From f7394d1ae10f8a9d6db8b48ee26c4d8d1db6ad47 Mon Sep 17 00:00:00 2001 From: Weston Steimel Date: Fri, 18 Oct 2024 10:03:25 +0100 Subject: [PATCH] updates 2024-10-18 Signed-off-by: Weston Steimel --- data/anchore/2024/CVE-2024-0385.json | 38 ++++++++++++++++++++++ data/anchore/2024/CVE-2024-1041.json | 39 ++++++++++++++++++++++ data/anchore/2024/CVE-2024-1042.json | 39 ++++++++++++++++++++++ data/anchore/2024/CVE-2024-1649.json | 38 ++++++++++++++++++++++ data/anchore/2024/CVE-2024-1650.json | 38 ++++++++++++++++++++++ data/anchore/2024/CVE-2024-1652.json | 38 ++++++++++++++++++++++ data/anchore/2024/CVE-2024-1653.json | 38 ++++++++++++++++++++++ data/anchore/2024/CVE-2024-1697.json | 39 ++++++++++++++++++++++ data/anchore/2024/CVE-2024-1906.json | 38 ++++++++++++++++++++++ data/anchore/2024/CVE-2024-1907.json | 38 ++++++++++++++++++++++ data/anchore/2024/CVE-2024-1909.json | 38 ++++++++++++++++++++++ data/anchore/2024/CVE-2024-1910.json | 38 ++++++++++++++++++++++ data/anchore/2024/CVE-2024-1912.json | 38 ++++++++++++++++++++++ data/anchore/2024/CVE-2024-24826.json | 7 ++-- data/anchore/2024/CVE-2024-25112.json | 7 ++-- data/anchore/2024/CVE-2024-30518.json | 47 +++++++++++++++++++++++++++ data/anchore/2024/CVE-2024-3288.json | 1 + data/anchore/2024/CVE-2024-33956.json | 47 +++++++++++++++++++++++++++ data/anchore/2024/CVE-2024-4082.json | 38 ++++++++++++++++++++++ data/anchore/2024/CVE-2024-43997.json | 46 ++++++++++++++++++++++++++ data/anchore/2024/CVE-2024-44033.json | 46 ++++++++++++++++++++++++++ data/anchore/2024/CVE-2024-47304.json | 46 ++++++++++++++++++++++++++ data/anchore/2024/CVE-2024-47312.json | 46 ++++++++++++++++++++++++++ data/anchore/2024/CVE-2024-47459.json | 34 +++++++++++++++++++ data/anchore/2024/CVE-2024-48021.json | 46 ++++++++++++++++++++++++++ data/anchore/2024/CVE-2024-48024.json | 43 ++++++++++++++++++++++++ data/anchore/2024/CVE-2024-48036.json | 41 +++++++++++++++++++++++ data/anchore/2024/CVE-2024-48037.json | 46 ++++++++++++++++++++++++++ data/anchore/2024/CVE-2024-48046.json | 41 +++++++++++++++++++++++ data/anchore/2024/CVE-2024-49248.json | 42 ++++++++++++++++++++++++ data/anchore/2024/CVE-2024-49259.json | 41 +++++++++++++++++++++++ data/anchore/2024/CVE-2024-49263.json | 38 ++++++++++++++++++++++ data/anchore/2024/CVE-2024-49264.json | 38 ++++++++++++++++++++++ data/anchore/2024/CVE-2024-49276.json | 38 ++++++++++++++++++++++ data/anchore/2024/CVE-2024-49277.json | 38 ++++++++++++++++++++++ data/anchore/2024/CVE-2024-49282.json | 38 ++++++++++++++++++++++ data/anchore/2024/CVE-2024-49283.json | 38 ++++++++++++++++++++++ data/anchore/2024/CVE-2024-49289.json | 37 +++++++++++++++++++++ data/anchore/2024/CVE-2024-49291.json | 37 +++++++++++++++++++++ data/anchore/2024/CVE-2024-49292.json | 42 ++++++++++++++++++++++++ data/anchore/2024/CVE-2024-49295.json | 38 ++++++++++++++++++++++ data/anchore/2024/CVE-2024-49297.json | 39 ++++++++++++++++++++++ data/anchore/2024/CVE-2024-49304.json | 38 ++++++++++++++++++++++ data/anchore/2024/CVE-2024-49307.json | 38 ++++++++++++++++++++++ data/anchore/2024/CVE-2024-49309.json | 37 +++++++++++++++++++++ data/anchore/2024/CVE-2024-49310.json | 38 ++++++++++++++++++++++ data/anchore/2024/CVE-2024-49311.json | 38 ++++++++++++++++++++++ data/anchore/2024/CVE-2024-49312.json | 38 ++++++++++++++++++++++ data/anchore/2024/CVE-2024-49579.json | 34 +++++++++++++++++++ data/anchore/2024/CVE-2024-49580.json | 34 +++++++++++++++++++ data/anchore/2024/CVE-2024-5229.json | 41 +++++++++++++++++++++++ data/anchore/2024/CVE-2024-5429.json | 37 +++++++++++++++++++++ data/anchore/2024/CVE-2024-7417.json | 39 ++++++++++++++++++++++ data/anchore/2024/CVE-2024-8548.json | 2 +- data/anchore/2024/CVE-2024-8632.json | 2 +- data/anchore/2024/CVE-2024-9184.json | 40 +++++++++++++++++++++++ data/anchore/2024/CVE-2024-9213.json | 41 +++++++++++++++++++++++ data/anchore/2024/CVE-2024-9240.json | 39 ++++++++++++++++++++++ data/anchore/2024/CVE-2024-9347.json | 39 ++++++++++++++++++++++ data/anchore/2024/CVE-2024-9414.json | 37 +++++++++++++++++++++ data/anchore/2024/CVE-2024-9820.json | 38 ++++++++++++++++++++++ data/anchore/2024/CVE-2024-9898.json | 41 +++++++++++++++++++++++ data/anchore/2024/CVE-2024-9940.json | 38 ++++++++++++++++++++++ data/anchore/2024/CVE-2024-9951.json | 40 +++++++++++++++++++++++ 64 files changed, 2346 insertions(+), 6 deletions(-) create mode 100644 data/anchore/2024/CVE-2024-0385.json create mode 100644 data/anchore/2024/CVE-2024-1041.json create mode 100644 data/anchore/2024/CVE-2024-1042.json create mode 100644 data/anchore/2024/CVE-2024-1649.json create mode 100644 data/anchore/2024/CVE-2024-1650.json create mode 100644 data/anchore/2024/CVE-2024-1652.json create mode 100644 data/anchore/2024/CVE-2024-1653.json create mode 100644 data/anchore/2024/CVE-2024-1697.json create mode 100644 data/anchore/2024/CVE-2024-1906.json create mode 100644 data/anchore/2024/CVE-2024-1907.json create mode 100644 data/anchore/2024/CVE-2024-1909.json create mode 100644 data/anchore/2024/CVE-2024-1910.json create mode 100644 data/anchore/2024/CVE-2024-1912.json create mode 100644 data/anchore/2024/CVE-2024-30518.json create mode 100644 data/anchore/2024/CVE-2024-33956.json create mode 100644 data/anchore/2024/CVE-2024-4082.json create mode 100644 data/anchore/2024/CVE-2024-43997.json create mode 100644 data/anchore/2024/CVE-2024-44033.json create mode 100644 data/anchore/2024/CVE-2024-47304.json create mode 100644 data/anchore/2024/CVE-2024-47312.json create mode 100644 data/anchore/2024/CVE-2024-47459.json create mode 100644 data/anchore/2024/CVE-2024-48021.json