From cd265f59c90409a8cc5caa863abbfe38395a5f79 Mon Sep 17 00:00:00 2001 From: Weston Steimel Date: Mon, 9 Dec 2024 11:04:29 +0000 Subject: [PATCH] updates 2024-12-09 Signed-off-by: Weston Steimel --- data/anchore/2022/CVE-2022-4974.json | 1 + data/anchore/2023/CVE-2023-7264.json | 3 +- data/anchore/2024/CVE-2024-10046.json | 40 +++++++++++++++++++++ data/anchore/2024/CVE-2024-10480.json | 37 +++++++++++++++++++ data/anchore/2024/CVE-2024-10516.json | 41 +++++++++++++++++++++ data/anchore/2024/CVE-2024-10681.json | 40 +++++++++++++++++++++ data/anchore/2024/CVE-2024-11010.json | 41 +++++++++++++++++++++ data/anchore/2024/CVE-2024-11289.json | 37 +++++++++++++++++++ data/anchore/2024/CVE-2024-11292.json | 39 ++++++++++++++++++++ data/anchore/2024/CVE-2024-11436.json | 39 ++++++++++++++++++++ data/anchore/2024/CVE-2024-11444.json | 40 +++++++++++++++++++++ data/anchore/2024/CVE-2024-11585.json | 39 ++++++++++++++++++++ data/anchore/2024/CVE-2024-11728.json | 39 ++++++++++++++++++++ data/anchore/2024/CVE-2024-11729.json | 39 ++++++++++++++++++++ data/anchore/2024/CVE-2024-11730.json | 39 ++++++++++++++++++++ data/anchore/2024/CVE-2024-12026.json | 39 ++++++++++++++++++++ data/anchore/2024/CVE-2024-12027.json | 39 ++++++++++++++++++++ data/anchore/2024/CVE-2024-12128.json | 39 ++++++++++++++++++++ data/anchore/2024/CVE-2024-12253.json | 39 ++++++++++++++++++++ data/anchore/2024/CVE-2024-12254.json | 52 +++++++++++++++++++++++++++ data/anchore/2024/CVE-2024-35173.json | 2 +- data/anchore/2024/CVE-2024-3658.json | 1 + data/anchore/2024/CVE-2024-37213.json | 2 +- data/anchore/2024/CVE-2024-3722.json | 1 + data/anchore/2024/CVE-2024-4633.json | 40 +++++++++++++++++++++ data/anchore/2024/CVE-2024-47913.json | 3 ++ data/anchore/2024/CVE-2024-53795.json | 41 +++++++++++++++++++++ data/anchore/2024/CVE-2024-53796.json | 41 +++++++++++++++++++++ data/anchore/2024/CVE-2024-53797.json | 41 +++++++++++++++++++++ data/anchore/2024/CVE-2024-53801.json | 41 +++++++++++++++++++++ data/anchore/2024/CVE-2024-53802.json | 41 +++++++++++++++++++++ data/anchore/2024/CVE-2024-53803.json | 41 +++++++++++++++++++++ data/anchore/2024/CVE-2024-53804.json | 41 +++++++++++++++++++++ data/anchore/2024/CVE-2024-53805.json | 41 +++++++++++++++++++++ data/anchore/2024/CVE-2024-53806.json | 41 +++++++++++++++++++++ data/anchore/2024/CVE-2024-53807.json | 41 +++++++++++++++++++++ data/anchore/2024/CVE-2024-53808.json | 42 ++++++++++++++++++++++ data/anchore/2024/CVE-2024-53809.json | 41 +++++++++++++++++++++ data/anchore/2024/CVE-2024-53810.json | 41 +++++++++++++++++++++ data/anchore/2024/CVE-2024-53813.json | 41 +++++++++++++++++++++ data/anchore/2024/CVE-2024-53815.json | 41 +++++++++++++++++++++ data/anchore/2024/CVE-2024-53817.json | 41 +++++++++++++++++++++ data/anchore/2024/CVE-2024-53823.json | 42 ++++++++++++++++++++++ data/anchore/2024/CVE-2024-53824.json | 41 +++++++++++++++++++++ data/anchore/2024/CVE-2024-53825.json | 41 +++++++++++++++++++++ data/anchore/2024/CVE-2024-54014.json | 4 +-- data/anchore/2024/CVE-2024-54138.json | 38 ++++++++++++++++++++ data/anchore/2024/CVE-2024-54141.json | 39 ++++++++++++++++++++ data/anchore/2024/CVE-2024-54211.json | 38 ++++++++++++++++++++ data/anchore/2024/CVE-2024-54212.json | 38 ++++++++++++++++++++ data/anchore/2024/CVE-2024-8484.json | 1 + data/anchore/2024/CVE-2024-9213.json | 1 + data/anchore/2024/CVE-2024-9866.json | 40 +++++++++++++++++++++ data/anchore/2024/CVE-2024-9872.json | 40 +++++++++++++++++++++ 54 files changed, 1786 insertions(+), 5 deletions(-) create mode 100644 data/anchore/2024/CVE-2024-10046.json create mode 100644 data/anchore/2024/CVE-2024-10480.json create mode 100644 data/anchore/2024/CVE-2024-10516.json create mode 100644 data/anchore/2024/CVE-2024-10681.json create mode 100644 data/anchore/2024/CVE-2024-11010.json create mode 100644 data/anchore/2024/CVE-2024-11289.json create mode 100644 data/anchore/2024/CVE-2024-11292.json create mode 100644 data/anchore/2024/CVE-2024-11436.json create mode 100644 data/anchore/2024/CVE-2024-11444.json create mode 100644 data/anchore/2024/CVE-2024-11585.json create mode 100644 data/anchore/2024/CVE-2024-11728.json create mode 100644 data/anchore/2024/CVE-2024-11729.json create mode 100644 data/anchore/2024/CVE-2024-11730.json create mode 100644 data/anchore/2024/CVE-2024-12026.json create mode 100644 data/anchore/2024/CVE-2024-12027.json create mode 100644 data/anchore/2024/CVE-2024-12128.json create mode 100644 data/anchore/2024/CVE-2024-12253.json create mode 100644 data/anchore/2024/CVE-2024-12254.json create mode 100644 data/anchore/2024/CVE-2024-4633.json create mode 100644 data/anchore/2024/CVE-2024-53795.json create mode 100644 data/anchore/2024/CVE-2024-53796.json create mode 100644 data/anchore/2024/CVE-2024-53797.json create mode 100644 data/anchore/2024/CVE-2024-53801.json create mode 100644 data/anchore/2024/CVE-2024-53802.json create mode 100644 data/anchore/2024/CVE-2024-53803.json create mode 100644 data/anchore/2024/CVE-2024-53804.json create mode 100644 data/anchore/2024/CVE-2024-53805.json create mode 100644 data/anchore/2024/CVE-2024-53806.json create mode 100644 data/anchore/2024/CVE-2024-53807.json create mode 100644 data/anchore/2024/CVE-2024-53808.json create mode 100644 data/anchore/2024/CVE-2024-53809.json create mode 100644 data/anchore/2024/CVE-2024-53810.json create mode 100644 data/anchore/2024/CVE-2024-53813.json create mode 100644 data/anchore/2024/CVE-2024-53815.json create mode 100644 data/anchore/2024/CVE-2024-53817.json create mode 100644 data/anchore/2024/CVE-2024-53823.json create mode 100644 data/anchore/2024/CVE-2024-53824.json create mode 100644 data/anchore/2024/CVE-2024-53825.json create mode 100644 data/anchore/2024/CVE-2024-54138.json create mode 100644 data/anchore/2024/CVE-2024-54141.json create mode 100644 data/anchore/2024/CVE-2024-54211.json create mode 100644 data/anchore/2024/CVE-2024-54212.json create mode 100644 data/anchore/2024/CVE-2024-9866.json create mode 100644 data/anchore/2024/CVE-2024-9872.json diff --git a/data/anchore/2022/CVE-2022-4974.json b/data/anchore/2022/CVE-2022-4974.json index f4c0e002..9c818d59 100644 --- a/data/anchore/2022/CVE-2022-4974.json +++ b/data/anchore/2022/CVE-2022-4974.json @@ -1935,6 +1935,7 @@ "packageName": "anywhere-elementor", "packageType": "wordpress-plugin", "product": "AnyWhere Elementor", + "repo": "https://plugins.svn.wordpress.org/anywhere-elementor", "vendor": "wpvibes", "versions": [ { diff --git a/data/anchore/2023/CVE-2023-7264.json b/data/anchore/2023/CVE-2023-7264.json index 25b640ad..ee1aecf9 100644 --- a/data/anchore/2023/CVE-2023-7264.json +++ b/data/anchore/2023/CVE-2023-7264.json @@ -20,10 +20,11 @@ "packageName": "build-app-online", "packageType": "wordpress-plugin", "product": "Build App Online", + "repo": "https://plugins.svn.wordpress.org/build-app-online", "vendor": "hakeemnala", "versions": [ { - "lessThanOrEqual": "1.0.21", + "lessThan": "1.0.23", "status": "affected", "version": "0", "versionType": "semver" diff --git a/data/anchore/2024/CVE-2024-10046.json b/data/anchore/2024/CVE-2024-10046.json new file mode 100644 index 00000000..89ea9a27 --- /dev/null +++ b/data/anchore/2024/CVE-2024-10046.json @@ -0,0 +1,40 @@ +{ + "additionalMetadata": { + "cna": "wordfence", + "cveId": "CVE-2024-10046", + "description": "The افزونه پیامک ووکامرس Persian WooCommerce SMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 7.0.