diff --git a/data/anchore/2022/CVE-2022-41995.json b/data/anchore/2022/CVE-2022-41995.json new file mode 100644 index 00000000..acb480b2 --- /dev/null +++ b/data/anchore/2022/CVE-2022-41995.json @@ -0,0 +1,44 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2022-41995", + "description": "Missing Authorization vulnerability in Galleryape Gallery Images Ape allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gallery Images Ape: from n/a through 2.2.8.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/gallery-images-ape/vulnerability/wordpress-gallery-images-ape-plugin-2-2-8-auth-broken-access-control-vulnerability?_s_id=cve" + ], + "upstream": { + "datePublished": "2025-01-02T14:51:05.557Z", + "dateReserved": "2022-10-19T11:40:57.172Z", + "dateUpdated": "2025-01-02T14:51:05.557Z", + "digest": "3fc340d8b98db82d3b6a2db5487f0153cd1cee6808a7ed8d9c07c612f2c5d98f" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:robogallery:gallery_images_ape:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "gallery-images-ape", + "packageType": "wordpress-plugin", + "product": "Gallery Images Ape", + "repo": "https://plugins.svn.wordpress.org/gallery-images-ape", + "vendor": "Galleryape", + "versions": [ + { + "lessThanOrEqual": "2.2.8", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2022/CVE-2022-43476.json b/data/anchore/2022/CVE-2022-43476.json new file mode 100644 index 00000000..2195207b --- /dev/null +++ b/data/anchore/2022/CVE-2022-43476.json @@ -0,0 +1,44 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2022-43476", + "description": "Missing Authorization vulnerability in Daniel Söderström / Sidney van de Stouwe Subscribe to Category allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Subscribe to Category: from n/a through 2.7.4.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/subscribe-to-category/vulnerability/wordpress-subscribe-to-category-plugin-2-7-1-auth-broken-access-control-vulnerability?_s_id=cve" + ], + "upstream": { + "datePublished": "2025-01-02T14:23:25.250Z", + "dateReserved": "2022-10-19T11:40:57.162Z", + "dateUpdated": "2025-01-02T14:43:15.256Z", + "digest": "8db9fe649c025a50197534fdd29cccb8f1640fd44e0008682f1bba97ac42652a" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:subscribe_to_category_project:subscribe_to_category:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "subscribe-to-category", + "packageType": "wordpress-plugin", + "product": "Subscribe to Category", + "repo": "https://plugins.svn.wordpress.org/subscribe-to-category", + "vendor": "Daniel Söderström / Sidney van de Stouwe", + "versions": [ + { + "lessThanOrEqual": "2.7.4", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2022/CVE-2022-45830.json b/data/anchore/2022/CVE-2022-45830.json new file mode 100644 index 00000000..21d7a880 --- /dev/null +++ b/data/anchore/2022/CVE-2022-45830.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2022-45830", + "description": "Missing Authorization vulnerability in Analytify.This issue affects Analytify: from n/a through 4.2.3.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/wp-analytify/vulnerability/wordpress-analytify-google-analytics-dashboard-plugin-4-2-3-privilege-escalation?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Analytify plugin to the latest available version (at least 4.3.0)." + ], + "upstream": { + "datePublished": "2025-01-02T15:02:35.509Z", + "dateReserved": "2022-11-23T07:45:44.260Z", + "dateUpdated": "2025-01-02T15:02:35.509Z", + "digest": "ef6a02a786aa10137f4980995dacbe06953cbf232a0e9449e9fa8592986fe3ec" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:analytify:analytify_-_google_analytics_dashboard:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "wp-analytify", + "packageType": "wordpress-plugin", + "product": "Analytify", + "repo": "https://plugins.svn.wordpress.org/wp-analytify", + "vendor": "Analytify", + "versions": [ + { + "lessThan": "4.3.0", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2022/CVE-2022-47601.json b/data/anchore/2022/CVE-2022-47601.json new file mode 100644 index 00000000..12a9f4f5 --- /dev/null +++ b/data/anchore/2022/CVE-2022-47601.json @@ -0,0 +1,43 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2022-47601", + "description": "Missing Authorization vulnerability in JoomUnited WP Table Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Table Manager: from n/a through 3.5.2.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/wp-table-manager/vulnerability/wordpress-wp-table-manager-plugin-3-5-2-broken-access-control?_s_id=cve" + ], + "solutions": [ + "Update the WordPress WP Table Manager plugin to the latest available version (at least 3.5.3)." + ], + "upstream": { + "datePublished": "2025-01-02T15:07:30.729Z", + "dateReserved": "2022-12-20T08:12:15.178Z", + "dateUpdated": "2025-01-02T15:07:30.729Z", + "digest": "80f89c2cf08b25a58cad0728e93b66d90ed59c2a16a34466d94256f68136d4ec" + } + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:joomunited:wp_table_manager:*:*:*:*:*:wordpress:*:*" + ], + "product": "WP Table Manager", + "vendor": "JoomUnited", + "versions": [ + { + "lessThan": "3.5.3", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-23672.json b/data/anchore/2023/CVE-2023-23672.json new file mode 100644 index 00000000..338094dc --- /dev/null +++ b/data/anchore/2023/CVE-2023-23672.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-23672", + "description": "Missing Authorization vulnerability in Liquid Web / StellarWP GiveWP.This issue affects GiveWP: from n/a through 2.25.1.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/give/vulnerability/wordpress-givewp-plugin-2-25-1-arbitrary-content-deletion-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress GiveWP plugin to the latest available version (at least 2.25.2)." + ], + "upstream": { + "datePublished": "2025-01-02T15:06:38.479Z", + "dateReserved": "2023-01-17T05:01:33.475Z", + "dateUpdated": "2025-01-02T15:06:38.479Z", + "digest": "5a05702feae8aec23b5d8bf64be20ad7e4fcb1c00498c001e861066a73986f70" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:givewp:givewp:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "give", + "packageType": "wordpress-plugin", + "product": "GiveWP", + "repo": "https://plugins.svn.wordpress.org/give", + "vendor": "Liquid Web / StellarWP", + "versions": [ + { + "lessThan": "2.25.2", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-32240.json b/data/anchore/2023/CVE-2023-32240.json new file mode 100644 index 00000000..1694a0cc --- /dev/null +++ b/data/anchore/2023/CVE-2023-32240.json @@ -0,0 +1,44 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-32240", + "description": "Missing Authorization vulnerability in Xtemos WoodMart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WoodMart: from n/a through 7.2.1.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/theme/woodmart/vulnerability/wordpress-woodmart-theme-7-2-1-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 7.2.2 or a higher version." + ], + "upstream": { + "datePublished": "2025-01-02T15:05:19.181Z", + "dateReserved": "2023-05-05T08:13:46.345Z", + "dateUpdated": "2025-01-02T15:05:19.181Z", + "digest": "05364c2f1e46157f827ad7f9918987bb7a23a4ebe8dc625011d7aa51bace5c33" + } + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:xtemos:woodmart:*:*:*:*:*:wordpress:*:*", + "cpe:2.3:a:xtemos:woodmart_theme:*:*:*:*:*:wordpress:*:*" + ], + "product": "WoodMart", + "vendor": "Xtemos", + "versions": [ + { + "lessThan": "7.2.2", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-39994.json b/data/anchore/2023/CVE-2023-39994.json new file mode 100644 index 00000000..6458331e --- /dev/null +++ b/data/anchore/2023/CVE-2023-39994.json @@ -0,0 +1,48 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-39994", + "description": "Missing Authorization vulnerability in Repute InfoSystems ARMember Premium allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ARMember Premium: from n/a through 5.9.2.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/armember/vulnerability/wordpress-armember-premium-wordpress-membership-plugin-plugin-5-9-2-broken-access-control?_s_id=cve" + ], + "solutions": [ + "Update the WordPress ARMember Premium plugin to the latest available version (at least 5.9.3)." + ], + "upstream": { + "datePublished": "2025-01-02T15:03:37.690Z", + "dateReserved": "2023-08-08T11:24:36.963Z", + "dateUpdated": "2025-01-02T15:03:37.690Z", + "digest": "f69b6e13e8c4be17dd22871be5c2fee232377d5171d4e687389581bd060fac78" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:armemberplugin:armember:*:*:*:*:*:wordpress:*:*", + "cpe:2.3:a:reputeinfosystems:armember:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "armember-membership", + "packageType": "wordpress-plugin", + "product": "ARMember Premium", + "repo": "https://plugins.svn.wordpress.org/armember-membership", + "vendor": "Repute InfoSystems", + "versions": [ + { + "lessThan": "5.9.3", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-44988.json b/data/anchore/2023/CVE-2023-44988.json new file mode 100644 index 00000000..0643cecc --- /dev/null +++ b/data/anchore/2023/CVE-2023-44988.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-44988", + "description": "Missing Authorization vulnerability in Martin Gibson WP Custom Admin Interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through 7.32.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/wp-custom-admin-interface/vulnerability/wordpress-wp-custom-admin-interface-plugin-7-32-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress WP Custom Admin Interface plugin to the latest available version (at least 7.33)." + ], + "upstream": { + "datePublished": "2025-01-02T11:59:46.731Z", + "dateReserved": "2023-10-02T09:38:08.907Z", + "dateUpdated": "2025-01-02T11:59:46.731Z", + "digest": "51e96ff5f0f845bd3e8d36f59b0ac33233264b5101098bce80151f22da7c10bc" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:wp_custom_admin_interface_project:wp_custom_admin_interface:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "wp-custom-admin-interface", + "packageType": "wordpress-plugin", + "product": "WP Custom Admin Interface", + "repo": "https://plugins.svn.wordpress.org/wp-custom-admin-interface", + "vendor": "Martin Gibson", + "versions": [ + { + "lessThan": "7.33", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-45002.json b/data/anchore/2023/CVE-2023-45002.json new file mode 100644 index 00000000..5c4af8e8 --- /dev/null +++ b/data/anchore/2023/CVE-2023-45002.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-45002", + "description": "Missing Authorization vulnerability in weDevs WP User Frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through 3.6.8.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/wp-user-frontend/vulnerability/wordpress-wp-user-frontend-plugin-3-6-8-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress WP User Frontend plugin to the latest available version (at least 3.6.9)." + ], + "upstream": { + "datePublished": "2025-01-02T11:59:47.346Z", + "dateReserved": "2023-10-02T10:33:37.983Z", + "dateUpdated": "2025-01-02T11:59:47.346Z", + "digest": "de6d6c4c189df99cc8fc8c4e2866c9ed8d7ff3359efebe8cb95077cc78a19d7c" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:wedevs:wp_user_frontend:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "wp-user-frontend", + "packageType": "wordpress-plugin", + "product": "WP User Frontend", + "repo": "https://plugins.svn.wordpress.org/wp-user-frontend", + "vendor": "weDevs", + "versions": [ + { + "lessThan": "3.6.9", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-45045.json b/data/anchore/2023/CVE-2023-45045.json new file mode 100644 index 00000000..090b48e6 --- /dev/null +++ b/data/anchore/2023/CVE-2023-45045.json @@ -0,0 +1,44 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-45045", + "description": "Missing Authorization vulnerability in Kishor Khambu WP Custom Widget area allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Widget area: from n/a through 1.2.5.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/wp-custom-widget-area/vulnerability/wordpress-wp-custom-widget-area-plugin-1-2-5-broken-access-control-vulnerability?_s_id=cve" + ], + "upstream": { + "datePublished": "2025-01-02T11:59:47.939Z", + "dateReserved": "2023-10-03T13:30:39.402Z", + "dateUpdated": "2025-01-02T11:59:47.939Z", + "digest": "68a4bf004375d42d0cbe6cee3784782e7bb10e885973b6997a0f8defcc4e8c34" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:kishorkhambu:wp_custom_widget_area:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "wp-custom-widget-area", + "packageType": "wordpress-plugin", + "product": "WP Custom Widget area", + "repo": "https://plugins.svn.wordpress.org/wp-custom-widget-area", + "vendor": "Kishor Khambu", + "versions": [ + { + "lessThanOrEqual": "1.2.5", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-45061.json b/data/anchore/2023/CVE-2023-45061.json new file mode 100644 index 00000000..1f987d5f --- /dev/null +++ b/data/anchore/2023/CVE-2023-45061.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-45061", + "description": "Missing Authorization vulnerability in AWSM Innovations WP Job Openings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Openings: from n/a through 3.4.1.