create mode 100644 data/anchore/2024/CVE-2024-48024.json create mode 100644 data/anchore/2024/CVE-2024-48036.json create mode 100644 data/anchore/2024/CVE-2024-48037.json create mode 100644 data/anchore/2024/CVE-2024-48046.json create mode 100644 data/anchore/2024/CVE-2024-49248.json create mode 100644 data/anchore/2024/CVE-2024-49259.json create mode 100644 data/anchore/2024/CVE-2024-49263.json create mode 100644 data/anchore/2024/CVE-2024-49264.json create mode 100644 data/anchore/2024/CVE-2024-49276.json create mode 100644 data/anchore/2024/CVE-2024-49277.json create mode 100644 data/anchore/2024/CVE-2024-49282.json create mode 100644 data/anchore/2024/CVE-2024-49283.json create mode 100644 data/anchore/2024/CVE-2024-49289.json create mode 100644 data/anchore/2024/CVE-2024-49291.json create mode 100644 data/anchore/2024/CVE-2024-49292.json create mode 100644 data/anchore/2024/CVE-2024-49295.json create mode 100644 data/anchore/2024/CVE-2024-49297.json create mode 100644 data/anchore/2024/CVE-2024-49304.json create mode 100644 data/anchore/2024/CVE-2024-49307.json create mode 100644 data/anchore/2024/CVE-2024-49309.json create mode 100644 data/anchore/2024/CVE-2024-49310.json create mode 100644 data/anchore/2024/CVE-2024-49311.json create mode 100644 data/anchore/2024/CVE-2024-49312.json create mode 100644 data/anchore/2024/CVE-2024-49579.json create mode 100644 data/anchore/2024/CVE-2024-49580.json create mode 100644 data/anchore/2024/CVE-2024-5229.json create mode 100644 data/anchore/2024/CVE-2024-5429.json create mode 100644 data/anchore/2024/CVE-2024-7417.json create mode 100644 data/anchore/2024/CVE-2024-9184.json create mode 100644 data/anchore/2024/CVE-2024-9213.json create mode 100644 data/anchore/2024/CVE-2024-9240.json create mode 100644 data/anchore/2024/CVE-2024-9347.json create mode 100644 data/anchore/2024/CVE-2024-9414.json create mode 100644 data/anchore/2024/CVE-2024-9820.json create mode 100644 data/anchore/2024/CVE-2024-9898.json create mode 100644 data/anchore/2024/CVE-2024-9940.json create mode 100644 data/anchore/2024/CVE-2024-9951.json diff --git a/data/anchore/2024/CVE-2024-0385.json b/data/anchore/2024/CVE-2024-0385.json new file mode 100644 index 00000000..0345b007 --- /dev/null +++ b/data/anchore/2024/CVE-2024-0385.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "wordfence", + "cveId": "CVE-2024-0385", + "description": "The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxAddCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to add categories.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://plugins.trac.wordpress.org/changeset/3034410/categorify", + "https://www.wordfence.com/threat-intel/vulnerabilities/id/1c7c74cf-a109-4f77-a740-5a43ccd4e96a?source=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:frenify:categorify:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "categorify", + "packageType": "wordpress-plugin", + "product": "Categorify – WordPress Media Library Category & File Manager", + "vendor": "frenify", + "versions": [ + { + "lessThan": "1.0.7.5", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-1041.json b/data/anchore/2024/CVE-2024-1041.json new file mode 100644 index 00000000..d5989e5f --- /dev/null +++ b/data/anchore/2024/CVE-2024-1041.json @@ -0,0 +1,39 @@ +{ + "additionalMetadata": { + "cna": "wordfence", + "cveId": "CVE-2024-1041", + "description": "The WP Radio – Worldwide Online Radio Stations Directory for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings in all versions up to, and including, 3.1.9 due to insufficient input sanitization and output escaping as well as insufficient access control on the settings. This makes it possible for authenticated attackers, with subscriber access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://wordpress.org/plugins/wp-radio/", + "https://www.wordfence.com/threat-intel/vulnerabilities/id/486ffdc9-a3e7-4f4c-89b1-b668a5d41aa5?source=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:wpmilitary:wp_radio:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "wp-radio", + "packageType": "wordpress-plugin", + "product": "WP Radio – Worldwide Online Radio Stations Directory for WordPress", + "repo": "https://plugins.svn.wordpress.org/rating-widget", + "vendor": "princeahmed", + "versions": [ + { + "lessThanOrEqual": "3.1.9", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-1042.json b/data/anchore/2024/CVE-2024-1042.json new file mode 100644 index 00000000..bfc3d6f5 --- /dev/null +++ b/data/anchore/2024/CVE-2024-1042.json @@ -0,0 +1,39 @@ +{ + "additionalMetadata": { + "cna": "wordfence", + "cveId": "CVE-2024-1042", + "description": "The WP Radio – Worldwide Online Radio Stations Directory for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 3.1.9. This makes it possible for authenticated attackers, with subscriber access and above, to import radio stations, remove countries, and modify the plugin's settings, which can lead to Cross-Site Scripting, tracked separately in CVE-2024-1041.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://wordpress.org/plugins/wp-radio/", + "https://www.wordfence.com/threat-intel/vulnerabilities/id/b46e9771-37ff-4825-9af9-02ecde424653?source=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:wpmilitary:wp_radio:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "wp-radio", + "packageType": "wordpress-plugin", + "product": "WP Radio – Worldwide Online Radio Stations Directory for WordPress", + "repo": "https://plugins.svn.wordpress.org/rating-widget", + "vendor": "princeahmed", + "versions": [ + { + "lessThanOrEqual": "3.1.9", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-1649.json b/data/anchore/2024/CVE-2024-1649.json new file mode 100644 index 00000000..b4bd11a4 --- /dev/null +++ b/data/anchore/2024/CVE-2024-1649.