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://plugins.trac.wordpress.org/browser/persian-woocommerce-sms/tags/7.0.3/src/SMS/Archive.php#L93", + "https://plugins.trac.wordpress.org/changeset/3201912/", + "https://www.wordfence.com/threat-intel/vulnerabilities/id/175a69da-c47a-40f3-98c7-7cfcdf98f9f6?source=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:woocommerce:persian_woocommerce_sms:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "persian-woocommerce-sms", + "packageType": "wordpress-plugin", + "product": "افزونه پیامک ووکامرس Persian WooCommerce SMS", + "repo": "https://plugins.svn.wordpress.org/persian-woocommerce-sms", + "vendor": "persianscript", + "versions": [ + { + "lessThan": "7.0.6", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-10480.json b/data/anchore/2024/CVE-2024-10480.json new file mode 100644 index 00000000..438d1193 --- /dev/null +++ b/data/anchore/2024/CVE-2024-10480.json @@ -0,0 +1,37 @@ +{ + "additionalMetadata": { + "cna": "wpscan", + "cveId": "CVE-2024-10480", + "description": "The 3DPrint Lite WordPress plugin before 2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://wpscan.com/vulnerability/725ac766-c849-49d6-a968-58fcc2e134c8/" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:wp3dprinting:3dprint_lite:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "3dprint-lite", + "packageType": "wordpress-plugin", + "product": "3DPrint Lite", + "repo": "https://plugins.svn.wordpress.org/3dprint-lite", + "versions": [ + { + "lessThan": "2.1", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-10516.json b/data/anchore/2024/CVE-2024-10516.json new file mode 100644 index 00000000..f0d625b2 --- /dev/null +++ b/data/anchore/2024/CVE-2024-10516.json @@ -0,0 +1,41 @@ +{ + "additionalMetadata": { + "cna": "wordfence", + "cveId": "CVE-2024-10516", + "description": "The Swift Performance Lite plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 2.3.7.1 via the 'ajaxify' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://plugins.trac.wordpress.org/browser/swift-performance-lite/trunk/includes/classes/class.ajax.php#L795", + "https://plugins.trac.wordpress.org/browser/swift-performance-lite/trunk/includes/classes/class.ajax.php#L824", + "https://plugins.trac.wordpress.org/changeset/3201933/", + "https://www.wordfence.com/threat-intel/vulnerabilities/id/4921f41a-a9b1-4ae2-a903-c14ed22dcc15?source=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:swteplugins:swift_performance:*:*:*:*:lite:wordpress:*:*" + ], + "packageName": "swift-performance-lite", + "packageType": "wordpress-plugin", + "product": "Swift Performance Lite", + "repo": "https://plugins.svn.wordpress.org/swift-performance-lite", + "vendor": "swte", + "versions": [ + { + "lessThan": "2.3.7.2", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-10681.json b/data/anchore/2024/CVE-2024-10681.json new file mode 100644 index 00000000..ba0adace --- /dev/null +++ b/data/anchore/2024/CVE-2024-10681.json @@ -0,0 +1,40 @@ +{ + "additionalMetadata": { + "cna": "wordfence", + "cveId": "CVE-2024-10681", + "description": "The The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.0.51. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with subscriber-level access and above, to execute arbitrary shortcodes.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://plugins.trac.wordpress.org/changeset/3199747/armember-membership/trunk/core/classes/class.arm_shortcodes.php", + "https://www.wordfence.com/threat-intel/vulnerabilities/id/ee0eead2-3eab-4a2a-bfe4-c0d8f91dc0a5?source=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:armemberplugin:armember:*:*:*:*:*:wordpress:*:*", + "cpe:2.3:a:reputeinfosystems:armember:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "armember-membership", + "packageType": "wordpress-plugin", + "product": "ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup", + "repo": "https://plugins.svn.wordpress.org/armember-membership", + "vendor": "reputeinfosystems", + "versions": [ + { + "lessThan": "4.0.52", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-11010.json b/data/anchore/2024/CVE-2024-11010.json new file mode 100644 index 00000000..429968ab --- /dev/null +++ b/data/anchore/2024/CVE-2024-11010.json @@ -0,0 +1,41 @@ +{ + "additionalMetadata": { + "cna": "wordfence", + "cveId": "CVE-2024-11010", + "description": "The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.4 via the 'default_lang' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://plugins.trac.wordpress.org/browser/fileorganizer/trunk/init.php#L222", + "https://plugins.trac.wordpress.org/browser/fileorganizer/trunk/main/fileorganizer.php#L149", + "https://plugins.trac.wordpress.org/changeset/3201635/", + "https://www.wordfence.com/threat-intel/vulnerabilities/id/8e958653-36c4-4979-89e1-d9411a35a92a?source=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:fileorganizer:fileorganizer:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "fileorganizer", + "packageType": "wordpress-plugin", + "product": "FileOrganizer – Manage WordPress and Website Files", + "repo": "https://plugins.svn.wordpress.org/fileorganizer", + "vendor": "softaculous", + "versions": [ + { + "lessThan": "1.1.5", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-11289.json b/data/anchore/2024/CVE-2024-11289.json new file mode 100644 index 00000000..7b1f3b11 --- /dev/null +++ b/data/anchore/2024/CVE-2024-11289.json @@ -0,0 +1,37 @@ +{ + "additionalMetadata": { + "cna": "wordfence", + "cveId": "CVE-2024-11289", + "description": "The Soledad theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.5.9 via several functions like penci_archive_more_post_ajax_func, penci_more_post_ajax_func, and penci_more_featured_post_ajax_func. This makes it possible for unauthenticated attackers to include and execute PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files can be uploaded and included. The exploitability of this is limited to Windows.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://themeforest.net/item/soledad-multiconcept-blogmagazine-wp-theme/12945398", + "https://www.wordfence.com/threat-intel/vulnerabilities/id/927674db-05f1-4f3b-8297-8a907955ea87?source=cve" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:pencidesign:soledad:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "soledad", + "packageType": "wordpress-theme", + "product": "Soledad", + "vendor": "pencidesign", + "versions": [ + { + "lessThan": "8.6.0", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-11292.json b/data/anchore/2024/CVE-2024-11292.json new file mode 100644 index 00000000..e7f09905 --- /dev/null +++ b/data/anchore/2024/CVE-2024-11292.json @@ -0,0 +1,39 @@ +{ + "additionalMetadata": { + "cna": "wordfence", + "cveId": "CVE-2024-11292", + "description": "The WP Private Content Plus plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.1 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://wordpress.org/plugins/wp-private-content-plus/", + "https://www.wordfence.com/threat-intel/vulnerabilities/id/30c46b91-e371-480f-943a-3906d8b6bbba?source=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:wpexpertdeveloper:wp_private_content_plus:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "wp-private-content-plus", + "packageType": "wordpress-plugin", + "product": "WP Private Content Plus", + "repo": "https://plugins.svn.wordpress.org/wp-private-content-plus", + "vendor": "nimeshrmr", + "versions": [ + { + "lessThanOrEqual": "3.6.1", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-11436.json b/data/anchore/2024/CVE-2024-11436.json new file mode 100644 index 00000000..a1b181a0 --- /dev/null +++ b/data/anchore/2024/CVE-2024-11436.json @@ -0,0 +1,39 @@ +{ + "additionalMetadata": { + "cna": "wordfence", + "cveId": "CVE-2024-11436", + "description": "The Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more! plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.4.