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/wp-job-openings/vulnerability/wordpress-wp-job-openings-plugin-3-4-1-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress WP Job Openings plugin to the latest available version (at least 3.4.2)." + ], + "upstream": { + "datePublished": "2025-01-02T11:59:48.514Z", + "dateReserved": "2023-10-03T13:31:00.205Z", + "dateUpdated": "2025-01-02T11:59:48.514Z", + "digest": "591ed3a1be927aafc2bb3ea0adf617f0c5ed9ab62817adcd55f44ff411b026ef" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:awsm:wp_job_openings:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "wp-job-openings", + "packageType": "wordpress-plugin", + "product": "WP Job Openings", + "repo": "https://plugins.svn.wordpress.org/wp-job-openings", + "vendor": "AWSM Innovations", + "versions": [ + { + "lessThan": "3.4.2", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-45101.json b/data/anchore/2023/CVE-2023-45101.json new file mode 100644 index 00000000..9fd78db6 --- /dev/null +++ b/data/anchore/2023/CVE-2023-45101.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-45101", + "description": "Missing Authorization vulnerability in CusRev Customer Reviews for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Customer Reviews for WooCommerce: from n/a through 5.36.0.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/customer-reviews-woocommerce/vulnerability/wordpress-customer-reviews-for-woocommerce-plugin-5-36-0-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Customer Reviews for WooCommerce plugin to the latest available version (at least 5.36.1)." + ], + "upstream": { + "datePublished": "2025-01-02T11:59:49.130Z", + "dateReserved": "2023-10-04T14:11:49.847Z", + "dateUpdated": "2025-01-02T11:59:49.130Z", + "digest": "8ffc0fcd774d9581a9e6e99a6164f80fcff8f5f565ae56332a9604c45b77a234" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:cusrev:customer_reviews_for_woocommerce:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "customer-reviews-woocommerce", + "packageType": "wordpress-plugin", + "product": "Customer Reviews for WooCommerce", + "repo": "https://plugins.svn.wordpress.org/customer-reviews-woocommerce", + "vendor": "CusRev", + "versions": [ + { + "lessThan": "5.36.1", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-45104.json b/data/anchore/2023/CVE-2023-45104.json new file mode 100644 index 00000000..f71c0634 --- /dev/null +++ b/data/anchore/2023/CVE-2023-45104.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-45104", + "description": "Missing Authorization vulnerability in WPDeveloper BetterLinks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BetterLinks: from n/a through 1.6.0.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/betterlinks/vulnerability/wordpress-betterlinks-plugin-1-6-0-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress BetterLinks plugin to the latest available version (at least 1.6.1)." + ], + "upstream": { + "datePublished": "2025-01-02T11:59:49.780Z", + "dateReserved": "2023-10-04T14:11:49.848Z", + "dateUpdated": "2025-01-02T11:59:49.780Z", + "digest": "388f6ddc68e51d345ffdd9b55bc76841b58b27bf639bbea4b4b67e6c3d488e19" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:wpdeveloper:betterlinks:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "betterlinks", + "packageType": "wordpress-plugin", + "product": "BetterLinks", + "repo": "https://plugins.svn.wordpress.org/betterlinks", + "vendor": "WPDeveloper", + "versions": [ + { + "lessThan": "1.6.1", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-45110.json b/data/anchore/2023/CVE-2023-45110.json new file mode 100644 index 00000000..27536562 --- /dev/null +++ b/data/anchore/2023/CVE-2023-45110.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-45110", + "description": "Missing Authorization vulnerability in BoldThemes Bold Timeline Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bold Timeline Lite: from n/a through 1.1.9.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/bold-timeline-lite/vulnerability/wordpress-bold-timeline-lite-plugin-1-1-9-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Bold Timeline Lite plugin to the latest available version (at least 1.2.0)." + ], + "upstream": { + "datePublished": "2025-01-02T11:59:50.374Z", + "dateReserved": "2023-10-04T14:11:49.849Z", + "dateUpdated": "2025-01-02T11:59:50.374Z", + "digest": "089e4c98e39ac157ea9526e2495e8204ee746e98b69df1e8e3365c667dc216c4" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:bold-themes:bold_timeline_lite:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "bold-timeline-lite", + "packageType": "wordpress-plugin", + "product": "Bold Timeline Lite", + "repo": "https://plugins.svn.wordpress.org/bold-timeline-lite", + "vendor": "BoldThemes", + "versions": [ + { + "lessThan": "1.2.0", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-45271.json b/data/anchore/2023/CVE-2023-45271.json new file mode 100644 index 00000000..48be71eb --- /dev/null +++ b/data/anchore/2023/CVE-2023-45271.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-45271", + "description": "Missing Authorization vulnerability in WowStore Team ProductX – Gutenberg WooCommerce Blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ProductX – Gutenberg WooCommerce Blocks: from n/a through 2.7.8.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/product-blocks/vulnerability/wordpress-productx-gutenberg-woocommerce-blocks-plugin-2-7-8-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress ProductX – Gutenberg WooCommerce Blocks plugin to the latest available version (at least 3.0.0)." + ], + "upstream": { + "datePublished": "2025-01-02T11:59:50.933Z", + "dateReserved": "2023-10-06T13:05:32.934Z", + "dateUpdated": "2025-01-02T11:59:50.933Z", + "digest": "e6e00c53b8ed1ee62316c685b38b28d0623cae560a084170568392fed2843708" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:wpxpo:wowstore:*:*:*:*:free:wordpress:*:*" + ], + "packageName": "product-blocks", + "packageType": "wordpress-plugin", + "product": "ProductX – Gutenberg WooCommerce Blocks", + "repo": "https://plugins.svn.wordpress.org/product-blocks", + "vendor": "WowStore Team", + "versions": [ + { + "lessThan": "3.0.0", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-45272.json b/data/anchore/2023/CVE-2023-45272.json new file mode 100644 index 00000000..8f7593cf --- /dev/null +++ b/data/anchore/2023/CVE-2023-45272.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-45272", + "description": "Missing Authorization vulnerability in 10Web 10Web Map Builder for Google Maps allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 10Web Map Builder for Google Maps: from n/a through 1.0.73.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/wd-google-maps/vulnerability/wordpress-10web-map-builder-for-google-maps-plugin-1-0-73-notice-dismissal-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress 10Web Map Builder for Google Maps plugin to the latest available version (at least 1.0.74)." + ], + "upstream": { + "datePublished": "2025-01-02T14:53:25.291Z", + "dateReserved": "2023-10-06T13:05:32.934Z", + "dateUpdated": "2025-01-02T14:53:25.291Z", + "digest": "9ef18f74964865fd349a18df5d1306e9b191302792830ad4c7f1f82bb0da1324" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:10web:map_builder_for_google_maps:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "wd-google-maps", + "packageType": "wordpress-plugin", + "product": "10Web Map Builder for Google Maps", + "repo": "https://plugins.svn.wordpress.org/wd-google-maps", + "vendor": "10Web", + "versions": [ + { + "lessThan": "1.0.74", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-45275.json b/data/anchore/2023/CVE-2023-45275.json new file mode 100644 index 00000000..349981e3 --- /dev/null +++ b/data/anchore/2023/CVE-2023-45275.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-45275", + "description": "Missing Authorization vulnerability in Kali Forms Contact Form builder with drag & drop - Kali Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form builder with drag & drop - Kali Forms: from n/a through 2.3.28.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/kali-forms/vulnerability/wordpress-contact-form-builder-with-drag-drop-plugin-2-3-27-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "No patched version is available." + ], + "upstream": { + "datePublished": "2025-01-02T11:59:51.535Z", + "dateReserved": "2023-10-06T13:05:32.934Z", + "dateUpdated": "2025-01-02T11:59:51.535Z", + "digest": "a7cc19476843c431a61ba58b24ae9397b54da3b775d30107b632377f745b33f6" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:kaliforms:kali_forms:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "kali-forms", + "packageType": "wordpress-plugin", + "product": "Contact Form builder with drag & drop - Kali Forms", + "repo": "https://plugins.svn.wordpress.org/kali-forms", + "vendor": "Kali Forms", + "versions": [ + { + "lessThan": "2.3.29", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-45631.json b/data/anchore/2023/CVE-2023-45631.json new file mode 100644 index 00000000..e6ee2827 --- /dev/null +++ b/data/anchore/2023/CVE-2023-45631.json @@ -0,0 +1,45 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-45631", + "description": "Missing Authorization vulnerability in wpdevart Responsive Image Gallery, Gallery Album allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/gallery-album/vulnerability/wordpress-gallery-image-and-video-gallery-with-thumbnails-plugin-2-0-3-broken-access-control-vulnerability?_s_id=cve" + ], + "upstream": { + "datePublished": "2025-01-02T11:59:52.114Z", + "dateReserved": "2023-10-10T07:47:54.381Z", + "dateUpdated": "2025-01-02T11:59:52.114Z", + "digest": "03e59d0db1feb7dd2655067a5520999cc69a615a29303bc3df0dcbe24949a95c" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:wpdevart:gallery:*:*:*:*:*:wordpress:*:*", + "cpe:2.3:a:wpdevart:responsive_image_gallery:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "gallery-album", + "packageType": "wordpress-plugin", + "product": "Responsive Image Gallery, Gallery Album", + "repo": "https://plugins.svn.wordpress.org/gallery-album", + "vendor": "wpdevart", + "versions": [ + { + "lessThanOrEqual": "2.0.3", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-45633.json b/data/anchore/2023/CVE-2023-45633.json new file mode 100644 index 00000000..9efdeb0a --- /dev/null +++ b/data/anchore/2023/CVE-2023-45633.json @@ -0,0 +1,44 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-45633", + "description": "Missing Authorization vulnerability in IDX IMPress Listings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IMPress Listings: from n/a through 2.6.2.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/wp-listings/vulnerability/wordpress-impress-listings-plugin-2-6-2-broken-access-control-vulnerability?_s_id=cve" + ], + "upstream": { + "datePublished": "2025-01-02T14:52:23.546Z", + "dateReserved": "2023-10-10T07:47:54.381Z", + "dateUpdated": "2025-01-02T14:52:23.546Z", + "digest": "b25abddb70130673dd1e80182582c03db69a5bae0ccef51003569542b9361688" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:agentevolution:impress_listings:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "wp-listings", + "packageType": "wordpress-plugin", + "product": "IMPress Listings", + "repo": "https://plugins.svn.wordpress.org/wp-listings", + "vendor": "IDX", + "versions": [ + { + "lessThanOrEqual": "2.6.2", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-45636.json b/data/anchore/2023/CVE-2023-45636.json new file mode 100644 index 00000000..bfa11ec4 --- /dev/null +++ b/data/anchore/2023/CVE-2023-45636.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-45636", + "description": "Missing Authorization vulnerability in WebToffee WordPress Backup & Migration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Backup & Migration: from n/a through 1.4.1.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/wp-migration-duplicator/vulnerability/wordpress-wordpress-backup-migration-plugin-1-4-1-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress WordPress Backup & Migration plugin to the latest available version (at least 1.4.2)." + ], + "upstream": { + "datePublished": "2025-01-02T11:59:52.682Z", + "dateReserved": "2023-10-10T07:47:54.382Z", + "dateUpdated": "2025-01-02T11:59:52.682Z", + "digest": "9a33f5e24776c4ff8e96d257348b8e605aafd2264baf082d08171bcef92078ad" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:webtoffee:backup_and_migration:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "wp-migration-duplicator", + "packageType": "wordpress-plugin", + "product": "WordPress Backup & Migration", + "repo": "https://plugins.svn.wordpress.org/wp-migration-duplicator", + "vendor": "WebToffee", + "versions": [ + { + "lessThan": "1.4.2", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-45649.json b/data/anchore/2023/CVE-2023-45649.json new file mode 100644 index 00000000..f7532d30 --- /dev/null +++ b/data/anchore/2023/CVE-2023-45649.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-45649", + "description": "Missing Authorization vulnerability in CodePeople Appointment Hour Booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Appointment Hour Booking: from n/a through 1.4.23.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/appointment-hour-booking/vulnerability/wordpress-appointment-hour-booking-plugin-1-4-23-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Appointment Hour Booking plugin to the latest available version (at least 1.4.24)." + ], + "upstream": { + "datePublished": "2025-01-02T11:59:53.263Z", + "dateReserved": "2023-10-10T12:38:22.831Z", + "dateUpdated": "2025-01-02T11:59:53.263Z", + "digest": "0bee9047f4221b7acfe6b728c63e62796bf039826e4a3ec9c2d380b2bfc52d09" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:dwbooster:appointment_hour_booking:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "appointment-hour-booking", + "packageType": "wordpress-plugin", + "product": "Appointment Hour Booking", + "repo": "https://plugins.svn.wordpress.org/appointment-hour-booking", + "vendor": "CodePeople", + "versions": [ + { + "lessThan": "1.4.24", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-45760.json b/data/anchore/2023/CVE-2023-45760.json new file mode 100644 index 00000000..8bcfd636 --- /dev/null +++ b/data/anchore/2023/CVE-2023-45760.