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "wordfence", + "cveId": "CVE-2024-1649", + "description": "The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxDeleteCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete categories.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://plugins.trac.wordpress.org/changeset/3034410/categorify", + "https://www.wordfence.com/threat-intel/vulnerabilities/id/c63ddc62-a4f1-4da4-a65e-4573369d6c30?source=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:frenify:categorify:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "categorify", + "packageType": "wordpress-plugin", + "product": "Categorify – WordPress Media Library Category & File Manager", + "vendor": "frenify", + "versions": [ + { + "lessThan": "1.0.7.5", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-1650.json b/data/anchore/2024/CVE-2024-1650.json new file mode 100644 index 00000000..0913e951 --- /dev/null +++ b/data/anchore/2024/CVE-2024-1650.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "wordfence", + "cveId": "CVE-2024-1650", + "description": "The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxRenameCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to rename categories.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://plugins.trac.wordpress.org/changeset/3034410/categorify", + "https://www.wordfence.com/threat-intel/vulnerabilities/id/f9a3dc87-5309-41fe-bfc3-60b5878b6c57?source=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:frenify:categorify:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "categorify", + "packageType": "wordpress-plugin", + "product": "Categorify – WordPress Media Library Category & File Manager", + "vendor": "frenify", + "versions": [ + { + "lessThan": "1.0.7.5", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-1652.json b/data/anchore/2024/CVE-2024-1652.json new file mode 100644 index 00000000..653e5bab --- /dev/null +++ b/data/anchore/2024/CVE-2024-1652.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "wordfence", + "cveId": "CVE-2024-1652", + "description": "The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxClearCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to clear categories.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://plugins.trac.wordpress.org/changeset/3034410/categorify", + "https://www.wordfence.com/threat-intel/vulnerabilities/id/acccc6ae-553d-4ed5-8ba9-06a9061d725c?source=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:frenify:categorify:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "categorify", + "packageType": "wordpress-plugin", + "product": "Categorify – WordPress Media Library Category & File Manager", + "vendor": "frenify", + "versions": [ + { + "lessThan": "1.0.7.5", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-1653.json b/data/anchore/2024/CVE-2024-1653.json new file mode 100644 index 00000000..d5f49b76 --- /dev/null +++ b/data/anchore/2024/CVE-2024-1653.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "wordfence", + "cveId": "CVE-2024-1653", + "description": "The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxUpdateFolderPosition in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the folder position of categories as well as update the metadata of other taxonomies.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://plugins.trac.wordpress.org/changeset/3034410/categorify", + "https://www.wordfence.com/threat-intel/vulnerabilities/id/45badd20-1ba8-44be-8a7c-2ce21261e208?source=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:frenify:categorify:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "categorify", + "packageType": "wordpress-plugin", + "product": "Categorify – WordPress Media Library Category & File Manager", + "vendor": "frenify", + "versions": [ + { + "lessThan": "1.0.7.5", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-1697.json b/data/anchore/2024/CVE-2024-1697.json new file mode 100644 index 00000000..05acde8d --- /dev/null +++ b/data/anchore/2024/CVE-2024-1697.json @@ -0,0 +1,39 @@ +{ + "additionalMetadata": { + "cna": "wordfence", + "cveId": "CVE-2024-1697", + "description": "The Custom WooCommerce Checkout Fields Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the save_wcfe_options function in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://plugins.trac.wordpress.org/browser/add-fields-to-checkout-page-woocommerce/tags/1.2.9/classes/class-wc-checkout-field-editor.php#L1775", + "https://plugins.trac.wordpress.org/browser/add-fields-to-checkout-page-woocommerce/tags/1.3.2/classes/class-wc-checkout-field-editor.php#L1788", + "https://www.wordfence.com/threat-intel/vulnerabilities/id/9a92f44b-6f2b-439c-8245-ace189740425?source=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:themelocation:add_fields_to_checkout_page_woocommerce:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "add-fields-to-checkout-page-woocommerce", + "packageType": "wordpress-plugin", + "product": "Custom WooCommerce Checkout Fields Editor", + "vendor": "themelocation", + "versions": [ + { + "lessThan": "1.3.2", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-1906.json b/data/anchore/2024/CVE-2024-1906.json new file mode 100644 index 00000000..65e25574 --- /dev/null +++ b/data/anchore/2024/CVE-2024-1906.