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://plugins.trac.wordpress.org/changeset/3202800/", + "https://www.wordfence.com/threat-intel/vulnerabilities/id/125a1d8d-8cd9-439c-b765-198ad369f987?source=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:pieforms:drag_\\&_drop_builder:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "pie-forms-for-wp", + "packageType": "wordpress-plugin", + "product": "Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more!", + "repo": "https://plugins.svn.wordpress.org/pie-forms-for-wp", + "vendor": "genetechproducts", + "versions": [ + { + "lessThan": "1.5", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-11444.json b/data/anchore/2024/CVE-2024-11444.json new file mode 100644 index 00000000..d5169a8b --- /dev/null +++ b/data/anchore/2024/CVE-2024-11444.json @@ -0,0 +1,40 @@ +{ + "additionalMetadata": { + "cna": "wordfence", + "cveId": "CVE-2024-11444", + "description": "The CLUEVO LMS, E-Learning Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.13.2. This is due to missing or incorrect nonce validation on the cluevo_render_module_ui() function. This makes it possible for unauthenticated attackers to delete modules via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://plugins.trac.wordpress.org/browser/cluevo-lms/tags/1.13.2/functions/functions.module-management.inc.php#L925", + "https://plugins.trac.wordpress.org/browser/cluevo-lms/tags/1.13.2/functions/functions.module-management.inc.php#L928", + "https://www.wordfence.com/threat-intel/vulnerabilities/id/2a3056d4-5ee9-4b31-9ef8-0e55f470ad23?source=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:cluevo:learning_management_system:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "cluevo-lms", + "packageType": "wordpress-plugin", + "product": "CLUEVO LMS, E-Learning Platform", + "repo": "https://plugins.svn.wordpress.org/cluevo-lms", + "vendor": "cluevo", + "versions": [ + { + "lessThanOrEqual": "1.13.2", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-11585.json b/data/anchore/2024/CVE-2024-11585.json new file mode 100644 index 00000000..dab89ebc --- /dev/null +++ b/data/anchore/2024/CVE-2024-11585.json @@ -0,0 +1,39 @@ +{ + "additionalMetadata": { + "cna": "wordfence", + "cveId": "CVE-2024-11585", + "description": "The WP Hide & Security Enhancer plugin for WordPress is vulnerable to arbitrary file contents deletion due to a missing authorization and insufficient file path validation in the file-process.php in all versions up to, and including, 2.5.1. This makes it possible for unauthenticated attackers to delete the contents of arbitrary files on the server, which can break the site or lead to data loss.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://plugins.trac.wordpress.org/browser/wp-hide-security-enhancer/tags/2.5.1/router/file-process.php#L43", + "https://www.wordfence.com/threat-intel/vulnerabilities/id/43c7056e-39d8-467e-92ec-33a31e5dafc9?source=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:nsp-code:wp_hide_\\&_security_enhancer:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "wp-hide-security-enhancer", + "packageType": "wordpress-plugin", + "product": "WP Hide & Security Enhancer", + "repo": "https://plugins.svn.wordpress.org/wp-hide-security-enhancer", + "vendor": "nsp-code", + "versions": [ + { + "lessThan": "2.5.2", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-11728.json b/data/anchore/2024/CVE-2024-11728.json new file mode 100644 index 00000000..bb339caa --- /dev/null +++ b/data/anchore/2024/CVE-2024-11728.json @@ -0,0 +1,39 @@ +{ + "additionalMetadata": { + "cna": "wordfence", + "cveId": "CVE-2024-11728", + "description": "The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the 'visit_type[service_id]' parameter of the tax_calculated_data AJAX action in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://plugins.trac.wordpress.org/changeset/3201428/kivicare-clinic-management-system/trunk/app/controllers/KCTaxController.php", + "https://www.wordfence.com/threat-intel/vulnerabilities/id/53c18834-3026-4d4d-888b-add314a0e56e?source=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:iqonic:kivicare:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "kivicare-clinic-management-system", + "packageType": "wordpress-plugin", + "product": "KiviCare – Clinic & Patient Management System (EHR)", + "repo": "https://plugins.svn.wordpress.org/kivicare-clinic-management-system", + "vendor": "iqonicdesign", + "versions": [ + { + "lessThan": "3.6.5", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-11729.json b/data/anchore/2024/CVE-2024-11729.json new file mode 100644 index 00000000..1637bb6d --- /dev/null +++ b/data/anchore/2024/CVE-2024-11729.json @@ -0,0 +1,39 @@ +{ + "additionalMetadata": { + "cna": "wordfence", + "cveId": "CVE-2024-11729", + "description": "The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the 'service_list[0][service_id]' parameter of the get_widget_payment_options AJAX action in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Custom-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://plugins.trac.wordpress.org/changeset/3201428/kivicare-clinic-management-system/trunk/app/controllers/KCBookAppointmentWidgetController.php", + "https://www.wordfence.com/threat-intel/vulnerabilities/id/86632212-37b5-4280-8a2a-163957ad9787?source=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:iqonic:kivicare:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "kivicare-clinic-management-system", + "packageType": "wordpress-plugin", + "product": "KiviCare – Clinic & Patient Management System (EHR)", + "repo": "https://plugins.svn.wordpress.org/kivicare-clinic-management-system", + "vendor": "iqonicdesign", + "versions": [ + { + "lessThan": "3.6.5", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-11730.json b/data/anchore/2024/CVE-2024-11730.json new file mode 100644 index 00000000..898272de --- /dev/null +++ b/data/anchore/2024/CVE-2024-11730.json @@ -0,0 +1,39 @@ +{ + "additionalMetadata": { + "cna": "wordfence", + "cveId": "CVE-2024-11730", + "description": "The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the 'sort[]' parameter of the static_data_list AJAX action in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with doctor/receptionist-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://plugins.trac.wordpress.org/changeset/3201428/kivicare-clinic-management-system/trunk/app/controllers/KCStaticDataController.php", + "https://www.wordfence.com/threat-intel/vulnerabilities/id/30f2a3ee-7f95-478c-b3d7-c254b9472d42?source=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:iqonic:kivicare:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "kivicare-clinic-management-system", + "packageType": "wordpress-plugin", + "product": "KiviCare – Clinic & Patient Management System (EHR)", + "repo": "https://plugins.svn.wordpress.org/kivicare-clinic-management-system", + "vendor": "iqonicdesign", + "versions": [ + { + "lessThan": "3.6.5", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-12026.json b/data/anchore/2024/CVE-2024-12026.json new file mode 100644 index 00000000..57a7b2e2 --- /dev/null +++ b/data/anchore/2024/CVE-2024-12026.json @@ -0,0 +1,39 @@ +{ + "additionalMetadata": { + "cna": "wordfence", + "cveId": "CVE-2024-12026", + "description": "The Message Filter for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveFilter() function in all versions up to, and including, 1.6.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create new filters.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://wordpress.org/plugins/cf7-message-filter/", + "https://www.wordfence.com/threat-intel/vulnerabilities/id/7e7044aa-a1e7-4b1d-9f50-5e250426c6b0?source=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:kofimokome:message_filter_for_contact_form_7:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "cf7-message-filter", + "packageType": "wordpress-plugin", + "product": "Message Filter for Contact Form 7", + "repo": "https://plugins.svn.wordpress.org/cf7-message-filter", + "vendor": "kofimokome", + "versions": [ + { + "lessThanOrEqual": "1.6.3", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-12027.json b/data/anchore/2024/CVE-2024-12027.json new file mode 100644 index 00000000..84c1b92e --- /dev/null +++ b/data/anchore/2024/CVE-2024-12027.json @@ -0,0 +1,39 @@ +{ + "additionalMetadata": { + "cna": "wordfence", + "cveId": "CVE-2024-12027", + "description": "The Message Filter for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updateFilter() and deleteFilter() functions in all versions up to, and including, 1.6.