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-45760", + "description": "Missing Authorization vulnerability in gVectors Team wpDiscuz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpDiscuz: from n/a through 7.6.3.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/wpdiscuz/vulnerability/wordpress-wpdiscuz-plugin-7-6-3-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress wpDiscuz plugin to the latest available version (at least 7.6.4)." + ], + "upstream": { + "datePublished": "2025-01-02T11:59:53.833Z", + "dateReserved": "2023-10-12T12:45:14.808Z", + "dateUpdated": "2025-01-02T11:59:53.833Z", + "digest": "3d452237432430d1a59e7be6662f6e448cfecaba784668a5cf5883b1b784a69d" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:gvectors:wpdiscuz:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "wpdiscuz", + "packageType": "wordpress-plugin", + "product": "wpDiscuz", + "repo": "https://plugins.svn.wordpress.org/wpdiscuz", + "vendor": "gVectors Team", + "versions": [ + { + "lessThan": "7.6.4", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-45765.json b/data/anchore/2023/CVE-2023-45765.json new file mode 100644 index 00000000..40f5fd42 --- /dev/null +++ b/data/anchore/2023/CVE-2023-45765.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-45765", + "description": "Missing Authorization vulnerability in weDevs WP ERP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP ERP: from n/a through 1.12.6.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/erp/vulnerability/wordpress-wp-erp-plugin-1-12-6-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress WP ERP plugin to the latest available version (at least 1.12.7)." + ], + "upstream": { + "datePublished": "2025-01-02T11:59:54.423Z", + "dateReserved": "2023-10-12T12:45:14.808Z", + "dateUpdated": "2025-01-02T11:59:54.423Z", + "digest": "92abcd135e211f3bbe4bb0339dbb3ce70b3b998815a3582d4f79970a0a6efc46" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:wedevs:wp_erp:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "erp", + "packageType": "wordpress-plugin", + "product": "WP ERP", + "repo": "https://plugins.svn.wordpress.org/erp", + "vendor": "weDevs", + "versions": [ + { + "lessThan": "1.12.7", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-45766.json b/data/anchore/2023/CVE-2023-45766.json new file mode 100644 index 00000000..ef01a243 --- /dev/null +++ b/data/anchore/2023/CVE-2023-45766.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-45766", + "description": "Missing Authorization vulnerability in Poll Maker Team Poll Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through 4.7.1.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/poll-maker/vulnerability/wordpress-poll-maker-plugin-4-7-1-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Poll Maker plugin to the latest available version (at least 4.7.2)." + ], + "upstream": { + "datePublished": "2025-01-02T11:59:55.392Z", + "dateReserved": "2023-10-12T12:45:14.808Z", + "dateUpdated": "2025-01-02T11:59:55.392Z", + "digest": "762f1b250927d3e781371287a3e798a71c03154f9727a46c7e844114a00992dd" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:ays-pro:poll_maker:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "poll-maker", + "packageType": "wordpress-plugin", + "product": "Poll Maker", + "repo": "https://plugins.svn.wordpress.org/poll-maker", + "vendor": "Poll Maker Team", + "versions": [ + { + "lessThanOrEqual": "4.7.2", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-46080.json b/data/anchore/2023/CVE-2023-46080.json new file mode 100644 index 00000000..d6a27fab --- /dev/null +++ b/data/anchore/2023/CVE-2023-46080.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-46080", + "description": "Missing Authorization vulnerability in Farhan Noor ApplyOnline – Application Form Builder and Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ApplyOnline – Application Form Builder and Manager: from n/a through 2.5.3.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/apply-online/vulnerability/wordpress-applyonline-application-form-builder-and-manager-plugin-2-5-2-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "No patched version is available." + ], + "upstream": { + "datePublished": "2025-01-02T11:59:57.760Z", + "dateReserved": "2023-10-16T11:02:30.484Z", + "dateUpdated": "2025-01-02T11:59:57.760Z", + "digest": "5fda17cb2e3fb97c5915bed63341b0dfbc0c738c80eb0018652670d33fb15882" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:spiderteams:applyonline_-_application_form_builder_and_manager:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "apply-online", + "packageType": "wordpress-plugin", + "product": "ApplyOnline – Application Form Builder and Manager", + "repo": "https://plugins.svn.wordpress.org/apply-online", + "vendor": "Farhan Noor", + "versions": [ + { + "lessThan": "2.5.4", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-46083.json b/data/anchore/2023/CVE-2023-46083.json new file mode 100644 index 00000000..8f119e89 --- /dev/null +++ b/data/anchore/2023/CVE-2023-46083.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-46083", + "description": "Missing Authorization vulnerability in Kali Forms Contact Form builder with drag & drop - Kali Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form builder with drag & drop - Kali Forms: from n/a through 2.3.27.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/kali-forms/vulnerability/wordpress-kali-forms-plugin-2-3-27-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Contact Form builder with drag & drop - Kali Forms plugin to the latest available version (at least 2.3.28)." + ], + "upstream": { + "datePublished": "2025-01-02T11:59:58.922Z", + "dateReserved": "2023-10-16T11:02:30.484Z", + "dateUpdated": "2025-01-02T11:59:58.922Z", + "digest": "95d78ee0b4f21cd245409d0a31b76a83caa10d6cf4379530b492cdb81e9d2329" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:kaliforms:kali_forms:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "kali-forms", + "packageType": "wordpress-plugin", + "product": "Contact Form builder with drag & drop - Kali Forms", + "repo": "https://plugins.svn.wordpress.org/kali-forms", + "vendor": "Kali Forms", + "versions": [ + { + "lessThan": "2.3.28", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-46188.json b/data/anchore/2023/CVE-2023-46188.json new file mode 100644 index 00000000..ad260d0d --- /dev/null +++ b/data/anchore/2023/CVE-2023-46188.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-46188", + "description": "Missing Authorization vulnerability in Jose Mortellaro Freesoul Deactivate Plugins – Plugin manager and cleanup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Freesoul Deactivate Plugins – Plugin manager and cleanup: from n/a through 2.1.3.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/freesoul-deactivate-plugins/vulnerability/wordpress-freesoul-deactivate-plugins-plugin-2-1-3-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Freesoul Deactivate Plugins – Plugin manager and cleanup plugin to the latest available version (at least 2.1.4)." + ], + "upstream": { + "datePublished": "2025-01-02T11:59:59.522Z", + "dateReserved": "2023-10-18T08:45:49.682Z", + "dateUpdated": "2025-01-02T11:59:59.522Z", + "digest": "88686ba1f2caae9b4b5aedbe366ca34f87ac7eaf812b94ac6288472c6bfe1852" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:freesoul_deactivate_plugins_-_plugin_manager_and_cleanup_project:freesoul_deactivate_plugins_-_plugin_manager_and_cleanup:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "freesoul-deactivate-plugins", + "packageType": "wordpress-plugin", + "product": "Freesoul Deactivate Plugins – Plugin manager and cleanup", + "repo": "https://plugins.svn.wordpress.org/freesoul-deactivate-plugins", + "vendor": "Jose Mortellaro", + "versions": [ + { + "lessThan": "2.1.4", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-46196.json b/data/anchore/2023/CVE-2023-46196.json new file mode 100644 index 00000000..2b63e573 --- /dev/null +++ b/data/anchore/2023/CVE-2023-46196.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-46196", + "description": "Missing Authorization vulnerability in Repuso Social proof testimonials and reviews by Repuso allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social proof testimonials and reviews by Repuso: from n/a through 4.97.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/social-testimonials-and-reviews-widget/vulnerability/wordpress-social-proof-testimonials-and-reviews-by-repuso-plugin-4-97-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Social proof testimonials and reviews by Repuso plugin to the latest available version (at least 5.00)." + ], + "upstream": { + "datePublished": "2025-01-02T12:00:11.708Z", + "dateReserved": "2023-10-18T08:45:49.684Z", + "dateUpdated": "2025-01-02T14:52:08.572Z", + "digest": "20544395315bb3b3325ec1015a327eba0cd4dfa3366187e3685165215defe983" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:repuso:repuso:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "social-testimonials-and-reviews-widget", + "packageType": "wordpress-plugin", + "product": "Social proof testimonials and reviews by Repuso", + "repo": "https://plugins.svn.wordpress.org/social-testimonials-and-reviews-widget", + "vendor": "Repuso", + "versions": [ + { + "lessThan": "5.0", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-46206.json b/data/anchore/2023/CVE-2023-46206.json new file mode 100644 index 00000000..d9b2165d --- /dev/null +++ b/data/anchore/2023/CVE-2023-46206.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-46206", + "description": "Missing Authorization vulnerability in websoudan MW WP Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MW WP Form: from n/a through 4.4.5.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/mw-wp-form/vulnerability/wordpress-mw-wp-form-plugin-4-4-5-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress MW WP Form plugin to the latest available version (at least 5.0.0)." + ], + "upstream": { + "datePublished": "2025-01-02T12:00:16.727Z", + "dateReserved": "2023-10-18T13:40:25.978Z", + "dateUpdated": "2025-01-02T12:00:16.727Z", + "digest": "f5f2b379dfb49883743c661a7b7dde2957c8fd56ffc03f66d79b42625fea5ffa" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:web-soudan:mw_wp_form:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "mw-wp-form", + "packageType": "wordpress-plugin", + "product": "MW WP Form", + "repo": "https://plugins.svn.wordpress.org/mw-wp-form", + "vendor": "websoudan", + "versions": [ + { + "lessThan": "5.0.0", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-46309.json b/data/anchore/2023/CVE-2023-46309.json new file mode 100644 index 00000000..c2fff5c1 --- /dev/null +++ b/data/anchore/2023/CVE-2023-46309.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-46309", + "description": "Missing Authorization vulnerability in gVectors Team wpDiscuz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpDiscuz: from n/a through 7.6.10.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/wpdiscuz/vulnerability/wordpress-wpdiscuz-plugin-7-6-10-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress wpDiscuz plugin to the latest available version (at least 7.6.11)." + ], + "upstream": { + "datePublished": "2025-01-02T12:00:17.479Z", + "dateReserved": "2023-10-22T21:19:05.181Z", + "dateUpdated": "2025-01-02T12:00:17.479Z", + "digest": "d69da07b93729994cf4d0a1da35030b5f2e7b2aef09dd02e427831b3a911c481" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:gvectors:wpdiscuz:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "wpdiscuz", + "packageType": "wordpress-plugin", + "product": "wpDiscuz", + "repo": "https://plugins.svn.wordpress.org/wpdiscuz", + "vendor": "gVectors Team", + "versions": [ + { + "lessThan": "7.6.11", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-46607.json b/data/anchore/2023/CVE-2023-46607.json new file mode 100644 index 00000000..312f53ee --- /dev/null +++ b/data/anchore/2023/CVE-2023-46607.json @@ -0,0 +1,44 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-46607", + "description": "Missing Authorization vulnerability in WP iCal Availability WP iCal Availability allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP iCal Availability: from n/a through 1.0.3.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/wp-ical-availability/vulnerability/wordpress-wp-ical-availability-plugin-1-0-3-broken-access-control-vulnerability?_s_id=cve" + ], + "upstream": { + "datePublished": "2025-01-02T12:00:19.580Z", + "dateReserved": "2023-10-24T13:09:53.767Z", + "dateUpdated": "2025-01-02T12:00:19.580Z", + "digest": "c93f5b9e3ae074ee0422c8cb6dac77c8f767c168cdd4bcbd8d183b7d66a5ce58" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:wpicalavailability:wp_ical_availability:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "wp-ical-availability", + "packageType": "wordpress-plugin", + "product": "WP iCal Availability", + "repo": "https://plugins.svn.wordpress.org/wp-ical-availability", + "vendor": "WP iCal Availability", + "versions": [ + { + "lessThanOrEqual": "1.0.3", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-46608.json b/data/anchore/2023/CVE-2023-46608.json new file mode 100644 index 00000000..870de9ab --- /dev/null +++ b/data/anchore/2023/CVE-2023-46608.