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "wordfence", + "cveId": "CVE-2024-1906", + "description": "The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxAddCategory function. This makes it possible for unauthenticated attackers to add categories via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://plugins.trac.wordpress.org/changeset/3034410/categorify", + "https://www.wordfence.com/threat-intel/vulnerabilities/id/78422a30-bdc6-4e7c-a018-c3dc4b4be6a0?source=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:frenify:categorify:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "categorify", + "packageType": "wordpress-plugin", + "product": "Categorify – WordPress Media Library Category & File Manager", + "vendor": "frenify", + "versions": [ + { + "lessThan": "1.0.7.5", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-1907.json b/data/anchore/2024/CVE-2024-1907.json new file mode 100644 index 00000000..6f81e217 --- /dev/null +++ b/data/anchore/2024/CVE-2024-1907.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "wordfence", + "cveId": "CVE-2024-1907", + "description": "The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxDeleteCategory function. This makes it possible for unauthenticated attackers to delete categories via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://plugins.trac.wordpress.org/changeset/3034410/categorify", + "https://www.wordfence.com/threat-intel/vulnerabilities/id/08c79118-9dad-44fd-b683-7950276d3808?source=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:frenify:categorify:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "categorify", + "packageType": "wordpress-plugin", + "product": "Categorify – WordPress Media Library Category & File Manager", + "vendor": "frenify", + "versions": [ + { + "lessThan": "1.0.7.5", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-1909.json b/data/anchore/2024/CVE-2024-1909.json new file mode 100644 index 00000000..26011935 --- /dev/null +++ b/data/anchore/2024/CVE-2024-1909.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "wordfence", + "cveId": "CVE-2024-1909", + "description": "The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxRenameCategory function. This makes it possible for unauthenticated attackers to rename categories via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://plugins.trac.wordpress.org/changeset/3034410/categorify", + "https://www.wordfence.com/threat-intel/vulnerabilities/id/58b29729-e9c3-4d57-affd-6142dfa8cc6f?source=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:frenify:categorify:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "categorify", + "packageType": "wordpress-plugin", + "product": "Categorify – WordPress Media Library Category & File Manager", + "vendor": "frenify", + "versions": [ + { + "lessThan": "1.0.7.5", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-1910.json b/data/anchore/2024/CVE-2024-1910.json new file mode 100644 index 00000000..8a6b06c6 --- /dev/null +++ b/data/anchore/2024/CVE-2024-1910.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "wordfence", + "cveId": "CVE-2024-1910", + "description": "The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxClearCategory function. This makes it possible for unauthenticated attackers to clear categories via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://plugins.trac.wordpress.org/changeset/3034410/categorify", + "https://www.wordfence.com/threat-intel/vulnerabilities/id/b1c2712d-0865-4759-98da-1e11a26f2466?source=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:frenify:categorify:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "categorify", + "packageType": "wordpress-plugin", + "product": "Categorify – WordPress Media Library Category & File Manager", + "vendor": "frenify", + "versions": [ + { + "lessThan": "1.0.7.5", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-1912.json b/data/anchore/2024/CVE-2024-1912.json new file mode 100644 index 00000000..3afe2e4d --- /dev/null +++ b/data/anchore/2024/CVE-2024-1912.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "wordfence", + "cveId": "CVE-2024-1912", + "description": "The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxUpdateFolderPosition function. This makes it possible for unauthenticated attackers to update the folder position of categories as well as update the metadata of other taxonomies via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://plugins.trac.wordpress.org/changeset/3034410/categorify", + "https://www.wordfence.com/threat-intel/vulnerabilities/id/6ca28c91-f75e-4691-91cf-459cc9da5ad8?source=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:frenify:categorify:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "categorify", + "packageType": "wordpress-plugin", + "product": "Categorify – WordPress Media Library Category & File Manager", + "vendor": "frenify", + "versions": [ + { + "lessThan": "1.0.7.5", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-24826.json b/data/anchore/2024/CVE-2024-24826.json index e7324c03..806bab1c 100644 --- a/data/anchore/2024/CVE-2024-24826.json +++ b/data/anchore/2024/CVE-2024-24826.json @@ -11,9 +11,12 @@ "adp": { "affected": [ { + "collectionURL": "https://pypi.org", "cpes": [ - "cpe:2.3:a:exiv2:exiv2:*:*:*:*:*:*:*:*" + "cpe:2.3:a:exiv2:exiv2:*:*:*:*:*:python:*:*" ], + "packageName": "exiv2", + "packageType": "python", "product": "exiv2", "vendor": "Exiv2", "versions": [ @@ -21,7 +24,7 @@ "lessThan": "0.28.2", "status": "affected", "version": "0.28.0", - "versionType": "custom" + "versionType": "python" } ] } diff --git a/data/anchore/2024/CVE-2024-25112.json b/data/anchore/2024/CVE-2024-25112.json index 9006a12a..4091287f 100644 --- a/data/anchore/2024/CVE-2024-25112.json +++ b/data/anchore/2024/CVE-2024-25112.json @@ -11,9 +11,12 @@ "adp": { "affected": [ { + "collectionURL": "https://pypi.org", "cpes": [ - "cpe:2.3:a:exiv2:exiv2:*:*:*:*:*:*:*:*" + "cpe:2.3:a:exiv2:exiv2:*:*:*:*:*:python:*:*" ], + "packageName": "exiv2", + "packageType": "python", "product": "exiv2", "vendor": "Exiv2", "versions": [ @@ -21,7 +24,7 @@ "lessThan": "0.28.2", "status": "affected", "version": "0.28.0", - "versionType": "custom" + "versionType": "python" } ] } diff --git a/data/anchore/2024/CVE-2024-30518.json b/data/anchore/2024/CVE-2024-30518.json new file mode 100644 index 00000000..732bfc20 --- /dev/null +++ b/data/anchore/2024/CVE-2024-30518.