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to update and delete filters.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://wordpress.org/plugins/cf7-message-filter/#developers", + "https://www.wordfence.com/threat-intel/vulnerabilities/id/5754d2eb-dd31-4056-8a02-8b71b78f774b?source=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:kofimokome:message_filter_for_contact_form_7:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "cf7-message-filter", + "packageType": "wordpress-plugin", + "product": "Message Filter for Contact Form 7", + "repo": "https://plugins.svn.wordpress.org/cf7-message-filter", + "vendor": "kofimokome", + "versions": [ + { + "lessThanOrEqual": "1.6.3", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-12128.json b/data/anchore/2024/CVE-2024-12128.json new file mode 100644 index 00000000..11830d3f --- /dev/null +++ b/data/anchore/2024/CVE-2024-12128.json @@ -0,0 +1,39 @@ +{ + "additionalMetadata": { + "cna": "wordfence", + "cveId": "CVE-2024-12128", + "description": "The Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘monthly_sales_current_year’ parameter in all versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://wordpress.org/plugins/simple-e-commerce-shopping-cart/#developers", + "https://www.wordfence.com/threat-intel/vulnerabilities/id/c7d688af-649c-4858-9c63-b12933d78bc2?source=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:simple-e-commerce-shopping-cart_project:simple-e-commerce-shopping-cart:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "simple-e-commerce-shopping-cart", + "packageType": "wordpress-plugin", + "product": "Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal", + "repo": "https://plugins.svn.wordpress.org/simple-e-commerce-shopping-cart", + "vendor": "nshowketgmailcom", + "versions": [ + { + "lessThanOrEqual": "3.1.2", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-12253.json b/data/anchore/2024/CVE-2024-12253.json new file mode 100644 index 00000000..7e1e7e0d --- /dev/null +++ b/data/anchore/2024/CVE-2024-12253.json @@ -0,0 +1,39 @@ +{ + "additionalMetadata": { + "cna": "wordfence", + "cveId": "CVE-2024-12253", + "description": "The Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'save_settings', 'export_csv', and 'simpleecommcart-action' actions in all versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the plugins settings and retrieve order and log data (which is also accessible to unauthenticated users).", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://wordpress.org/plugins/simple-e-commerce-shopping-cart/#developers", + "https://www.wordfence.com/threat-intel/vulnerabilities/id/1c6a1956-73aa-4ac3-ae1c-ef5f62bad718?source=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:simple-e-commerce-shopping-cart_project:simple-e-commerce-shopping-cart:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "simple-e-commerce-shopping-cart", + "packageType": "wordpress-plugin", + "product": "Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal", + "repo": "https://plugins.svn.wordpress.org/simple-e-commerce-shopping-cart", + "vendor": "nshowketgmailcom", + "versions": [ + { + "lessThanOrEqual": "3.1.2", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-12254.json b/data/anchore/2024/CVE-2024-12254.json new file mode 100644 index 00000000..5312ae31 --- /dev/null +++ b/data/anchore/2024/CVE-2024-12254.json @@ -0,0 +1,52 @@ +{ + "additionalMetadata": { + "cna": "psf", + "cveId": "CVE-2024-12254", + "description": "Starting in Python 3.12.0, the asyncio._SelectorSocketTransport.writelines()\n method would not \"pause\" writing and signal to the Protocol to drain \nthe buffer to the wire once the write buffer reached the \"high-water \nmark\". Because of this, Protocols would not periodically drain the write\n buffer potentially leading to memory exhaustion.\n\n\n\n\n\nThis\n vulnerability likely impacts a small number of users, you must be using\n Python 3.12.0 or later, on macOS or Linux, using the asyncio module \nwith protocols, and using .writelines() method which had new \nzero-copy-on-write behavior in Python 3.12.0 and later. If not all of \nthese factors are true then your usage of Python is unaffected.", + "needsReview": true, + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://github.com/python/cpython/commit/71e8429ac8e2adc10084ab5ec29a62f4b6671a82", + "https://github.com/python/cpython/commit/9aa0deb2eef2655a1029ba228527b152353135b5", + "https://github.com/python/cpython/issues/127655", + "https://github.com/python/cpython/pull/127656", + "https://mail.python.org/archives/list/security-announce@python.org/thread/H4O3UBAOAQQXGT4RE3E4XQYR5XLROORB/" + ], + "toDos": [ + "Monitor for releases of the backported fixes to 3.12 and 3.13" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://github.com", + "cpes": [ + "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*" + ], + "modules": [ + "asyncio" + ], + "packageName": "python/cpython", + "platforms": [ + "Linux", + "MacOS" + ], + "product": "CPython", + "repo": "https://github.com/python/cpython", + "vendor": "Python Software Foundation", + "versions": [ + { + "lessThan": "3.14.0a2", + "status": "affected", + "version": "3.12.0", + "versionType": "python" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-35173.json b/data/anchore/2024/CVE-2024-35173.json index cfd8aaa3..a6c6bf0c 100644 --- a/data/anchore/2024/CVE-2024-35173.json +++ b/data/anchore/2024/CVE-2024-35173.json @@ -21,7 +21,7 @@ "vendor": "PluginEver", "versions": [ { - "lessThanOrEqual": "1.7.3", + "lessThan": "2.1.1", "status": "affected", "version": "0", "versionType": "custom" diff --git a/data/anchore/2024/CVE-2024-3658.json b/data/anchore/2024/CVE-2024-3658.json index dc9d0a32..f0cac3a3 100644 --- a/data/anchore/2024/CVE-2024-3658.json +++ b/data/anchore/2024/CVE-2024-3658.json @@ -18,6 +18,7 @@ "packageName": "build-app-online", "packageType": "wordpress-plugin", "product": "Build App Online", + "repo": "https://plugins.svn.wordpress.org/build-app-online", "vendor": "hakeemnala", "versions": [ { diff --git a/data/anchore/2024/CVE-2024-37213.json b/data/anchore/2024/CVE-2024-37213.json index 36847094..b139f9db 100644 --- a/data/anchore/2024/CVE-2024-37213.json +++ b/data/anchore/2024/CVE-2024-37213.json @@ -23,7 +23,7 @@ "vendor": "Ali2Woo Team", "versions": [ { - "lessThanOrEqual": "3.3.9", + "lessThan": "3.4.7", "status": "affected", "version": "0", "versionType": "custom" diff --git a/data/anchore/2024/CVE-2024-3722.json b/data/anchore/2024/CVE-2024-3722.json index 15d7c16d..5a8afe11 100644 --- a/data/anchore/2024/CVE-2024-3722.json +++ b/data/anchore/2024/CVE-2024-3722.json @@ -18,6 +18,7 @@ "packageName": "swift-performance-lite", "packageType": "wordpress-plugin", "product": "Swift Performance Lite", + "repo": "https://plugins.svn.wordpress.org/swift-performance-lite", "vendor": "swte", "versions": [ { diff --git a/data/anchore/2024/CVE-2024-4633.json b/data/anchore/2024/CVE-2024-4633.json new file mode 100644 index 00000000..3f80eba7 --- /dev/null +++ b/data/anchore/2024/CVE-2024-4633.json @@ -0,0 +1,40 @@ +{ + "additionalMetadata": { + "cna": "wordfence", + "cveId": "CVE-2024-4633", + "description": "The Slider and Carousel slider by Depicter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘addExtraMimeType’ function in versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://plugins.trac.wordpress.org/browser/depicter/tags/2.1.11/app/src/WordPress/SVGServiceProvider.php#L52", + "https://plugins.trac.wordpress.org/changeset/3134888/", + "https://www.wordfence.com/threat-intel/vulnerabilities/id/965cacd3-1786-4e7d-8209-eea293b161d3?source=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:depicter:depicter:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "depicter", + "packageType": "wordpress-plugin", + "product": "Slider & Popup Builder by Depicter – Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel", + "repo": "https://plugins.svn.wordpress.org/depicter", + "vendor": "averta", + "versions": [ + { + "lessThan": "3.2.2", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47913.json b/data/anchore/2024/CVE-2024-47913.json index 7bda1ceb..7b24bac1 100644 --- a/data/anchore/2024/CVE-2024-47913.json +++ b/data/anchore/2024/CVE-2024-47913.json @@ -12,9 +12,12 @@ "adp": { "affected": [ { + "collectionURL": "https://packagist.org", "cpes": [ "cpe:2.3:a:mediawiki:abusefilter:*:*:*:*:*:mediawiki:*:*" ], + "packageName": "mediawiki/abuse-filter", + "packageType": "php-composer", "product": "AbuseFilter", "repo": "https://gerrit.wikimedia.org/r/mediawiki/extensions/AbuseFilter", "vendor": "MediaWiki", diff --git a/data/anchore/2024/CVE-2024-53795.json b/data/anchore/2024/CVE-2024-53795.json new file mode 100644 index 00000000..9f61a460 --- /dev/null +++ b/data/anchore/2024/CVE-2024-53795.json @@ -0,0 +1,41 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-53795", + "description": "Missing Authorization vulnerability in Andy Moyle Church Admin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Church Admin: from n/a through 5.0.8.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/church-admin/vulnerability/wordpress-church-admin-plugin-5-0-8-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Church Admin plugin to the latest available version (at least 5.0.9)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:church_admin_project:church_admin:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "church-admin", + "packageType": "wordpress-plugin", + "product": "Church Admin", + "repo": "https://plugins.svn.wordpress.org/church-admin", + "vendor": "Andy Moyle", + "versions": [ + { + "lessThanOrEqual": "5.0.8", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-53796.json b/data/anchore/2024/CVE-2024-53796.json new file mode 100644 index 00000000..3e9725b5 --- /dev/null +++ b/data/anchore/2024/CVE-2024-53796.json @@ -0,0 +1,41 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-53796", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themesflat Themesflat Addons For Elementor allows DOM-Based XSS.This issue affects Themesflat Addons For Elementor: from n/a through 2.2.2.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/themesflat-addons-for-elementor/vulnerability/wordpress-themesflat-addons-for-elementor-plugin-2-2-2-cross-site-scripting-xss-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Themesflat Addons For Elementor plugin to the latest available version (at least 2.2.3)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:themesflat:themesflat_addons_for_elementor:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "themesflat-addons-for-elementor", + "packageType": "wordpress-plugin", + "product": "Themesflat Addons For Elementor", + "repo": "https://plugins.svn.wordpress.org/themesflat-addons-for-elementor", + "vendor": "Themesflat", + "versions": [ + { + "lessThanOrEqual": "2.2.2", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-53797.json b/data/anchore/2024/CVE-2024-53797.json new file mode 100644 index 00000000..f29815f9 --- /dev/null +++ b/data/anchore/2024/CVE-2024-53797.json @@ -0,0 +1,41 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-53797", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Beaver Builder Team Beaver Builder allows Stored XSS.This issue affects Beaver Builder: from n/a through 2.8.4.3.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/beaver-builder-lite-version/vulnerability/wordpress-beaver-builder-wordpress-page-builder-plugin-2-8-4-3-cross-site-scripting-xss-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Beaver Builder plugin to the latest available version (at least 2.8.4.4)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:fastlinemedia:beaver_builder:*:*:*:*:lite:wordpress:*:*" + ], + "packageName": "beaver-builder-lite-version", + "packageType": "wordpress-plugin", + "product": "Beaver Builder", + "repo": "https://plugins.svn.wordpress.org/beaver-builder-lite-version", + "vendor": "The Beaver Builder Team", + "versions": [ + { + "lessThanOrEqual": "2.8.4.3", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-53801.json b/data/anchore/2024/CVE-2024-53801.json new file mode 100644 index 00000000..56c8e789 --- /dev/null +++ b/data/anchore/2024/CVE-2024-53801.json @@ -0,0 +1,41 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-53801", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldThemes Bold Page Builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through 5.2.1.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/bold-page-builder/vulnerability/wordpress-bold-page-builder-plugin-5-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Bold Page Builder plugin to the latest available version (at least 5.2.2)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:bold-themes:bold_page_builder:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "bold-page-builder", + "packageType": "wordpress-plugin", + "product": "Bold Page Builder", + "repo": "https://plugins.svn.wordpress.org/bold-page-builder", + "vendor": "BoldThemes", + "versions": [ + { + "lessThanOrEqual": "5.2.1", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-53802.json b/data/anchore/2024/CVE-2024-53802.json new file mode 100644 index 00000000..df7b4912 --- /dev/null +++ b/data/anchore/2024/CVE-2024-53802.json @@ -0,0 +1,41 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-53802", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FuturioWP Futurio Extra allows Stored XSS.This issue affects Futurio Extra: from n/a through 2.0.14.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/futurio-extra/vulnerability/wordpress-futurio-extra-plugin-2-0-14-cross-site-scripting-xss-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Futurio Extra plugin to the latest available version (at least 2.0.15)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:futuriowp:futurio_extra:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "futurio-extra", + "packageType": "wordpress-plugin", + "product": "Futurio Extra", + "repo": "https://plugins.svn.wordpress.org/futurio-extra", + "vendor": "FuturioWP", + "versions": [ + { + "lessThanOrEqual": "2.0.14", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-53803.json b/data/anchore/2024/CVE-2024-53803.json new file mode 100644 index 00000000..28b2087a --- /dev/null +++ b/data/anchore/2024/CVE-2024-53803.json @@ -0,0 +1,41 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-53803", + "description": "Missing Authorization vulnerability in brandtoss WP Mailster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Mailster: from n/a through 1.8.16.0.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/wp-mailster/vulnerability/wordpress-wp-mailster-plugin-1-8-16-0-broken-access-control-vulnerability-2?_s_id=cve" + ], + "solutions": [ + "Update the WordPress WP Mailster plugin to the latest available version (at least 1.8.17.0)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:wpmailster:wp_mailster:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "wp-mailster", + "packageType": "wordpress-plugin", + "product": "WP Mailster", + "repo": "https://plugins.svn.wordpress.org/wp-mailster", + "vendor": "brandtoss", + "versions": [ + { + "lessThanOrEqual": "1.8.16.0", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-53804.json b/data/anchore/2024/CVE-2024-53804.json new file mode 100644 index 00000000..d589c61f --- /dev/null +++ b/data/anchore/2024/CVE-2024-53804.json @@ -0,0 +1,41 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-53804", + "description": "Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster allows Retrieve Embedded Sensitive Data.This issue affects WP Mailster: from n/a through 1.8.16.0.