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-46608", + "description": "Missing Authorization vulnerability in WPDO DoLogin Security allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DoLogin Security: from n/a through 3.7.1.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/dologin/vulnerability/wordpress-dologin-security-plugin-3-7-1-multiple-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "No patched version is available." + ], + "upstream": { + "datePublished": "2025-01-02T12:00:20.249Z", + "dateReserved": "2023-10-24T13:09:53.767Z", + "dateUpdated": "2025-01-02T12:00:20.249Z", + "digest": "86fdd73a9a11956529062a902b0e1afe400ba7069ea7f4ca57d42b3d824be23a" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:wpdo:dologin_security:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "dologin", + "packageType": "wordpress-plugin", + "product": "DoLogin Security", + "repo": "https://plugins.svn.wordpress.org/dologin", + "vendor": "WPDO", + "versions": [ + { + "lessThan": "3.8", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-46611.json b/data/anchore/2023/CVE-2023-46611.json new file mode 100644 index 00000000..1a61995d --- /dev/null +++ b/data/anchore/2023/CVE-2023-46611.json @@ -0,0 +1,48 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-46611", + "description": "Authentication Bypass by Primary Weakness vulnerability in yourownprogrammer YOP Poll allows Authentication Bypass.This issue affects YOP Poll: from n/a through 6.5.28.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/yop-poll/vulnerability/wordpress-yop-poll-plugin-6-5-28-vote-manipulation-due-to-broken-captcha-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress YOP Poll plugin to the latest available version (at least 6.5.29)." + ], + "upstream": { + "datePublished": "2025-01-02T12:00:22.156Z", + "dateReserved": "2023-10-24T13:09:53.768Z", + "dateUpdated": "2025-01-02T17:17:59.853Z", + "digest": "dfbb4d773853e90fb70fc1e42eca49eb07ee1ae2ef07074aa5348fa63f3fe85d" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:yop-poll:yop-poll:*:*:*:*:*:wordpress:*:*", + "cpe:2.3:a:yop-poll:yop_poll:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "yop-poll", + "packageType": "wordpress-plugin", + "product": "YOP Poll", + "repo": "https://plugins.svn.wordpress.org/yop-poll", + "vendor": "yourownprogrammer", + "versions": [ + { + "lessThan": "6.5.29", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-46612.json b/data/anchore/2023/CVE-2023-46612.json new file mode 100644 index 00000000..88c13f3a --- /dev/null +++ b/data/anchore/2023/CVE-2023-46612.json @@ -0,0 +1,44 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-46612", + "description": "Missing Authorization vulnerability in codedrafty Mediabay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mediabay: from n/a through 1.6.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/mediabay-lite/vulnerability/wordpress-mediabay-plugin-1-6-broken-access-control-vulnerability?_s_id=cve" + ], + "upstream": { + "datePublished": "2025-01-02T12:00:22.765Z", + "dateReserved": "2023-10-24T13:09:53.768Z", + "dateUpdated": "2025-01-02T14:52:08.340Z", + "digest": "f97ed18240854a1a48a5d0609ed5574102da3c3535921f87c1742b0015abbe9d" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:codedraft:mediabay_-_wordpress_media_library_folders:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "mediabay-lite", + "packageType": "wordpress-plugin", + "product": "Mediabay", + "repo": "https://plugins.svn.wordpress.org/mediabay-lite", + "vendor": "codedrafty", + "versions": [ + { + "lessThanOrEqual": "1.6", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-46628.json b/data/anchore/2023/CVE-2023-46628.json new file mode 100644 index 00000000..9e690c7a --- /dev/null +++ b/data/anchore/2023/CVE-2023-46628.json @@ -0,0 +1,44 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-46628", + "description": "Missing Authorization vulnerability in RedLettuce Plugins WP Word Count allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Word Count: from n/a through 3.2.4.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/wp-word-count/vulnerability/wordpress-wp-word-count-plugin-3-2-4-broken-access-control-vulnerability?_s_id=cve" + ], + "upstream": { + "datePublished": "2025-01-02T12:00:24.152Z", + "dateReserved": "2023-10-24T13:10:29.307Z", + "dateUpdated": "2025-01-02T17:14:44.619Z", + "digest": "822b70894a7d61df2ee36524fd0bfcab9623339fd0dde3fe0a01018bcbe0ce99" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:redlettuce:wp_word_count:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "wp-word-count", + "packageType": "wordpress-plugin", + "product": "WP Word Count", + "repo": "https://plugins.svn.wordpress.org/wp-word-count", + "vendor": "RedLettuce Plugins", + "versions": [ + { + "lessThanOrEqual": "3.2.4", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-46633.json b/data/anchore/2023/CVE-2023-46633.json new file mode 100644 index 00000000..eab6a265 --- /dev/null +++ b/data/anchore/2023/CVE-2023-46633.json @@ -0,0 +1,44 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-46633", + "description": "Missing Authorization vulnerability in TCBarrett Glossary allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Glossary: from n/a through 3.1.2.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/wp-glossary/vulnerability/wordpress-wp-glossary-plugin-3-1-2-broken-access-control-vulnerability?_s_id=cve" + ], + "upstream": { + "datePublished": "2025-01-02T12:00:25.979Z", + "dateReserved": "2023-10-24T13:10:29.308Z", + "dateUpdated": "2025-01-02T14:52:07.868Z", + "digest": "4aa5a885c339454648071ac6ea6587dcb9defcd9a51c22bfb1e68b31e940b821" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:wp_glossary_project:wp_glossary:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "wp-glossary", + "packageType": "wordpress-plugin", + "product": "Glossary", + "repo": "https://plugins.svn.wordpress.org/wp-glossary", + "vendor": "TCBarrett", + "versions": [ + { + "lessThanOrEqual": "3.1.2", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-46635.json b/data/anchore/2023/CVE-2023-46635.json new file mode 100644 index 00000000..b4f9fea5 --- /dev/null +++ b/data/anchore/2023/CVE-2023-46635.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-46635", + "description": "Missing Authorization vulnerability in YITH YITH WooCommerce Product Add-Ons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.2.0.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/yith-woocommerce-product-add-ons/vulnerability/wordpress-yith-woocommerce-product-add-ons-plugin-4-2-0-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "No patched version is available. No reply from the vendor." + ], + "upstream": { + "datePublished": "2025-01-02T12:00:26.584Z", + "dateReserved": "2023-10-24T13:10:46.641Z", + "dateUpdated": "2025-01-02T17:12:30.332Z", + "digest": "3924a96a4c8cdf26352630f2128c2fb8671c46afc79f7becfcfa0fec00a32ac3" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:yithemes:yith_woocommerce_product_add-ons:*:*:*:*:free:wordpress:*:*" + ], + "packageName": "yith-woocommerce-product-add-ons", + "packageType": "wordpress-plugin", + "product": "YITH WooCommerce Product Add-Ons", + "repo": "https://plugins.svn.wordpress.org/yith-woocommerce-product-add-ons", + "vendor": "YITH", + "versions": [ + { + "lessThan": "4.2.1", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-46639.json b/data/anchore/2023/CVE-2023-46639.json new file mode 100644 index 00000000..bc3f39d3 --- /dev/null +++ b/data/anchore/2023/CVE-2023-46639.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-46639", + "description": "Missing Authorization vulnerability in FeedbackWP kk Star Ratings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects kk Star Ratings: from n/a through 5.4.5.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/kk-star-ratings/vulnerability/wordpress-kk-star-ratings-plugin-5-4-5-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress kk Star Ratings plugin to the latest available version (at least 5.4.6)." + ], + "upstream": { + "datePublished": "2025-01-02T12:00:27.782Z", + "dateReserved": "2023-10-24T13:10:46.642Z", + "dateUpdated": "2025-01-02T17:11:57.280Z", + "digest": "56ad31b2ab1f5cca029f331e8c303d23403f29b410558bc76d3688c2b39a238a" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:kamalkhan:kk_star_ratings:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "kk-star-ratings", + "packageType": "wordpress-plugin", + "product": "kk Star Ratings", + "repo": "https://plugins.svn.wordpress.org/kk-star-ratings", + "vendor": "FeedbackWP", + "versions": [ + { + "lessThan": "5.4.6", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-47179.json b/data/anchore/2023/CVE-2023-47179.json new file mode 100644 index 00000000..c7b44929 --- /dev/null +++ b/data/anchore/2023/CVE-2023-47179.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-47179", + "description": "Missing Authorization vulnerability in ByConsole WooODT Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooODT Lite: from n/a through 2.4.6.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/byconsole-woo-order-delivery-time/vulnerability/wordpress-wooodt-lite-plugin-2-4-6-arbitrary-site-option-update-vulnerability?_s_id=cve" + ], + "solutions": [ + "No patched version is available. No reply from the vendor." + ], + "upstream": { + "datePublished": "2025-01-02T12:00:28.951Z", + "dateReserved": "2023-10-31T09:49:27.001Z", + "dateUpdated": "2025-01-02T17:47:58.306Z", + "digest": "ed980aa007cb81e848603be2074db3a277713678b8a71ea9d83b94398175b2b9" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:byconsole:wooodt_lite:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "byconsole-woo-order-delivery-time", + "packageType": "wordpress-plugin", + "product": "WooODT Lite", + "repo": "https://plugins.svn.wordpress.org/byconsole-woo-order-delivery-time", + "vendor": "ByConsole", + "versions": [ + { + "lessThan": "2.4.7", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-47180.json b/data/anchore/2023/CVE-2023-47180.json new file mode 100644 index 00000000..6ee0b386 --- /dev/null +++ b/data/anchore/2023/CVE-2023-47180.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-47180", + "description": "Missing Authorization vulnerability in XLPlugins Finale Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Finale Lite: from n/a through 2.16.0.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/finale-woocommerce-sales-countdown-timer-discount/vulnerability/wordpress-finale-lite-sales-countdown-timer-discount-for-woocommerce-plugin-2-16-0-arbitrary-content-deletion-vulnerability?_s_id=cve" + ], + "solutions": [ + "No patched version is available." + ], + "upstream": { + "datePublished": "2025-01-02T12:00:29.545Z", + "dateReserved": "2023-10-31T09:49:27.001Z", + "dateUpdated": "2025-01-02T12:00:29.545Z", + "digest": "8d1d7bce4520d9db5387a561077145a3f88ba3c639ce976d7dc4ce30be1d47e9" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:xlplugins:finale:*:*:*:*:lite:wordpress:*:*" + ], + "packageName": "finale-woocommerce-sales-countdown-timer-discount", + "packageType": "wordpress-plugin", + "product": "Finale Lite", + "repo": "https://plugins.svn.wordpress.org/finale-woocommerce-sales-countdown-timer-discount", + "vendor": "XLPlugins", + "versions": [ + { + "lessThan": "2.17.0", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-47183.json b/data/anchore/2023/CVE-2023-47183.json new file mode 100644 index 00000000..e140be2d --- /dev/null +++ b/data/anchore/2023/CVE-2023-47183.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-47183", + "description": "Missing Authorization vulnerability in GiveWP GiveWP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GiveWP: from n/a through 2.33.1.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/give/vulnerability/wordpress-givewp-plugin-2-33-1-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress GiveWP plugin to the latest available version (at least 2.33.2)." + ], + "upstream": { + "datePublished": "2025-01-02T12:00:30.341Z", + "dateReserved": "2023-10-31T14:57:50.539Z", + "dateUpdated": "2025-01-02T12:00:30.341Z", + "digest": "542a3ee840bca9b7710354ea099ae2d92eae9c96ea11106b521803ad02bf14ae" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:givewp:givewp:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "give", + "packageType": "wordpress-plugin", + "product": "GiveWP", + "repo": "https://plugins.svn.wordpress.org/give", + "vendor": "GiveWP", + "versions": [ + { + "lessThan": "2.33.2", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-47188.json b/data/anchore/2023/CVE-2023-47188.json new file mode 100644 index 00000000..84a2244f --- /dev/null +++ b/data/anchore/2023/CVE-2023-47188.json @@ -0,0 +1,48 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-47188", + "description": "Missing Authorization vulnerability in PressTigers Simple Job Board allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Job Board: from n/a through 2.10.5.