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-30518", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in ThemeLocation Custom WooCommerce Checkout Fields Editor.This issue affects Custom WooCommerce Checkout Fields Editor: from n/a through 1.3.0.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/add-fields-to-checkout-page-woocommerce/wordpress-custom-woocommerce-checkout-fields-editor-plugin-1-3-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 1.3.1 or a higher version." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:greentreelabs:gallery_photoblocks:*:*:*:*:*:wordpress:*:*", + "cpe:2.3:a:wpchill:gallery_photoblocks:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "add-fields-to-checkout-page-woocommerce", + "packageType": "wordpress-plugin", + "product": "Custom WooCommerce Checkout Fields Editor", + "repo": "https://plugins.svn.wordpress.org/add-fields-to-checkout-page-woocommerce", + "vendor": "ThemeLocation", + "versions": [ + { + "lessThan": "1.3.1", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/698c8c4e-77ca-491c-bdd5-4a3d3b99b1b4?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-3288.json b/data/anchore/2024/CVE-2024-3288.json index 0baa6565..46f3e9a4 100644 --- a/data/anchore/2024/CVE-2024-3288.json +++ b/data/anchore/2024/CVE-2024-3288.json @@ -18,6 +18,7 @@ "packageName": "logo-slider-wp", "packageType": "wordpress-plugin", "product": "Logo Slider", + "vendor": "logichunt", "versions": [ { "lessThan": "4.0.0", diff --git a/data/anchore/2024/CVE-2024-33956.json b/data/anchore/2024/CVE-2024-33956.json new file mode 100644 index 00000000..859e5fc4 --- /dev/null +++ b/data/anchore/2024/CVE-2024-33956.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-33956", + "description": "Missing Authorization vulnerability in ThemeLocation Custom WooCommerce Checkout Fields Editor.This issue affects Custom WooCommerce Checkout Fields Editor: from n/a through 1.3.0.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/add-fields-to-checkout-page-woocommerce/wordpress-custom-woocommerce-checkout-fields-editor-plugin-1-3-0-broken-access-control-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 1.3.2 or a higher version." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:greentreelabs:gallery_photoblocks:*:*:*:*:*:wordpress:*:*", + "cpe:2.3:a:wpchill:gallery_photoblocks:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "add-fields-to-checkout-page-woocommerce", + "packageType": "wordpress-plugin", + "product": "Custom WooCommerce Checkout Fields Editor", + "repo": "https://plugins.svn.wordpress.org/add-fields-to-checkout-page-woocommerce", + "vendor": "ThemeLocation", + "versions": [ + { + "lessThan": "1.3.2", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a0320c16-de32-484f-b17c-5acf0144a373?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-4082.json b/data/anchore/2024/CVE-2024-4082.json new file mode 100644 index 00000000..3030af9a --- /dev/null +++ b/data/anchore/2024/CVE-2024-4082.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "wordfence", + "cveId": "CVE-2024-4082", + "description": "The Joli FAQ SEO – WordPress FAQ Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.2. This is due to missing or incorrect nonce validation when saving settings. This makes it possible for unauthenticated attackers to change the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3081648%40joli-faq-seo%2Ftrunk&old=3076380%40joli-faq-seo%2Ftrunk&sfp_email=&sfph_mail=", + "https://www.wordfence.com/threat-intel/vulnerabilities/id/c45b6163-7ebf-4f18-afd6-735d02d9170d?source=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:wpjoli:joli_faq_seo:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "joli-faq-seo", + "packageType": "wordpress-plugin", + "product": "Joli FAQ SEO – WordPress FAQ Plugin", + "vendor": "wpjoli", + "versions": [ + { + "lessThan": "1.3.3", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-43997.json b/data/anchore/2024/CVE-2024-43997.json new file mode 100644 index 00000000..8a843f22 --- /dev/null +++ b/data/anchore/2024/CVE-2024-43997.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-43997", + "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in easy.Jobs EasyJobs allows Reflected XSS.This issue affects EasyJobs: from n/a through 2.4.14.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/easyjobs/wordpress-easy-jobs-best-recruitment-plugin-for-job-board-listing-manager-career-page-for-elementor-gutenberg-plugin-2-4-14-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 2.4.15 or a higher version." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:easy.jobs:easy.jobs:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "easyjobs", + "packageType": "wordpress-plugin", + "product": "EasyJobs", + "repo": "https://plugins.svn.wordpress.org/easyjobs", + "vendor": "easy.jobs", + "versions": [ + { + "lessThan": "2.4.15", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ce96ab3a-a8a4-44a3-80ce-3a3ec419db47?