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/wp-mailster/vulnerability/wordpress-wp-mailster-plugin-1-8-16-0-sensitive-data-exposure-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress WP Mailster plugin to the latest available version (at least 1.8.17.0)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:wpmailster:wp_mailster:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "wp-mailster", + "packageType": "wordpress-plugin", + "product": "WP Mailster", + "repo": "https://plugins.svn.wordpress.org/wp-mailster", + "vendor": "brandtoss", + "versions": [ + { + "lessThanOrEqual": "1.8.16.0", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-53805.json b/data/anchore/2024/CVE-2024-53805.json new file mode 100644 index 00000000..5556d54a --- /dev/null +++ b/data/anchore/2024/CVE-2024-53805.json @@ -0,0 +1,41 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-53805", + "description": "Missing Authorization vulnerability in brandtoss WP Mailster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Mailster: from n/a through 1.8.16.0.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/wp-mailster/vulnerability/wordpress-wp-mailster-plugin-1-8-16-0-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress WP Mailster plugin to the latest available version (at least 1.8.17.0)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:wpmailster:wp_mailster:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "wp-mailster", + "packageType": "wordpress-plugin", + "product": "WP Mailster", + "repo": "https://plugins.svn.wordpress.org/wp-mailster", + "vendor": "brandtoss", + "versions": [ + { + "lessThanOrEqual": "1.8.16.0", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-53806.json b/data/anchore/2024/CVE-2024-53806.json new file mode 100644 index 00000000..4194ee8a --- /dev/null +++ b/data/anchore/2024/CVE-2024-53806.json @@ -0,0 +1,41 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-53806", + "description": "Missing Authorization vulnerability in WpMaspik Maspik – Spam blacklist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Maspik – Spam blacklist: from n/a through 2.2.7.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/contact-forms-anti-spam/vulnerability/wordpress-maspik-plugin-2-2-7-csrf-to-settings-change-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Maspik – Spam blacklist plugin to the latest available version (at least 2.2.8)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:wpmaspik:maspik:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "contact-forms-anti-spam", + "packageType": "wordpress-plugin", + "product": "Maspik – Spam blacklist", + "repo": "https://plugins.svn.wordpress.org/contact-forms-anti-spam", + "vendor": "WpMaspik", + "versions": [ + { + "lessThanOrEqual": "2.2.7", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-53807.json b/data/anchore/2024/CVE-2024-53807.json new file mode 100644 index 00000000..5d198cf9 --- /dev/null +++ b/data/anchore/2024/CVE-2024-53807.json @@ -0,0 +1,41 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-53807", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in brandtoss WP Mailster allows Blind SQL Injection.This issue affects WP Mailster: from n/a through 1.8.16.0.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/wp-mailster/vulnerability/wordpress-wp-mailster-plugin-1-8-16-0-sql-injection-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress WP Mailster plugin to the latest available version (at least 1.8.17.0)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:wpmailster:wp_mailster:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "wp-mailster", + "packageType": "wordpress-plugin", + "product": "WP Mailster", + "repo": "https://plugins.svn.wordpress.org/wp-mailster", + "vendor": "brandtoss", + "versions": [ + { + "lessThanOrEqual": "1.8.16.0", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-53808.json b/data/anchore/2024/CVE-2024-53808.json new file mode 100644 index 00000000..3155b25e --- /dev/null +++ b/data/anchore/2024/CVE-2024-53808.json @@ -0,0 +1,42 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-53808", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Basix NEX-Forms – Ultimate Form Builder allows SQL Injection.This issue affects NEX-Forms – Ultimate Form Builder: from n/a through 8.7.8.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/nex-forms-express-wp-form-builder/vulnerability/wordpress-nex-forms-plugin-8-7-8-sql-injection-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress NEX-Forms – Ultimate Form Builder plugin to the latest available version (at least 8.7.9)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:basixonline:nex-forms:*:*:*:*:*:wordpress:*:*", + "cpe:2.3:a:nex-forms_-_ultimate_form_builder_project:nex-forms_-_ultimate_form_builder:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "nex-forms-express-wp-form-builder", + "packageType": "wordpress-plugin", + "product": "NEX-Forms – Ultimate Form Builder", + "repo": "https://plugins.svn.wordpress.org/nex-forms-express-wp-form-builder", + "vendor": "Basix", + "versions": [ + { + "lessThanOrEqual": "8.7.8", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-53809.json b/data/anchore/2024/CVE-2024-53809.json new file mode 100644 index 00000000..56137f0e --- /dev/null +++ b/data/anchore/2024/CVE-2024-53809.json @@ -0,0 +1,41 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-53809", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in Kiboko Labs Namaste! LMS allows Cross Site Request Forgery.This issue affects Namaste! LMS: from n/a through 2.6.4.1.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/namaste-lms/vulnerability/wordpress-namaste-lms-plugin-2-6-4-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Namaste! LMS plugin to the latest available version (at least 2.6.5)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:kibokolabs:namaste\\!_lms:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "namaste-lms", + "packageType": "wordpress-plugin", + "product": "Namaste! LMS", + "repo": "https://plugins.svn.wordpress.org/namaste-lms", + "vendor": "Kiboko Labs", + "versions": [ + { + "lessThanOrEqual": "2.6.4.1", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-53810.json b/data/anchore/2024/CVE-2024-53810.json new file mode 100644 index 00000000..c0f8ea51 --- /dev/null +++ b/data/anchore/2024/CVE-2024-53810.json @@ -0,0 +1,41 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-53810", + "description": "Missing Authorization vulnerability in Najeeb Ahmad Simple User Registration allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Simple User Registration: from n/a through 5.5.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/wp-registration/vulnerability/wordpress-simple-user-registration-plugin-5-5-broken-access-control-on-user-deletion-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Simple User Registration plugin to the latest available version (at least 6.0)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:najeebmedia:simple_user_registration:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "wp-registration", + "packageType": "wordpress-plugin", + "product": "Simple User Registration", + "repo": "https://plugins.svn.wordpress.org/wp-registration", + "vendor": "Najeeb Ahmad", + "versions": [ + { + "lessThanOrEqual": "5.5", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-53813.json b/data/anchore/2024/CVE-2024-53813.json new file mode 100644 index 00000000..a8e189f3 --- /dev/null +++ b/data/anchore/2024/CVE-2024-53813.json @@ -0,0 +1,41 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-53813", + "description": "Missing Authorization vulnerability in WP Travel WP Travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through 9.6.0.