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/simple-job-board/vulnerability/wordpress-simple-job-board-plugin-2-10-5-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Simple Job Board plugin to the latest available version (at least 2.10.6)." + ], + "upstream": { + "datePublished": "2025-01-02T12:00:31.504Z", + "dateReserved": "2023-10-31T14:57:50.540Z", + "dateUpdated": "2025-01-02T12:00:31.504Z", + "digest": "a1ec0067894394f53e1ce652dae28d797f236a82f06be9a1086db0f66c52af97" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:presstigers:simple_board_job:*:*:*:*:*:wordpress:*:*", + "cpe:2.3:a:presstigers:simple_job_board:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "simple-job-board", + "packageType": "wordpress-plugin", + "product": "Simple Job Board", + "repo": "https://plugins.svn.wordpress.org/simple-job-board", + "vendor": "PressTigers", + "versions": [ + { + "lessThan": "2.10.6", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-47224.json b/data/anchore/2023/CVE-2023-47224.json new file mode 100644 index 00000000..fe417a39 --- /dev/null +++ b/data/anchore/2023/CVE-2023-47224.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-47224", + "description": "Missing Authorization vulnerability in WP Travel WP Travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through 7.8.0.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/wp-travel/vulnerability/wordpress-wp-travel-plugin-7-5-0-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "No patched version is available." + ], + "upstream": { + "datePublished": "2025-01-02T12:00:32.129Z", + "dateReserved": "2023-11-03T12:48:38.156Z", + "dateUpdated": "2025-01-02T12:00:32.129Z", + "digest": "ba01e1945f558cbcfeaaa4ba19b48ef4cdfeacc78878da11b0497872b622283e" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:wensolutions:wp_travel:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "wp-travel", + "packageType": "wordpress-plugin", + "product": "WP Travel", + "repo": "https://plugins.svn.wordpress.org/wp-travel", + "vendor": "WP Travel", + "versions": [ + { + "lessThan": "7.8.1", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-47225.json b/data/anchore/2023/CVE-2023-47225.json new file mode 100644 index 00000000..84eee01d --- /dev/null +++ b/data/anchore/2023/CVE-2023-47225.json @@ -0,0 +1,44 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-47225", + "description": "Missing Authorization vulnerability in KaizenCoders Short URL allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Short URL: from n/a through 1.6.8.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/shorten-url/vulnerability/wordpress-short-url-plugin-1-6-8-broken-access-control-vulnerability?_s_id=cve" + ], + "upstream": { + "datePublished": "2025-01-02T12:00:32.729Z", + "dateReserved": "2023-11-03T12:48:38.157Z", + "dateUpdated": "2025-01-02T14:52:07.761Z", + "digest": "c730b41c7e7fa225038ea688c4f22e8c7bfd45e6579f457f4f8d60f9da032e53" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:kaizencoders:short_url:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "shorten-url", + "packageType": "wordpress-plugin", + "product": "Short URL", + "repo": "https://plugins.svn.wordpress.org/shorten-url", + "vendor": "KaizenCoders", + "versions": [ + { + "lessThanOrEqual": "1.6.8", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-47557.json b/data/anchore/2023/CVE-2023-47557.json new file mode 100644 index 00000000..5561e1ea --- /dev/null +++ b/data/anchore/2023/CVE-2023-47557.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-47557", + "description": "Missing Authorization vulnerability in wp-buy Visitors Traffic Real Time Statistics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Visitors Traffic Real Time Statistics: from n/a through 7.2.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/visitors-traffic-real-time-statistics/vulnerability/wordpress-visitor-traffic-real-time-statistics-plugin-7-2-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Incomplete patch. No more replies from the vendor." + ], + "upstream": { + "datePublished": "2025-01-02T12:00:35.158Z", + "dateReserved": "2023-11-06T11:25:49.682Z", + "dateUpdated": "2025-01-02T14:52:07.529Z", + "digest": "9a3053a55ac991c6432b4f211719ece9c37f10bdbbfe372d733c40e9e3c404d0" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:wp-buy:visitor_traffic_real_time_statistics:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "visitors-traffic-real-time-statistics", + "packageType": "wordpress-plugin", + "product": "Visitors Traffic Real Time Statistics", + "repo": "https://plugins.svn.wordpress.org/visitors-traffic-real-time-statistics", + "vendor": "wp-buy", + "versions": [ + { + "lessThan": "7.3", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-47647.json b/data/anchore/2023/CVE-2023-47647.json new file mode 100644 index 00000000..eac2916a --- /dev/null +++ b/data/anchore/2023/CVE-2023-47647.json @@ -0,0 +1,45 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-47647", + "description": "Missing Authorization vulnerability in LearningTimes BadgeOS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BadgeOS: from n/a through 3.7.1.6.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/badgeos/vulnerability/wordpress-badgeos-plugin-3-7-1-6-broken-access-control-vulnerability?_s_id=cve" + ], + "upstream": { + "datePublished": "2025-01-02T12:00:35.748Z", + "dateReserved": "2023-11-07T17:36:14.650Z", + "dateUpdated": "2025-01-02T14:52:07.432Z", + "digest": "e0839de85ba4359fadd45c4b0887d3ed13911d3e137211ffe474af915e6b422f" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:badgeos:badgeos:*:*:*:*:*:wordpress:*:*", + "cpe:2.3:a:badgeos:badgos:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "badgeos", + "packageType": "wordpress-plugin", + "product": "BadgeOS", + "repo": "https://plugins.svn.wordpress.org/badgeos", + "vendor": "LearningTimes", + "versions": [ + { + "lessThanOrEqual": "3.7.1.6", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-47648.json b/data/anchore/2023/CVE-2023-47648.json new file mode 100644 index 00000000..2765d5bb --- /dev/null +++ b/data/anchore/2023/CVE-2023-47648.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-47648", + "description": "Missing Authorization vulnerability in spider-themes EazyDocs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EazyDocs: from n/a through 2.3.5.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/eazydocs/vulnerability/wordpress-eazydocs-plugin-2-3-3-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "No patched version is available." + ], + "upstream": { + "datePublished": "2025-01-02T12:00:36.326Z", + "dateReserved": "2023-11-07T17:36:14.650Z", + "dateUpdated": "2025-01-02T12:00:36.326Z", + "digest": "fbd24e4173c11bf03c44f3e13ff63b544aa811d03355b208c98a1360c82697ac" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:spider-themes:eazydocs:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "eazydocs", + "packageType": "wordpress-plugin", + "product": "EazyDocs", + "repo": "https://plugins.svn.wordpress.org/eazydocs", + "vendor": "spider-themes", + "versions": [ + { + "lessThan": "2.3.6", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-47692.json b/data/anchore/2023/CVE-2023-47692.json new file mode 100644 index 00000000..d72f7fbb --- /dev/null +++ b/data/anchore/2023/CVE-2023-47692.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-47692", + "description": "Missing Authorization vulnerability in Flothemes Flo Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flo Forms: from n/a through 1.0.41.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/flo-forms/vulnerability/wordpress-flo-forms-plugin-1-0-41-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "No patched version is available." + ], + "upstream": { + "datePublished": "2025-01-02T12:00:38.156Z", + "dateReserved": "2023-11-08T18:55:46.153Z", + "dateUpdated": "2025-01-02T14:52:07.231Z", + "digest": "10db11f0a87e831f669436281c45aa9f775c9740e0fe421cd85a4ee091f86a73" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:flothemes:flo_forms:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "flo-forms", + "packageType": "wordpress-plugin", + "product": "Flo Forms", + "repo": "https://plugins.svn.wordpress.org/flo-forms", + "vendor": "Flothemes", + "versions": [ + { + "lessThan": "1.0.42", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-47693.json b/data/anchore/2023/CVE-2023-47693.json new file mode 100644 index 00000000..685b24b8 --- /dev/null +++ b/data/anchore/2023/CVE-2023-47693.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-47693", + "description": "Missing Authorization vulnerability in Themefic Ultimate Addons for Contact Form 7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Addons for Contact Form 7: from n/a through 3.2.6.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/ultimate-addons-for-contact-form-7/vulnerability/wordpress-ultimate-addons-for-contact-form-7-plugin-3-2-5-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "No patched version is available." + ], + "upstream": { + "datePublished": "2025-01-02T12:00:38.749Z", + "dateReserved": "2023-11-08T18:55:46.153Z", + "dateUpdated": "2025-01-02T12:00:38.749Z", + "digest": "805367b1a365863b0e246ebb14f14dfa2e2465a9c7bb28ad15d6ae25fa8a3a3f" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:themefic:ultimate_addons_for_contact_form_7:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "ultimate-addons-for-contact-form-7", + "packageType": "wordpress-plugin", + "product": "Ultimate Addons for Contact Form 7", + "repo": "https://plugins.svn.wordpress.org/ultimate-addons-for-contact-form-7", + "vendor": "Themefic", + "versions": [ + { + "lessThan": "3.2.7", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-47807.json b/data/anchore/2023/CVE-2023-47807.json new file mode 100644 index 00000000..fd69aecb --- /dev/null +++ b/data/anchore/2023/CVE-2023-47807.json @@ -0,0 +1,44 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-47807", + "description": "Missing Authorization vulnerability in 10Web 10WebAnalytics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 10WebAnalytics: from n/a through 1.2.12.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/wd-google-analytics/vulnerability/wordpress-10webanalytics-plugin-1-2-12-broken-access-control-vulnerability?_s_id=cve" + ], + "upstream": { + "datePublished": "2025-01-02T14:16:14.550Z", + "dateReserved": "2023-11-12T21:34:32.190Z", + "dateUpdated": "2025-01-02T14:44:50.397Z", + "digest": "2eade83f3e1107a1f32af8cba871604903ada69d4113753aae78927845cd1ad4" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:10web:10webanalytics:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "wd-google-analytics", + "packageType": "wordpress-plugin", + "product": "10WebAnalytics", + "repo": "https://plugins.svn.wordpress.org/wd-google-analytics", + "vendor": "10Web", + "versions": [ + { + "lessThanOrEqual": "1.2.12", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-48739.json b/data/anchore/2023/CVE-2023-48739.json new file mode 100644 index 00000000..7fdb6644 --- /dev/null +++ b/data/anchore/2023/CVE-2023-48739.json @@ -0,0 +1,43 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-48739", + "description": "Missing Authorization vulnerability in Porto Theme Porto Theme - Functionality allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Porto Theme - Functionality: from n/a before 2.12.1.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/porto-functionality/vulnerability/wordpress-porto-theme-functionality-plugin-2-11-1-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "No patched version is available." + ], + "upstream": { + "datePublished": "2025-01-02T14:15:26.724Z", + "dateReserved": "2023-11-18T22:09:33.698Z", + "dateUpdated": "2025-01-02T14:47:56.136Z", + "digest": "45396f2e9c8f21a67b8b32426a0342e77717b26dd7562c01c3f0c9cc04cd95d0" + } + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:portotheme:functionality:*:*:*:*:*:wordpress:*:*" + ], + "product": "Porto Theme - Functionality", + "vendor": "Porto Theme", + "versions": [ + { + "lessThan": "2.12.1", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-48758.json b/data/anchore/2023/CVE-2023-48758.json new file mode 100644 index 00000000..7dcd84c6 --- /dev/null +++ b/data/anchore/2023/CVE-2023-48758.json @@ -0,0 +1,44 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2023-48758", + "description": "Missing Authorization vulnerability in Crocoblock JetEngine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetEngine: from n/a through 3.2.4.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/jet-engine/vulnerability/wordpress-jetengine-plugin-3-2-4-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress JetEngine plugin to the latest available version (at least 3.2.5)." + ], + "upstream": { + "datePublished": "2025-01-02T14:14:17.899Z", + "dateReserved": "2023-11-18T22:10:24.152Z", + "dateUpdated": "2025-01-02T14:51:19.084Z", + "digest": "2ba30a77184f5ec673a284d9dc7108018a082ed8d048f7ad501e3c96b2a0a93d" + } + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:crocoblock:jetengine:*:*:*:*:*:*:*:*", + "cpe:2.3:a:crocoblock:jetengine:*:*:*:*:*:wordpress:*:*" + ], + "product": "JetEngine", + "vendor": "Crocoblock", + "versions": [ + { + "lessThan": "3.2.5", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-37093.json b/data/anchore/2024/CVE-2024-37093.json new file mode 100644 index 00000000..f55c2b86 --- /dev/null +++ b/data/anchore/2024/CVE-2024-37093.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-37093", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes MasterStudy LMS allows Cross Site Request Forgery.This issue affects MasterStudy LMS: from n/a through 3.2.1.