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-44033.json b/data/anchore/2024/CVE-2024-44033.json new file mode 100644 index 00000000..b8a7354c --- /dev/null +++ b/data/anchore/2024/CVE-2024-44033.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-44033", + "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NicheAddons Primary Addon for Elementor allows Stored XSS.This issue affects Primary Addon for Elementor: from n/a through 1.5.7.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/primary-addon-for-elementor/wordpress-primary-addon-for-elementor-plugin-1-5-7-cross-site-scripting-xss-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 1.5.8 or a higher version." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:limbcode:limb-gallery:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "primary-addon-for-elementor", + "packageType": "wordpress-plugin", + "product": "Primary Addon for Elementor", + "repo": "https://plugins.svn.wordpress.org/primary-addon-for-elementor", + "vendor": "NicheAddons", + "versions": [ + { + "lessThan": "1.5.8", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8ffb789a-409f-4771-a5e1-2643b6aeadf8?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47304.json b/data/anchore/2024/CVE-2024-47304.json new file mode 100644 index 00000000..b555355b --- /dev/null +++ b/data/anchore/2024/CVE-2024-47304.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-47304", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPManageNinja LLC Fluent Support allows SQL Injection.This issue affects Fluent Support: from n/a through 1.8.0.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/fluent-support/wordpress-fluent-support-plugin-1-8-0-sql-injection-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 1.8.1 or a higher version." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:wpmanageninja:fluent_support:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "fluent-support", + "packageType": "wordpress-plugin", + "product": "Fluent Support", + "repo": "https://plugins.svn.wordpress.org/fluent-support", + "vendor": "WPManageNinja LLC", + "versions": [ + { + "lessThan": "1.8.1", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b78985ad-37e5-4eb3-b3aa-716972423848?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47312.json b/data/anchore/2024/CVE-2024-47312.json new file mode 100644 index 00000000..1869fd0b --- /dev/null +++ b/data/anchore/2024/CVE-2024-47312.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-47312", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPGrim Classic Editor and Classic Widgets allows SQL Injection.This issue affects Classic Editor and Classic Widgets: from n/a through 1.4.1.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/classic-editor-and-classic-widgets/wordpress-classic-editor-and-classic-widgets-plugin-1-4-1-sql-injection-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 1.4.2 or a higher version." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:wpgrim:classic_editor_and_classic_widgets:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "classic-editor-and-classic-widgets", + "packageType": "wordpress-plugin", + "product": "Classic Editor and Classic Widgets", + "repo": "https://plugins.svn.wordpress.org/classic-editor-and-classic-widgets", + "vendor": "WPGrim", + "versions": [ + { + "lessThan": "1.4.2", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/24741fa0-5075-445b-91fe-d896a9101b45?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47459.json b/data/anchore/2024/CVE-2024-47459.json new file mode 100644 index 00000000..7528cbe2 --- /dev/null +++ b/data/anchore/2024/CVE-2024-47459.json @@ -0,0 +1,34 @@ +{ + "additionalMetadata": { + "cna": "adobe", + "cveId": "CVE-2024-47459", + "description": "Substance3D - Sampler versions 4.5 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS) condition. An attacker could exploit this vulnerability to crash the application, resulting in a DoS. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://helpx.adobe.com/security/products/substance3d-sampler/apsb24-65.html" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:adobe:substance_3d_sampler:*:*:*:*:*:*:*:*" + ], + "product": "Substance3D - Sampler", + "vendor": "Adobe", + "versions": [ + { + "lessThan": "4.5.1", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-48021.json b/data/anchore/2024/CVE-2024-48021.json new file mode 100644 index 00000000..276fe40c --- /dev/null +++ b/data/anchore/2024/CVE-2024-48021.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-48021", + "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Scott Paterson Contact Form 7 – PayPal & Stripe Add-on allows Reflected XSS.This issue affects Contact Form 7 – PayPal & Stripe Add-on: from n/a through 2.3.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/contact-form-7-paypal-add-on/wordpress-contact-form-7-paypal-stripe-add-on-plugin-2-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 2.3.1 or a higher version." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:wpplugin:paypal_\\&_stripe_add-on:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "contact-form-7-paypal-add-on", + "packageType": "wordpress-plugin", + "product": "Contact Form 7 – PayPal & Stripe Add-on", + "repo": "https://plugins.svn.wordpress.org/contact-form-7-paypal-add-on", + "vendor": "Scott Paterson", + "versions": [ + { + "lessThan": "2.3.1", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/25a9fd76-15aa-43f9-bb11-9825b847a4e3?