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/wp-travel/vulnerability/wordpress-wp-travel-plugin-9-6-0-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress WP Travel plugin to the latest available version (at least 9.7.0)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:wensolutions:wp_travel:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "wp-travel", + "packageType": "wordpress-plugin", + "product": "WP Travel", + "repo": "https://plugins.svn.wordpress.org/wp-travel", + "vendor": "WP Travel", + "versions": [ + { + "lessThanOrEqual": "9.6.0", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-53815.json b/data/anchore/2024/CVE-2024-53815.json new file mode 100644 index 00000000..24dbde9e --- /dev/null +++ b/data/anchore/2024/CVE-2024-53815.json @@ -0,0 +1,41 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-53815", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PINPOINT.WORLD Pinpoint Booking System allows Blind SQL Injection.This issue affects Pinpoint Booking System: from n/a through 2.9.9.5.1.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/booking-system/vulnerability/wordpress-pinpoint-booking-system-plugin-2-9-9-5-2-sql-injection-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Pinpoint Booking System wordpress plugin to the latest available version (at least 2.9.9.5.2)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:pinpoint:pinpoint_booking_system:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "booking-system", + "packageType": "wordpress-plugin", + "product": "Pinpoint Booking System", + "repo": "https://plugins.svn.wordpress.org/booking-system", + "vendor": "PINPOINT.WORLD", + "versions": [ + { + "lessThanOrEqual": "2.9.9.5.1", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-53817.json b/data/anchore/2024/CVE-2024-53817.json new file mode 100644 index 00000000..be8cc027 --- /dev/null +++ b/data/anchore/2024/CVE-2024-53817.json @@ -0,0 +1,41 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-53817", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Acowebs Product Labels For Woocommerce allows Blind SQL Injection.This issue affects Product Labels For Woocommerce: from n/a through 1.5.8.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/aco-product-labels-for-woocommerce/vulnerability/wordpress-acowebs-product-labels-for-woocommerce-plugin-1-5-8-sql-injection-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Product Labels For Woocommerce plugin to the latest available version (at least 1.5.9)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:acowebs:product_labels_for_woocommerce_\\(sale_badges\\):*:*:*:*:*:wordpress:*:*" + ], + "packageName": "aco-product-labels-for-woocommerce", + "packageType": "wordpress-plugin", + "product": "Product Labels For Woocommerce", + "repo": "https://plugins.svn.wordpress.org/aco-product-labels-for-woocommerce", + "vendor": "Acowebs", + "versions": [ + { + "lessThanOrEqual": "1.5.8", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-53823.json b/data/anchore/2024/CVE-2024-53823.json new file mode 100644 index 00000000..9f1cd01c --- /dev/null +++ b/data/anchore/2024/CVE-2024-53823.json @@ -0,0 +1,42 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-53823", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows DOM-Based XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through 5.6.14.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/the-plus-addons-for-elementor-page-builder/vulnerability/wordpress-the-plus-addons-for-elementor-plugin-5-6-14-cross-site-scripting-xss-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress The Plus Addons for Elementor Page Builder Lite plugin to the latest available version (at least 6.0.1)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:posimyth:the_plus_addons_for_elementor:*:*:*:*:free:wordpress:*:*", + "cpe:2.3:a:posimyth:the_plus_addons_for_elementor_page_builder_lite:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "the-plus-addons-for-elementor-page-builder", + "packageType": "wordpress-plugin", + "product": "The Plus Addons for Elementor Page Builder Lite", + "repo": "https://plugins.svn.wordpress.org/the-plus-addons-for-elementor-page-builder", + "vendor": "POSIMYTH", + "versions": [ + { + "lessThanOrEqual": "5.6.14", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-53824.json b/data/anchore/2024/CVE-2024-53824.json new file mode 100644 index 00000000..86db45e8 --- /dev/null +++ b/data/anchore/2024/CVE-2024-53824.json @@ -0,0 +1,41 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-53824", + "description": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AREOI All Bootstrap Blocks allows PHP Local File Inclusion.This issue affects All Bootstrap Blocks: from n/a through 1.3.19.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/all-bootstrap-blocks/vulnerability/wordpress-all-bootstrap-blocks-plugin-1-3-20-local-file-inclusion-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress All Bootstrap Blocks plugin to the latest available version (at least 1.3.20)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:areoi:all_bootstrap_blocks:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "all-bootstrap-blocks", + "packageType": "wordpress-plugin", + "product": "All Bootstrap Blocks", + "repo": "https://plugins.svn.wordpress.org/all-bootstrap-blocks", + "vendor": "AREOI", + "versions": [ + { + "lessThanOrEqual": "1.3.19", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-53825.json b/data/anchore/2024/CVE-2024-53825.json new file mode 100644 index 00000000..1f2d8d43 --- /dev/null +++ b/data/anchore/2024/CVE-2024-53825.json @@ -0,0 +1,41 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-53825", + "description": "Missing Authorization vulnerability in Ninja Team Filebird allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filebird: from n/a through 6.3.2.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/filebird/vulnerability/wordpress-filebird-lite-plugin-6-3-2-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update the WordPress Filebird plugin to the latest available version (at least 6.3.4)." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:ninjateam:filebird:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "filebird", + "packageType": "wordpress-plugin", + "product": "Filebird", + "repo": "https://plugins.svn.wordpress.org/filebird", + "vendor": "Ninja Team", + "versions": [ + { + "lessThanOrEqual": "6.3.2", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-54014.json b/data/anchore/2024/CVE-2024-54014.json index 2ab86b26..5896c9eb 100644 --- a/data/anchore/2024/CVE-2024-54014.json +++ b/data/anchore/2024/CVE-2024-54014.json @@ -16,10 +16,10 @@ "cpes": [ "cpe:2.3:a:skylark:skylark:*:*:*:*:*:android:*:*" ], - "product": "'Skylark' App for Android", "platforms": [ "Android" ], + "product": "'Skylark' App for Android", "vendor": "SKYLARK HOLDINGS CO., LTD.", "versions": [ { @@ -34,10 +34,10 @@ "cpes": [ "cpe:2.3:a:skylark:skylark:*:*:*:*:*:iphone_os:*:*" ], - "product": "'Skylark' App for iOS", "platforms": [ "iOS" ], + "product": "'Skylark' App for iOS", "vendor": "SKYLARK HOLDINGS CO., LTD.", "versions": [ { diff --git a/data/anchore/2024/CVE-2024-54138.json b/data/anchore/2024/CVE-2024-54138.json new file mode 100644 index 00000000..a7199ca0 --- /dev/null +++ b/data/anchore/2024/CVE-2024-54138.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "github_m", + "cveId": "CVE-2024-54138", + "description": "NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability related to its handling of autolinks in Markdown content. While the platform properly filters out JavaScript from standard links, it does not adequately sanitize autolinks. This oversight allows attackers to exploit autolinks as a vector for Cross-Site Scripting (XSS) attacks. This vulnerability is fixed in 2024.12.06.