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/masterstudy-lms-learning-management-system/vulnerability/wordpress-masterstudy-lms-wordpress-plugin-plugin-3-2-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress MasterStudy LMS plugin to the latest available version (at least 3.2.2)." + ], + "upstream": { + "datePublished": "2025-01-02T12:00:39.514Z", + "dateReserved": "2024-06-03T11:44:37.495Z", + "dateUpdated": "2025-01-02T12:00:39.514Z", + "digest": "73dc198a865bc62d454804775f178a0363be9f301be4a0726b2a28b06861c21a" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:stylemixthemes:masterstudy_lms:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "masterstudy-lms-learning-management-system", + "packageType": "wordpress-plugin", + "product": "MasterStudy LMS", + "repo": "https://plugins.svn.wordpress.org/masterstudy-lms-learning-management-system", + "vendor": "StylemixThemes", + "versions": [ + { + "lessThan": "3.2.2", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-37235.json b/data/anchore/2024/CVE-2024-37235.json new file mode 100644 index 00000000..549c66d2 --- /dev/null +++ b/data/anchore/2024/CVE-2024-37235.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-37235", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in Groundhogg Inc. Groundhogg allows Cross Site Request Forgery.This issue affects Groundhogg: from n/a through 3.4.2.3.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/groundhogg/vulnerability/wordpress-groundhogg-plugin-3-4-2-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Groundhogg plugin to the latest available version (at least 3.4.3)." + ], + "upstream": { + "datePublished": "2025-01-02T12:00:42.100Z", + "dateReserved": "2024-06-04T16:46:21.941Z", + "dateUpdated": "2025-01-02T16:37:28.558Z", + "digest": "8ae5d93fdd201dba3737d6495253430d0c60c33dc8b621ab44291fcc74b8a379" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:groundhogg:groundhogg:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "groundhogg", + "packageType": "wordpress-plugin", + "product": "Groundhogg", + "repo": "https://plugins.svn.wordpress.org/groundhogg", + "vendor": "Groundhogg Inc.", + "versions": [ + { + "lessThan": "3.4.3", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-37236.json b/data/anchore/2024/CVE-2024-37236.json new file mode 100644 index 00000000..ccedc727 --- /dev/null +++ b/data/anchore/2024/CVE-2024-37236.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-37236", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in Tim Whitlock Loco Translate allows Cross Site Request Forgery.This issue affects Loco Translate: from n/a through 2.6.9.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/loco-translate/vulnerability/wordpress-loco-translate-plugin-2-6-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Loco Translate plugin to the latest available version (at least 2.6.10)." + ], + "upstream": { + "datePublished": "2025-01-02T12:00:42.709Z", + "dateReserved": "2024-06-04T16:46:21.941Z", + "dateUpdated": "2025-01-02T16:36:55.920Z", + "digest": "3cd576411502b4243a2c04d64f5bb8eb4f8a7999ce8db6318cd5f2f3d5c425bd" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:loco_translate_project:loco_translate:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "loco-translate", + "packageType": "wordpress-plugin", + "product": "Loco Translate", + "repo": "https://plugins.svn.wordpress.org/loco-translate", + "vendor": "Tim Whitlock", + "versions": [ + { + "lessThan": "2.6.10", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-37240.json b/data/anchore/2024/CVE-2024-37240.json new file mode 100644 index 00000000..cf6e1a5a --- /dev/null +++ b/data/anchore/2024/CVE-2024-37240.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-37240", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in Faboba Falang multilanguage allows Cross Site Request Forgery.This issue affects Falang multilanguage: from n/a through 1.3.51.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/falang/vulnerability/wordpress-falang-multilanguage-for-wordpress-plugin-1-3-51-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Falang multilanguage plugin to the latest available version (at least 1.3.52)." + ], + "upstream": { + "datePublished": "2025-01-02T12:00:43.867Z", + "dateReserved": "2024-06-04T16:46:33.482Z", + "dateUpdated": "2025-01-02T14:52:07.013Z", + "digest": "5c17353e0c2a03a8184b254d2c903dcf5324532c20296d61c7067576362bb5d1" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:faboba:falang:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "falang", + "packageType": "wordpress-plugin", + "product": "Falang multilanguage", + "repo": "https://plugins.svn.wordpress.org/falang", + "vendor": "Faboba", + "versions": [ + { + "lessThan": "1.3.52", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-37431.json b/data/anchore/2024/CVE-2024-37431.json new file mode 100644 index 00000000..129aa65e --- /dev/null +++ b/data/anchore/2024/CVE-2024-37431.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-37431", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in Horea Radu Mesmerize allows Cross Site Request Forgery.This issue affects Mesmerize: from n/a through 1.6.120.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/theme/mesmerize/vulnerability/wordpress-mesmerize-theme-1-6-120-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Mesmerize theme to the latest available version (at least 1.6.124)." + ], + "upstream": { + "datePublished": "2025-01-02T12:00:50.297Z", + "dateReserved": "2024-06-09T08:51:46.247Z", + "dateUpdated": "2025-01-02T16:28:44.627Z", + "digest": "620298c5234ab799b5e8842dcbc290b5ee3ae14bdfa7c9b4793e20f09a5ca73c" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/themes", + "cpes": [ + "cpe:2.3:a:extendthemes:mesmerize:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "mesmerize", + "packageType": "wordpress-theme", + "product": "Mesmerize", + "repo": "https://themes.svn.wordpress.org/mesmerize", + "vendor": "Horea Radu", + "versions": [ + { + "lessThan": "1.6.124", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-37458.json b/data/anchore/2024/CVE-2024-37458.json new file mode 100644 index 00000000..1fd89531 --- /dev/null +++ b/data/anchore/2024/CVE-2024-37458.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-37458", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in ExtendThemes Highlight allows Cross Site Request Forgery.This issue affects Highlight: from n/a through 1.0.29.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/theme/highlight/vulnerability/wordpress-highlight-theme-1-0-29-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Highlight theme to the latest available version (at least 1.0.30)." + ], + "upstream": { + "datePublished": "2025-01-02T12:00:53.830Z", + "dateReserved": "2024-06-09T08:52:16.574Z", + "dateUpdated": "2025-01-02T12:00:53.830Z", + "digest": "0d98224e8ed380242958585d1f52ba45533cb1d24f9497c73135ecc328496c98" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/themes", + "cpes": [ + "cpe:2.3:a:dna88:highlight:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "highlight", + "packageType": "wordpress-theme", + "product": "Highlight", + "repo": "https://themes.svn.wordpress.org/highlight", + "vendor": "ExtendThemes", + "versions": [ + { + "lessThan": "1.0.30", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-37469.json b/data/anchore/2024/CVE-2024-37469.json new file mode 100644 index 00000000..0ecd234e --- /dev/null +++ b/data/anchore/2024/CVE-2024-37469.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-37469", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in CreativeThemes Blocksy allows Cross Site Request Forgery.This issue affects Blocksy: from n/a through 2.0.22.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/theme/blocksy/vulnerability/wordpress-blocksy-theme-1-9-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Blocksy theme to the latest available version (at least 2.0.23)." + ], + "upstream": { + "datePublished": "2025-01-02T12:00:54.991Z", + "dateReserved": "2024-06-09T11:43:13.094Z", + "dateUpdated": "2025-01-02T16:26:46.544Z", + "digest": "48f67c3dd9fbee3356d3630971c5131d3081425ee36d482d8e0c287a667c3d94" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/themes", + "cpes": [ + "cpe:2.3:a:creativethemes:blocksy:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "blocksy", + "packageType": "wordpress-theme", + "product": "Blocksy", + "repo": "https://themes.svn.wordpress.org/blocksy", + "vendor": "CreativeThemes", + "versions": [ + { + "lessThan": "2.0.23", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-37491.json b/data/anchore/2024/CVE-2024-37491.json new file mode 100644 index 00000000..7215ee7d --- /dev/null +++ b/data/anchore/2024/CVE-2024-37491.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-37491", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in Apollo13Themes Rife Free allows Cross Site Request Forgery.This issue affects Rife Free: from n/a through 2.4.18.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/theme/rife-free/vulnerability/wordpress-rife-free-theme-2-4-18-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Rife Free theme to the latest available version (at least 2.4.19)." + ], + "upstream": { + "datePublished": "2025-01-02T12:00:57.359Z", + "dateReserved": "2024-06-09T11:43:52.669Z", + "dateUpdated": "2025-01-02T14:52:05.467Z", + "digest": "9f648aa7cba80337c7719faa5915680eba841065bc2bc6a2d806c4345a2c940b" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/themes", + "cpes": [ + "cpe:2.3:a:apollo13themes:rife_free:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "rife-free", + "packageType": "wordpress-theme", + "product": "Rife Free", + "repo": "https://themes.svn.wordpress.org/rife-free", + "vendor": "Apollo13Themes", + "versions": [ + { + "lessThan": "2.4.19", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-37493.json b/data/anchore/2024/CVE-2024-37493.json new file mode 100644 index 00000000..2dace0c2 --- /dev/null +++ b/data/anchore/2024/CVE-2024-37493.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-37493", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in SKT Themes Posterity allows Cross Site Request Forgery.This issue affects Posterity: from n/a through 3.3.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/theme/posterity/vulnerability/wordpress-posterity-theme-3-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Posterity theme to the latest available version (at least 3.4)." + ], + "upstream": { + "datePublished": "2025-01-02T12:00:57.947Z", + "dateReserved": "2024-06-09T11:43:52.669Z", + "dateUpdated": "2025-01-02T14:52:05.361Z", + "digest": "8a84076836dbc231e5e780198e4c17ed12603e98321272192043b5e44a0206be" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/themes", + "cpes": [ + "cpe:2.3:a:sktthemes:posterity:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "posterity", + "packageType": "wordpress-theme", + "product": "Posterity", + "repo": "https://themes.svn.wordpress.org/posterity", + "vendor": "SKT Themes", + "versions": [ + { + "lessThan": "3.4", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-37511.json b/data/anchore/2024/CVE-2024-37511.json new file mode 100644 index 00000000..4cbc6254 --- /dev/null +++ b/data/anchore/2024/CVE-2024-37511.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-37511", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in SWTE Swift Performance Lite allows Cross Site Request Forgery.This issue affects Swift Performance Lite: from n/a through 2.3.6.20.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/swift-performance-lite/vulnerability/wordpress-swift-performance-lite-plugin-2-3-6-20-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Swift Performance Lite plugin to the latest available version (at least 2.3.6.21)." + ], + "upstream": { + "datePublished": "2025-01-02T12:00:59.680Z", + "dateReserved": "2024-06-09T13:11:08.417Z", + "dateUpdated": "2025-01-02T14:52:04.961Z", + "digest": "fb50c9543a0dbad5c860a60d1ae2c951518660d4d6fc53221e5b678702261477" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:swteplugins:swift_performance:*:*:*:*:lite:wordpress:*:*" + ], + "packageName": "swift-performance-lite", + "packageType": "wordpress-plugin", + "product": "Swift Performance Lite", + "repo": "https://plugins.svn.wordpress.org/swift-performance-lite", + "vendor": "SWTE", + "versions": [ + { + "lessThan": "2.3.6.21", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-37518.json b/data/anchore/2024/CVE-2024-37518.json new file mode 100644 index 00000000..bf8aaf2a --- /dev/null +++ b/data/anchore/2024/CVE-2024-37518.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-37518", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in The Events Calendar The Events Calendar allows Cross Site Request Forgery.This issue affects The Events Calendar: from n/a through 6.5.1.4.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/the-events-calendar/vulnerability/wordpress-the-events-calendar-plugin-6-5-1-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress The Events Calendar plugin to the latest available version (at least 6.5.1.5)." + ], + "upstream": { + "datePublished": "2025-01-02T12:01:00.614Z", + "dateReserved": "2024-06-09T13:11:26.616Z", + "dateUpdated": "2025-01-02T14:52:04.863Z", + "digest": "dc937c7c3d73f90b3fef5d621ee214608f7a5fde1913ce381a9d715279f6c2b5" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:tri:the_events_calendar:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "the-events-calendar", + "packageType": "wordpress-plugin", + "product": "The Events Calendar", + "repo": "https://plugins.svn.wordpress.org/the-events-calendar", + "vendor": "The Events Calendar", + "versions": [ + { + "lessThan": "6.5.1.5", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-37540.json b/data/anchore/2024/CVE-2024-37540.json new file mode 100644 index 00000000..5f423f06 --- /dev/null +++ b/data/anchore/2024/CVE-2024-37540.