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-48024.json b/data/anchore/2024/CVE-2024-48024.json new file mode 100644 index 00000000..47d256ac --- /dev/null +++ b/data/anchore/2024/CVE-2024-48024.json @@ -0,0 +1,43 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-48024", + "description": ": Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Fahad Mahmood Keep Backup Daily allows Retrieve Embedded Sensitive Data.This issue affects Keep Backup Daily: from n/a through 2.0.7.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/keep-backup-daily/wordpress-keep-backup-daily-plugin-2-0-7-sensitive-data-exposure-vulnerability?_s_id=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:androidbubbles:keep_backup_daily:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "keep-backup-daily", + "packageType": "wordpress-plugin", + "product": "Keep Backup Daily", + "repo": "https://plugins.svn.wordpress.org/keep-backup-daily", + "vendor": "Fahad Mahmood", + "versions": [ + { + "lessThanOrEqual": "2.0.7", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8b007bf9-9756-4f18-81b9-7d4b15c5dca8?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-48036.json b/data/anchore/2024/CVE-2024-48036.json new file mode 100644 index 00000000..a0eed7fe --- /dev/null +++ b/data/anchore/2024/CVE-2024-48036.json @@ -0,0 +1,41 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-48036", + "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SKT Themes SKT Blocks – Gutenberg based Page Builder allows Stored XSS.This issue affects SKT Blocks – Gutenberg based Page Builder: from n/a through 1.6.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/skt-blocks/wordpress-skt-blocks-plugin-1-6-cross-site-scripting-xss-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 1.7 or a higher version." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:sktthemes:skt_blocks:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "skt-blocks", + "packageType": "wordpress-plugin", + "product": "SKT Blocks – Gutenberg based Page Builder", + "repo": "https://plugins.svn.wordpress.org/skt-blocks", + "vendor": "SKT Themes", + "versions": [ + { + "lessThan": "1.7", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-48037.json b/data/anchore/2024/CVE-2024-48037.json new file mode 100644 index 00000000..ce92a170 --- /dev/null +++ b/data/anchore/2024/CVE-2024-48037.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-48037", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Contact Form Widget allows Cross Site Request Forgery.This issue affects Contact Form Widget: from n/a through 1.4.2.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/new-contact-form-widget/wordpress-contact-form-widget-contact-query-contact-page-form-maker-query-table-plugin-1-4-2-csrf-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 1.4.3 or a higher version." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:awplife:contact_form_widget:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "new-contact-form-widget", + "packageType": "wordpress-plugin", + "product": "Contact Form Widget", + "repo": "https://plugins.svn.wordpress.org/new-contact-form-widget", + "vendor": "A WP Life", + "versions": [ + { + "lessThan": "1.4.3", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cbb5e80a-4dfe-429c-96c1-7fab52e0ce21?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-48046.json b/data/anchore/2024/CVE-2024-48046.json new file mode 100644 index 00000000..2d79a8f3 --- /dev/null +++ b/data/anchore/2024/CVE-2024-48046.json @@ -0,0 +1,41 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-48046", + "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Supsystic Contact Form by Supsystic allows Stored XSS.This issue affects Contact Form by Supsystic: from n/a through 1.7.28.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/contact-form-by-supsystic/wordpress-contact-form-by-supsystic-plugin-1-7-28-cross-site-scripting-xss-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 1.7.29 or a higher version." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:supsystic:contact_form:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "contact-form-by-supsystic", + "packageType": "wordpress-plugin", + "product": "Contact Form by Supsystic", + "repo": "https://plugins.svn.wordpress.org/contact-form-by-supsystic", + "vendor": "Supsystic", + "versions": [ + { + "lessThan": "1.7.29", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-49248.json b/data/anchore/2024/CVE-2024-49248.json new file mode 100644 index 00000000..bbaa6ca8 --- /dev/null +++ b/data/anchore/2024/CVE-2024-49248.json @@ -0,0 +1,42 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-49248", + "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Igor Funa Ad Inserter allows Reflected XSS.This issue affects Ad Inserter: from n/a through 2.7.37.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/ad-inserter/wordpress-ad-inserter-plugin-2-7-37-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 2.7.38 or a higher version." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:ad_inserter_project:ad_inserter:*:*:*:*:*:wordpress:*:*", + "cpe:2.3:a:ad_inserter_project:ad_inserter:*:*:*:*:free:wordpress:*:*" + ], + "packageName": "ad-inserter", + "packageType": "wordpress-plugin", + "product": "Ad Inserter", + "repo": "https://plugins.svn.wordpress.org/ad-inserter", + "vendor": "Igor Funa", + "versions": [ + { + "lessThan": "2.7.38", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-49259.json b/data/anchore/2024/CVE-2024-49259.json new file mode 100644 index 00000000..2877f588 --- /dev/null +++ b/data/anchore/2024/CVE-2024-49259.json @@ -0,0 +1,41 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-49259", + "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NicheAddons Primary Addon for Elementor allows Stored XSS.This issue affects Primary Addon for Elementor: from n/a through 1.5.8.