    "affected": [
+      {
+        "cpes": [
+          "cpe:2.3:a:xtemos:woodmart:*:*:*:*:*:wordpress:*:*",
+          "cpe:2.3:a:xtemos:woodmart_theme:*:*:*:*:*:wordpress:*:*"
+        ],
+        "product": "WoodMart",
+        "vendor": "Xtemos",
+        "versions": [
+          {
+            "lessThan": "7.2.2",
+            "status": "affected",
+            "version": "0",
+            "versionType": "custom"
+          }
+        ]
+      }
+    ],
+    "providerMetadata": {
+      "orgId": "00000000-0000-4000-8000-000000000000",
+      "shortName": "anchoreadp"
+    }
+  }
+}

data/anchore/2023/CVE-2023-39994.json

@@ -0,0 +1,48 @@
+{
+  "additionalMetadata": {
+    "cna": "patchstack",
+    "cveId": "CVE-2023-39994",
+    "description": "Missing Authorization vulnerability in Repute InfoSystems ARMember Premium allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ARMember Premium: from n/a through 5.9.2.",
+    "reason": "Added CPE configurations because not yet analyzed by NVD.",
+    "references": [
+      "https://patchstack.com/database/wordpress/plugin/armember/vulnerability/wordpress-armember-premium-wordpress-membership-plugin-plugin-5-9-2-broken-access-control?_s_id=cve"
+    ],
+    "solutions": [
+      "Update the WordPress ARMember Premium plugin to the latest available version (at least 5.9.3)."
+    ],
+    "upstream": {
+      "datePublished": "2025-01-02T15:03:37.690Z",
+      "dateReserved": "2023-08-08T11:24:36.963Z",
+      "dateUpdated": "2025-01-02T15:03:37.690Z",
+      "digest": "f69b6e13e8c4be17dd22871be5c2fee232377d5171d4e687389581bd060fac78"
+    }
+  },
+  "adp": {
+    "affected": [
+      {
+        "collectionURL": "https://wordpress.org/plugins",
+        "cpes": [
+          "cpe:2.3:a:armemberplugin:armember:*:*:*:*:*:wordpress:*:*",
+          "cpe:2.3:a:reputeinfosystems:armember:*:*:*:*:*:wordpress:*:*"
+        ],
+        "packageName": "armember-membership",
+        "packageType": "wordpress-plugin",
+        "product": "ARMember Premium",
+        "repo": "https://plugins.svn.wordpress.org/armember-membership",
+        "vendor": "Repute InfoSystems",
+        "versions": [
+          {
+            "lessThan": "5.9.3",
+            "status": "affected",
+            "version": "0",
+            "versionType": "custom"
+          }
+        ]
+      }
+    ],
+    "providerMetadata": {
+      "orgId": "00000000-0000-4000-8000-000000000000",
+      "shortName": "anchoreadp"
+    }
+  }
+}

data/anchore/2023/CVE-2023-44988.json

@@ -0,0 +1,47 @@
+{
+  "additionalMetadata": {
+    "cna": "patchstack",
+    "cveId": "CVE-2023-44988",
+    "description": "Missing Authorization vulnerability in Martin Gibson WP Custom Admin Interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through 7.32.",
+    "reason": "Added CPE configurations because not yet analyzed by NVD.",
+    "references": [
+      "https://patchstack.com/database/wordpress/plugin/wp-custom-admin-interface/vulnerability/wordpress-wp-custom-admin-interface-plugin-7-32-broken-access-control-vulnerability?_s_id=cve"
+    ],
+    "solutions": [
+      "Update the WordPress WP Custom Admin Interface plugin to the latest available version (at least 7.33)."
+    ],
+    "upstream": {
+      "datePublished": "2025-01-02T11:59:46.731Z",
+      "dateReserved": "2023-10-02T09:38:08.907Z",
+      "dateUpdated": "2025-01-02T11:59:46.731Z",
+      "digest": "51e96ff5f0f845bd3e8d36f59b0ac33233264b5101098bce80151f22da7c10bc"
+    }
+  },
+  "adp": {
+    "affected": [
+      {
+        "collectionURL": "https://wordpress.org/plugins",
+        "cpes": [
+          "cpe:2.3:a:wp_custom_admin_interface_project:wp_custom_admin_interface:*:*:*:*:*:wordpress:*:*"
+        ],
+        "packageName": "wp-custom-admin-interface",
+        "packageType": "wordpress-plugin",
+        "product": "WP Custom Admin Interface",
+        "repo": "https://plugins.svn.wordpress.org/wp-custom-admin-interface",
+        "vendor": "Martin Gibson",
+        "versions": [
+          {
+            "lessThan": "7.33",
+            "status": "affected",
+            "version": "0",
+            "versionType": "custom"
+          }
+        ]
+      }
+    ],
+    "providerMetadata": {
+      "orgId": "00000000-0000-4000-8000-000000000000",
+      "shortName": "anchoreadp"
+    }
+  }
+}