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://github.com/NuGet/NuGetGallery/pull/10296", + "https://github.com/NuGet/NuGetGallery/security/advisories/GHSA-x448-p234-x5p8" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://github.com", + "cpes": [ + "cpe:2.3:a:microsoft:nugetgallery:*:*:*:*:*:*:*:*" + ], + "packageName": "nuget/nugetgallery", + "product": "NuGetGallery", + "repo": "https://github.com/nuget/nugetgallery", + "vendor": "NuGet", + "versions": [ + { + "lessThan": "2024.12.06", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-54141.json b/data/anchore/2024/CVE-2024-54141.json new file mode 100644 index 00000000..f3b1c66b --- /dev/null +++ b/data/anchore/2024/CVE-2024-54141.json @@ -0,0 +1,39 @@ +{ + "additionalMetadata": { + "cna": "github_m", + "cveId": "CVE-2024-54141", + "description": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Prior to 4.0.0, phpMyFAQ exposes the database (ie postgreSQL) server's credential when connection to DB fails. This vulnerability is fixed in 4.0.0.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://github.com/thorsten/phpMyFAQ/commit/b9289a0b2233df864361c131cd177b6715fbb0fe", + "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-vrjr-p3xp-xx2x" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://packagist.org", + "cpes": [ + "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:php:*:*" + ], + "packageName": "thorsten/phpmyfaq", + "packageType": "php-composer", + "product": "phpMyFAQ", + "repo": "https://github.com/thorsten/phpmyfaq", + "vendor": "thorsten", + "versions": [ + { + "lessThan": "4.0.0", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-54211.json b/data/anchore/2024/CVE-2024-54211.json new file mode 100644 index 00000000..4d6ec358 --- /dev/null +++ b/data/anchore/2024/CVE-2024-54211.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-54211", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visualmodo Borderless allows Cross-Site Scripting (XSS).This issue affects Borderless: from n/a through 1.5.8.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/borderless/vulnerability/wordpress-borderless-widgets-elements-templates-and-toolkit-for-elementor-gutenberg-plugin-1-5-7-cross-site-scripting-xss-vulnerability?_s_id=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:visualmodo:borderless:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "borderless", + "packageType": "wordpress-plugin", + "product": "Borderless", + "repo": "https://plugins.svn.wordpress.org/borderless", + "vendor": "Visualmodo", + "versions": [ + { + "lessThanOrEqual": "1.5.8", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-54212.json b/data/anchore/2024/CVE-2024-54212.json new file mode 100644 index 00000000..0e64e83d --- /dev/null +++ b/data/anchore/2024/CVE-2024-54212.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-54212", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor alam Magical Addons For Elementor allows Stored XSS.This issue affects Magical Addons For Elementor: from n/a through 1.2.6.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/wordpress/plugin/magical-addons-for-elementor/vulnerability/wordpress-magical-addons-for-elementor-plugin-1-2-6-cross-site-scripting-xss-vulnerability?_s_id=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:wpthemespace:magical_addons_for_elementor:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "magical-addons-for-elementor", + "packageType": "wordpress-plugin", + "product": "Magical Addons For Elementor", + "repo": "https://plugins.svn.wordpress.org/magical-addons-for-elementor", + "vendor": "Noor alam", + "versions": [ + { + "lessThanOrEqual": "1.2.6", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-8484.json b/data/anchore/2024/CVE-2024-8484.json index 13bd18fb..51f0bc4b 100644 --- a/data/anchore/2024/CVE-2024-8484.json +++ b/data/anchore/2024/CVE-2024-8484.json @@ -20,6 +20,7 @@ "packageName": "rest-api-to-miniprogram", "packageType": "wordpress-plugin", "product": "REST API TO MiniProgram", + "repo": "https://plugins.svn.wordpress.org/rest-api-to-miniprogram", "vendor": "xjb", "versions": [ { diff --git a/data/anchore/2024/CVE-2024-9213.json b/data/anchore/2024/CVE-2024-9213.json index 7deee023..4ec830c4 100644 --- a/data/anchore/2024/CVE-2024-9213.json +++ b/data/anchore/2024/CVE-2024-9213.json @@ -22,6 +22,7 @@ "packageName": "persian-woocommerce-sms", "packageType": "wordpress-plugin", "product": "افزونه پیامک ووکامرس Persian WooCommerce SMS", + "repo": "https://plugins.svn.wordpress.org/persian-woocommerce-sms", "vendor": "persianscript", "versions": [ { diff --git a/data/anchore/2024/CVE-2024-9866.json b/data/anchore/2024/CVE-2024-9866.json new file mode 100644 index 00000000..ea531922 --- /dev/null +++ b/data/anchore/2024/CVE-2024-9866.json @@ -0,0 +1,40 @@ +{ + "additionalMetadata": { + "cna": "wordfence", + "cveId": "CVE-2024-9866", + "description": "The Event Tickets with Ticket Scanner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data' parameters in all versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping and missing authorization on the functionality to manage tickets. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This missing authorization aspect of this was patched in 2.4.1, while the Cross-Site Scripting was fully patched in 2.4.4.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3172740%40event-tickets-with-ticket-scanner&new=3172740%40event-tickets-with-ticket-scanner&sfp_email=&sfph_mail=", + "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3201198%40event-tickets-with-ticket-scanner&new=3201198%40event-tickets-with-ticket-scanner&sfp_email=&sfph_mail=", + "https://www.wordfence.com/threat-intel/vulnerabilities/id/4dcf1133-d437-4f0a-b2cf-c91e0f6b6ca9?source=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:vollstart:event_tickets_with_ticket_scanner:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "event-tickets-with-ticket-scanner", + "packageType": "wordpress-plugin", + "product": "Event Tickets with Ticket Scanner", + "repo": "https://plugins.svn.wordpress.org/event-tickets-with-ticket-scanner", + "vendor": "sasonikolov", + "versions": [ + { + "lessThan": "2.4.4", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-9872.json b/data/anchore/2024/CVE-2024-9872.json new file mode 100644 index 00000000..d6afe97a --- /dev/null +++ b/data/anchore/2024/CVE-2024-9872.json @@ -0,0 +1,40 @@ +{ + "additionalMetadata": { + "cna": "wordfence", + "cveId": "CVE-2024-9872", + "description": "The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_save_user_data_callback() function in all versions up to, and including, 4.5.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject malicious web scripts and update settings.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://plugins.trac.wordpress.org/changeset/3200129/meeting-scheduler-by-vcita/trunk/vcita-ajax-function.php", + "https://www.wordfence.com/threat-intel/vulnerabilities/id/963c2d10-692b-4447-8d0b-7ccc2e533f01?source=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:vcita:online_booking_\\&_scheduling_calendar_for_wordpress:*:*:*:*:*:wordpress:*:*", + "cpe:2.3:a:vcita:online_booking_\\&_scheduling_calendar_for_wordpress_by_vcita:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "meeting-scheduler-by-vcita", + "packageType": "wordpress-plugin", + "product": "Online Booking & Scheduling Calendar for WordPress by vcita", + "repo": "https://plugins.svn.wordpress.org/meeting-scheduler-by-vcita", + "vendor": "vcita", + "versions": [ + { + "lessThan": "4.5.2", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file