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-37540", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in Leaky Paywall Leaky Paywall allows Cross Site Request Forgery.This issue affects Leaky Paywall: from n/a through 4.21.2.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/leaky-paywall/vulnerability/wordpress-leaky-paywall-plugin-4-21-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + ], + "solutions": [ + "No patched version is available." + ], + "upstream": { + "datePublished": "2025-01-02T12:01:01.252Z", + "dateReserved": "2024-06-09T18:16:46.936Z", + "dateUpdated": "2025-01-02T14:52:04.707Z", + "digest": "7c1e04f1c6786470f083e087b570d124684ac369628227fb5a982021db9cef09" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:zeen101:leaky_paywall:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "leaky-paywall", + "packageType": "wordpress-plugin", + "product": "Leaky Paywall", + "repo": "https://plugins.svn.wordpress.org/leaky-paywall", + "vendor": "Leaky Paywall", + "versions": [ + { + "lessThan": "4.21.3", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-38754.json b/data/anchore/2024/CVE-2024-38754.json new file mode 100644 index 00000000..1c5e0653 --- /dev/null +++ b/data/anchore/2024/CVE-2024-38754.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-38754", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in Tagbox Taggbox allows Cross Site Request Forgery.This issue affects Taggbox: from n/a through 3.3.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/taggbox-widget/vulnerability/wordpress-tagbox-plugin-3-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + ], + "solutions": [ + "No patched version is available. This plugin has been closed as of July 10, 2024 and is not available for download. This closure is temporary, pending a full review." + ], + "upstream": { + "datePublished": "2025-01-02T12:01:05.907Z", + "dateReserved": "2024-06-19T11:17:14.714Z", + "dateUpdated": "2025-01-02T16:22:56.347Z", + "digest": "e06ec5988a424754fedffad23c0dfd3a879f2339c6f50aef64b13222f35bd449" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:taggbox:taggbox:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "taggbox-widget", + "packageType": "wordpress-plugin", + "product": "Taggbox", + "repo": "https://plugins.svn.wordpress.org/taggbox-widget", + "vendor": "Tagbox", + "versions": [ + { + "lessThan": "3.4", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-38762.json b/data/anchore/2024/CVE-2024-38762.json new file mode 100644 index 00000000..33019fcc --- /dev/null +++ b/data/anchore/2024/CVE-2024-38762.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-38762", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in The Events Calendar Event Tickets allows Cross Site Request Forgery.This issue affects Event Tickets: from n/a through 5.11.0.4.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/event-tickets/vulnerability/wordpress-event-tickets-and-registration-plugin-5-11-0-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Event Tickets plugin to the latest available version (at least 5.11.0.5)." + ], + "upstream": { + "datePublished": "2025-01-02T12:01:06.486Z", + "dateReserved": "2024-06-19T11:17:27.406Z", + "dateUpdated": "2025-01-02T16:22:27.464Z", + "digest": "e98575f79df2dad8ea3c1273ac24345f86cedb0f29acaf73b835996655e66a8c" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:tri:event_tickets:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "event-tickets", + "packageType": "wordpress-plugin", + "product": "Event Tickets", + "repo": "https://plugins.svn.wordpress.org/event-tickets", + "vendor": "The Events Calendar", + "versions": [ + { + "lessThan": "5.11.0.5", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-38789.json b/data/anchore/2024/CVE-2024-38789.json new file mode 100644 index 00000000..f205e684 --- /dev/null +++ b/data/anchore/2024/CVE-2024-38789.json @@ -0,0 +1,44 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-38789", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi Telegram Bot & Channel allows Cross Site Request Forgery.This issue affects Telegram Bot & Channel: from n/a through 3.8.2.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/telegram-bot/vulnerability/wordpress-telegram-bot-channel-plugin-3-8-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + ], + "upstream": { + "datePublished": "2025-01-02T12:01:08.872Z", + "dateReserved": "2024-06-19T15:07:57.035Z", + "dateUpdated": "2025-01-02T12:01:08.872Z", + "digest": "eb5ac796b474bb249853e6a6cf0341a232682bc8d55ad40b41d6ba8c498ae2c9" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:telegram_bot_\\&_channel_project:telegram_bot_\\&_channel:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "telegram-bot", + "packageType": "wordpress-plugin", + "product": "Telegram Bot & Channel", + "repo": "https://plugins.svn.wordpress.org/telegram-bot", + "vendor": "Marco Milesi", + "versions": [ + { + "lessThanOrEqual": "3.8.2", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-39623.json b/data/anchore/2024/CVE-2024-39623.json new file mode 100644 index 00000000..e6ede232 --- /dev/null +++ b/data/anchore/2024/CVE-2024-39623.json @@ -0,0 +1,43 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-39623", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in CridioStudio ListingPro allows Authentication Bypass.This issue affects ListingPro: from n/a through 2.9.4.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/theme/listingpro/vulnerability/wordpress-listingpro-theme-2-9-3-cross-site-request-forgery-csrf-to-account-takeover-vulnerability?_s_id=cve" + ], + "solutions": [ + "No patched version is available. No reply from the vendor." + ], + "upstream": { + "datePublished": "2025-01-02T12:56:23.968Z", + "dateReserved": "2024-06-26T21:17:39.688Z", + "dateUpdated": "2025-01-02T14:52:00.714Z", + "digest": "b2daedd841a4848a39c221d0656c6192dbe7997037258a0c7d36531577c0c0c3" + } + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:cridio:listingpro:*:*:*:*:*:wordpress:*:*" + ], + "product": "ListingPro", + "vendor": "CridioStudio", + "versions": [ + { + "lessThan": "2.9.5", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-43927.json b/data/anchore/2024/CVE-2024-43927.json new file mode 100644 index 00000000..81f966a1 --- /dev/null +++ b/data/anchore/2024/CVE-2024-43927.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-43927", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in Till Krüss Email Address Encoder allows Cross Site Request Forgery.This issue affects Email Address Encoder: from n/a through 1.0.23.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/email-address-encoder/vulnerability/wordpress-email-address-encoder-plugin-1-0-23-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Email Address Encoder plugin to the latest available version (at least 1.0.24)." + ], + "upstream": { + "datePublished": "2025-01-02T12:01:10.166Z", + "dateReserved": "2024-08-18T21:56:11.867Z", + "dateUpdated": "2025-01-02T18:46:03.704Z", + "digest": "de8d9b41db304824805ece9650dd6507edc4dde2772e806dbff79058ab1cb611" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:tillkruss:email_address_encoder:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "email-address-encoder", + "packageType": "wordpress-plugin", + "product": "Email Address Encoder", + "repo": "https://plugins.svn.wordpress.org/email-address-encoder", + "vendor": "Till Krüss", + "versions": [ + { + "lessThan": "1.0.24", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-56060.json b/data/anchore/2024/CVE-2024-56060.json new file mode 100644 index 00000000..db4c7661 --- /dev/null +++ b/data/anchore/2024/CVE-2024-56060.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-56060", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HTML Forms allows Reflected XSS.This issue affects HTML Forms: from n/a through 1.4.1.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/html-forms/vulnerability/wordpress-html-forms-plugin-1-4-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress HTML Forms plugin to the latest available version (at least 1.4.2)." + ], + "upstream": { + "datePublished": "2025-01-02T09:13:23.775Z", + "dateReserved": "2024-12-14T19:43:05.902Z", + "dateUpdated": "2025-01-02T09:13:23.775Z", + "digest": "2ede5e47b3e97cc8485a2320d73b9409a1f402c81346562888385565429e3b4b" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:ibericode:html_forms:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "html-forms", + "packageType": "wordpress-plugin", + "product": "HTML Forms", + "repo": "https://plugins.svn.wordpress.org/html-forms", + "vendor": "HTML Forms", + "versions": [ + { + "lessThan": "1.4.2", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-56199.json b/data/anchore/2024/CVE-2024-56199.json new file mode 100644 index 00000000..c68780ae --- /dev/null +++ b/data/anchore/2024/CVE-2024-56199.json @@ -0,0 +1,44 @@ +{ + "additionalMetadata": { + "cna": "github_m", + "cveId": "CVE-2024-56199", + "description": "phpMyFAQ is an open source FAQ web application. Starting no later than version 3.2.10 and prior to version 4.0.2, an attacker can inject malicious HTML content into the FAQ editor at `http[:]//localhost/admin/index[.]php?action=editentry`, resulting in a complete disruption of the FAQ page's user interface. By injecting malformed HTML elements styled to cover the entire screen, an attacker can render the page unusable. This injection manipulates the page structure by introducing overlapping buttons, images, and iframes, breaking the intended layout and functionality. Exploiting this issue can lead to Denial of Service for legitimate users, damage to the user experience, and potential abuse in phishing or defacement attacks. Version 4.0.2 contains a patch for the vulnerability.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-ww33-jppq-qfrp" + ], + "upstream": { + "datePublished": "2025-01-02T17:27:08.690Z", + "dateReserved": "2024-12-18T18:29:25.896Z", + "dateUpdated": "2025-01-02T17:42:19.122Z", + "digest": "1b58962ba6bfea5a984c47c84093d9d71e63f691c287523afc1bf1421fd231c7" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://packagist.org", + "cpes": [ + "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:php:*:*" + ], + "packageName": "thorsten/phpmyfaq", + "packageType": "php-composer", + "product": "phpMyFAQ", + "repo": "https://github.com/thorsten/phpmyfaq", + "vendor": "thorsten", + "versions": [ + { + "lessThan": "4.0.2", + "status": "affected", + "version": "3.2.10", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-56237.json b/data/anchore/2024/CVE-2024-56237.json new file mode 100644 index 00000000..e1ec64ba --- /dev/null +++ b/data/anchore/2024/CVE-2024-56237.json @@ -0,0 +1,49 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-56237", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Contest Gallery Contest Gallery allows Stored XSS.This issue affects Contest Gallery: from n/a through 24.0.3.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/contest-gallery/vulnerability/wordpress-contest-gallery-plugin-24-0-3-cross-site-scripting-xss-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Contest Gallery plugin to the latest available version (at least 24.0.4)." + ], + "upstream": { + "datePublished": "2025-01-02T12:01:15.266Z", + "dateReserved": "2024-12-18T19:04:10.960Z", + "dateUpdated": "2025-01-02T14:52:03.754Z", + "digest": "c7a3c6588eb0557a2f74ff4c1ca9170e9be141df3b84f9b6ca335a0afba82cd6" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:contest-gallery:contest_gallery:*:*:*:*:*:wordpress:*:*", + "cpe:2.3:a:contest-gallery:contest_gallery:*:*:*:*:pro:wordpress:*:*", + "cpe:2.3:a:contest_gallery:contest_gallery:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "contest-gallery", + "packageType": "wordpress-plugin", + "product": "Contest Gallery", + "repo": "https://plugins.svn.wordpress.org/contest-gallery", + "vendor": "Contest Gallery", + "versions": [ + { + "lessThan": "24.0.4", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-56241.json b/data/anchore/2024/CVE-2024-56241.json new file mode 100644 index 00000000..9b7c596e --- /dev/null +++ b/data/anchore/2024/CVE-2024-56241.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-56241", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPKoi WPKoi Templates for Elementor allows Stored XSS.This issue affects WPKoi Templates for Elementor: from n/a through 3.1.3.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/wpkoi-templates-for-elementor/vulnerability/wordpress-wpkoi-templates-for-elementor-plugin-3-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress WPKoi Templates for Elementor plugin to the latest available version (at least 3.1.4)." + ], + "upstream": { + "datePublished": "2025-01-02T12:01:17.766Z", + "dateReserved": "2024-12-18T19:04:10.961Z", + "dateUpdated": "2025-01-02T18:43:31.935Z", + "digest": "4657c456ef2a51e5bed161afe4f396e6a870efe4d1582dabb32ed7203b92b5b0" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:wpkoi:wpkoi_templates_for_elementor:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "wpkoi-templates-for-elementor", + "packageType": "wordpress-plugin", + "product": "WPKoi Templates for Elementor", + "repo": "https://plugins.svn.wordpress.org/wpkoi-templates-for-elementor", + "vendor": "WPKoi", + "versions": [ + { + "lessThan": "3.1.4", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-56242.json b/data/anchore/2024/CVE-2024-56242.json new file mode 100644 index 00000000..9d7c4cdb --- /dev/null +++ b/data/anchore/2024/CVE-2024-56242.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-56242", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tyche Softwares Arconix Shortcodes allows Stored XSS.This issue affects Arconix Shortcodes: from n/a through 2.1.14.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/arconix-shortcodes/vulnerability/wordpress-arconix-shortcodes-plugin-2-1-14-cross-site-scripting-xss-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Arconix Shortcodes wordpress plugin to the latest available version (at least 2.1.15)." + ], + "upstream": { + "datePublished": "2025-01-02T12:01:18.374Z", + "dateReserved": "2024-12-18T19:04:10.961Z", + "dateUpdated": "2025-01-02T18:42:54.916Z", + "digest": "23e9605183a20fd2bdade66d704bfdc86232993ec689903475d645783ef1c1ee" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:tychesoftwares:arconix_shortcodes:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "arconix-shortcodes", + "packageType": "wordpress-plugin", + "product": "Arconix Shortcodes", + "repo": "https://plugins.svn.wordpress.org/arconix-shortcodes", + "vendor": "Tyche Softwares", + "versions": [ + { + "lessThan": "2.1.15", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-56245.json b/data/anchore/2024/CVE-2024-56245.json new file mode 100644 index 00000000..09b79bc4 --- /dev/null +++ b/data/anchore/2024/CVE-2024-56245.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-56245", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leap13 Premium Blocks – Gutenberg Blocks for WordPress allows Stored XSS.This issue affects Premium Blocks – Gutenberg Blocks for WordPress: from n/a through 2.1.42.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/premium-blocks-for-gutenberg/vulnerability/wordpress-premium-blocks-plugin-2-1-42-cross-site-scripting-xss-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Premium Blocks – Gutenberg Blocks for WordPress plugin to the latest available version (at least 2.1.43)." + ], + "upstream": { + "datePublished": "2025-01-02T12:01:20.211Z", + "dateReserved": "2024-12-18T19:04:18.506Z", + "dateUpdated": "2025-01-02T18:41:45.424Z", + "digest": "808925f2296e2a11506a0ed01be4b07cb5d3bc01702a5e5bf7865cc11bad7b2c" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:leap13:premium_blocks_for_gutenburg:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "premium-blocks-for-gutenberg", + "packageType": "wordpress-plugin", + "product": "Premium Blocks – Gutenberg Blocks for WordPress", + "repo": "https://plugins.svn.wordpress.org/premium-blocks-for-gutenberg", + "vendor": "Leap13", + "versions": [ + { + "lessThan": "2.1.43", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-56246.json b/data/anchore/2024/CVE-2024-56246.json new file mode 100644 index 00000000..b912a580 --- /dev/null +++ b/data/anchore/2024/CVE-2024-56246.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-56246", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH Nexter Blocks allows DOM-Based XSS.This issue affects Nexter Blocks: from n/a through 4.0.4.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/the-plus-addons-for-block-editor/vulnerability/wordpress-nexter-blocks-plugin-4-0-4-cross-site-scripting-xss-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Nexter Blocks plugin to the latest available version (at least 4.0.5)." + ], + "upstream": { + "datePublished": "2025-01-02T12:01:20.794Z", + "dateReserved": "2024-12-18T19:04:18.506Z", + "dateUpdated": "2025-01-02T18:41:24.731Z", + "digest": "b750819bcd3ae9afcc391d8ea882af38140ea1ee6a768cdcf8921b7469d0a494" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:posimyth:nexter_blocks:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "the-plus-addons-for-block-editor", + "packageType": "wordpress-plugin", + "product": "Nexter Blocks", + "repo": "https://plugins.svn.wordpress.org/the-plus-addons-for-block-editor", + "vendor": "POSIMYTH", + "versions": [ + { + "lessThan": "4.0.5", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-56247.json b/data/anchore/2024/CVE-2024-56247.json new file mode 100644 index 00000000..8ee6ad16 --- /dev/null +++ b/data/anchore/2024/CVE-2024-56247.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-56247", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AF themes WP Post Author allows SQL Injection.This issue affects WP Post Author: from n/a through 3.8.2.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/wp-post-author/vulnerability/wordpress-wp-post-author-plugin-3-8-2-sql-injection-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress WP Post Author plugin to the latest available version (at least 3.8.3)." + ], + "upstream": { + "datePublished": "2025-01-02T12:01:21.366Z", + "dateReserved": "2024-12-18T19:04:18.507Z", + "dateUpdated": "2025-01-02T18:40:43.410Z", + "digest": "baf5ec6e6e59d8e10717e62bbedf307102a880fc134c0af10e360c5e4540dbfd" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:afthemes:wp_post_author:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "wp-post-author", + "packageType": "wordpress-plugin", + "product": "WP Post Author", + "repo": "https://plugins.svn.wordpress.org/wp-post-author", + "vendor": "AF themes", + "versions": [ + { + "lessThan": "3.8.3", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-56251.json b/data/anchore/2024/CVE-2024-56251.json new file mode 100644 index 00000000..e7876108 --- /dev/null +++ b/data/anchore/2024/CVE-2024-56251.json @@ -0,0 +1,48 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-56251", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in Event Espresso Event Espresso 4 Decaf allows Cross Site Request Forgery.This issue affects Event Espresso 4 Decaf: from n/a through 5.0.28.decaf.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/event-espresso-decaf/vulnerability/wordpress-event-espresso-plugin-5-0-28-decaf-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Event Espresso 4 Decaf wordpress plugin to the latest available version (at least 5.0.31.decaf)." + ], + "upstream": { + "datePublished": "2025-01-02T12:01:23.690Z", + "dateReserved": "2024-12-18T19:04:18.507Z", + "dateUpdated": "2025-01-02T14:52:01.765Z", + "digest": "c31600fa9f1abff1b514bdc906db239bec47d39ac3abd3d33817469f6ff2668f" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:eventespresso:event_espresso:*:*:*:*:*:wordpress:*:*", + "cpe:2.3:a:eventespresso:event_espresso_4_decaf:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "event-espresso-decaf", + "packageType": "wordpress-plugin", + "product": "Event Espresso 4 Decaf", + "repo": "https://plugins.svn.wordpress.org/event-espresso-decaf", + "vendor": "Event Espresso", + "versions": [ + { + "lessThan": "5.0.31.decaf", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-56252.json b/data/anchore/2024/CVE-2024-56252.json new file mode 100644 index 00000000..a5cc8c39 --- /dev/null +++ b/data/anchore/2024/CVE-2024-56252.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-56252", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeLooks Enter Addons allows Stored XSS.This issue affects Enter Addons: from n/a through 2.1.9.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/enteraddons/vulnerability/wordpress-enter-addons-plugin-2-1-9-cross-site-scripting-xss-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Enter Addons plugin to the latest available version (at least 2.2.1)." + ], + "upstream": { + "datePublished": "2025-01-02T12:01:24.262Z", + "dateReserved": "2024-12-18T19:04:18.507Z", + "dateUpdated": "2025-01-02T14:52:01.530Z", + "digest": "9d278fb96e561077b14a198069b71636184481ab0c59965a5483f010dc1f2525" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:themelooks:enter_addons:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "enteraddons", + "packageType": "wordpress-plugin", + "product": "Enter Addons", + "repo": "https://plugins.svn.wordpress.org/enteraddons", + "vendor": "ThemeLooks", + "versions": [ + { + "lessThan": "2.2.21", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-56253.json b/data/anchore/2024/CVE-2024-56253.json new file mode 100644 index 00000000..09d15d68 --- /dev/null +++ b/data/anchore/2024/CVE-2024-56253.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-56253", + "description": "Missing Authorization vulnerability in supsystic.com Data Tables Generator by Supsystic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Data Tables Generator by Supsystic: from n/a through 1.10.36.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/data-tables-generator-by-supsystic/vulnerability/wordpress-data-tables-generator-by-supsystic-plugin-1-10-36-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Data Tables Generator by Supsystic plugin to the latest available version (at least 1.10.37)." + ], + "upstream": { + "datePublished": "2025-01-02T12:01:24.834Z", + "dateReserved": "2024-12-18T19:04:26.186Z", + "dateUpdated": "2025-01-02T14:52:01.411Z", + "digest": "e4d6e4058624476c79b019f2e206f0b3bf04e0e8c9002d8582e8ce6960841845" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:supsystic:data_tables_generator:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "data-tables-generator-by-supsystic", + "packageType": "wordpress-plugin", + "product": "Data Tables Generator by Supsystic", + "repo": "https://plugins.svn.wordpress.org/data-tables-generator-by-supsystic", + "vendor": "supsystic.com", + "versions": [ + { + "lessThan": "1.10.37", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-56254.json b/data/anchore/2024/CVE-2024-56254.json new file mode 100644 index 00000000..faaa298e --- /dev/null +++ b/data/anchore/2024/CVE-2024-56254.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-56254", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in moveaddons Move Addons for Elementor allows Stored XSS.This issue affects Move Addons for Elementor: from n/a through 1.3.6.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/move-addons/vulnerability/wordpress-move-addons-for-elementor-plugin-1-3-6-cross-site-scripting-xss-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Move Addons for Elementor plugin to the latest available version (at least 1.3.7)." + ], + "upstream": { + "datePublished": "2025-01-02T12:01:25.712Z", + "dateReserved": "2024-12-18T19:04:26.186Z", + "dateUpdated": "2025-01-02T14:52:01.256Z", + "digest": "3989b78397f2f7b4e26ff21a8d002b2352665fdf11aca1b08b2c9bb1da440a74" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:moveaddons:move_addons_for_elementor:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "move-addons", + "packageType": "wordpress-plugin", + "product": "Move Addons for Elementor", + "repo": "https://plugins.svn.wordpress.org/move-addons", + "vendor": "moveaddons", + "versions": [ + { + "lessThan": "1.3.7", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-56259.json b/data/anchore/2024/CVE-2024-56259.json new file mode 100644 index 00000000..5dfa89c9 --- /dev/null +++ b/data/anchore/2024/CVE-2024-56259.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-56259", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AyeCode - WP Business Directory Plugins GeoDirectory allows Stored XSS.This issue affects GeoDirectory: from n/a through 2.3.84.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/geodirectory/vulnerability/wordpress-geodirectory-plugin-2-3-84-cross-site-scripting-xss-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress GeoDirectory plugin to the latest available version (at least 2.3.85)." + ], + "upstream": { + "datePublished": "2025-01-02T12:01:27.441Z", + "dateReserved": "2024-12-18T19:04:26.187Z", + "dateUpdated": "2025-01-02T18:40:19.064Z", + "digest": "19ecba25305b2249fae88ee5978575e9a262ee59392218d71b6993c5cce73cac" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:ayecode:geodirectory:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "geodirectory", + "packageType": "wordpress-plugin", + "product": "GeoDirectory", + "repo": "https://plugins.svn.wordpress.org/geodirectory", + "vendor": "AyeCode - WP Business Directory Plugins", + "versions": [ + { + "lessThanOrEqual": "2.3.85", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-56266.json b/data/anchore/2024/CVE-2024-56266.json new file mode 100644 index 00000000..856c616e --- /dev/null +++ b/data/anchore/2024/CVE-2024-56266.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-56266", + "description": "Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 5.8.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/mp3-music-player-by-sonaar/vulnerability/wordpress-mp3-audio-player-plugin-5-8-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress MP3 Audio Player for Music, Radio & Podcast by Sonaar plugin to the latest available version (at least 5.9)." + ], + "upstream": { + "datePublished": "2025-01-02T12:01:31.084Z", + "dateReserved": "2024-12-18T19:04:36.270Z", + "dateUpdated": "2025-01-02T16:01:50.362Z", + "digest": "2970eae1b06726fd836f66a8c11de43d8b8a328efa0ecc82dac20c1981750007" + } + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:sonaar:mp3_audio_player_for_music\\,_radio_\\&_podcast:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "mp3-music-player-by-sonaar", + "packageType": "wordpress-plugin", + "product": "MP3 Audio Player for Music, Radio & Podcast by Sonaar", + "repo": "https://plugins.svn.wordpress.org/mp3-music-player-by-sonaar", + "vendor": "Sonaar Music", + "versions": [ + { + "lessThan": "5.9", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file