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/primary-addon-for-elementor/wordpress-primary-addon-for-elementor-plugin-1-5-8-cross-site-scripting-xss-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 1.5.9 or a higher version." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:limbcode:limb-gallery:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "primary-addon-for-elementor", + "packageType": "wordpress-plugin", + "product": "Primary Addon for Elementor", + "repo": "https://plugins.svn.wordpress.org/primary-addon-for-elementor", + "vendor": "NicheAddons", + "versions": [ + { + "lessThan": "1.5.9", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-49263.json b/data/anchore/2024/CVE-2024-49263.json new file mode 100644 index 00000000..0a28aeaa --- /dev/null +++ b/data/anchore/2024/CVE-2024-49263.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-49263", + "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Takashi Matsuyama My Favorites allows Stored XSS.This issue affects My Favorites: from n/a through 1.4.1.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/my-favorites/wordpress-my-favorites-plugin-1-4-1-cross-site-scripting-xss-vulnerability-2?_s_id=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:takashimatsuyama:my_favorites:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "my-favorites", + "packageType": "wordpress-plugin", + "product": "My Favorites", + "repo": "https://plugins.svn.wordpress.org/my-favorites", + "vendor": "Takashi Matsuyama", + "versions": [ + { + "lessThanOrEqual": "1.4.1", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-49264.json b/data/anchore/2024/CVE-2024-49264.json new file mode 100644 index 00000000..96a94148 --- /dev/null +++ b/data/anchore/2024/CVE-2024-49264.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-49264", + "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NicheAddons Events Addon for Elementor allows Stored XSS.This issue affects Events Addon for Elementor: from n/a through 2.2.0.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/events-addon-for-elementor/wordpress-events-addon-for-elementor-plugin-2-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:nicheaddons:events_addon_for_elementor:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "events-addon-for-elementor", + "packageType": "wordpress-plugin", + "product": "Events Addon for Elementor", + "repo": "https://plugins.svn.wordpress.org/events-addon-for-elementor", + "vendor": "NicheAddons", + "versions": [ + { + "lessThanOrEqual": "2.2.0", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-49276.json b/data/anchore/2024/CVE-2024-49276.json new file mode 100644 index 00000000..e707e975 --- /dev/null +++ b/data/anchore/2024/CVE-2024-49276.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-49276", + "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themis Solutions, Inc. Clio Grow allows Reflected XSS.This issue affects Clio Grow: from n/a through 1.0.2.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/clio-grow-form/wordpress-clio-grow-plugin-1-0-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:clio:clio_grow:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "clio-grow-form", + "packageType": "wordpress-plugin", + "product": "Clio Grow", + "repo": "https://plugins.svn.wordpress.org/clio-grow-form", + "vendor": "Themis Solutions, Inc.", + "versions": [ + { + "lessThanOrEqual": "1.0.2", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-49277.json b/data/anchore/2024/CVE-2024-49277.json new file mode 100644 index 00000000..8f93d3d3 --- /dev/null +++ b/data/anchore/2024/CVE-2024-49277.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-49277", + "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CodeAstrology Team UltraAddons Elementor Lite allows Stored XSS.This issue affects UltraAddons Elementor Lite: from n/a through 1.1.8.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/ultraaddons-elementor-lite/wordpress-ultraaddons-elementor-addons-plugin-1-1-8-cross-site-scripting-xss-vulnerability?_s_id=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:codeastrology:ultraaddons:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "ultraaddons-elementor-lite", + "packageType": "wordpress-plugin", + "product": "UltraAddons Elementor Lite", + "repo": "https://plugins.svn.wordpress.org/ultraaddons-elementor-lite", + "vendor": "CodeAstrology Team", + "versions": [ + { + "lessThanOrEqual": "1.1.8", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-49282.json b/data/anchore/2024/CVE-2024-49282.json new file mode 100644 index 00000000..37e7632b --- /dev/null +++ b/data/anchore/2024/CVE-2024-49282.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-49282", + "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in dFactory Responsive Lightbox allows Stored XSS.This issue affects Responsive Lightbox: from n/a through 2.4.8.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/responsive-lightbox/wordpress-responsive-lightbox-gallery-plugin-2-4-8-cross-site-scripting-xss-vulnerability?_s_id=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:dfactory:responsive_lightbox:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "responsive-lightbox", + "packageType": "wordpress-plugin", + "product": "Responsive Lightbox", + "repo": "https://plugins.svn.wordpress.org/responsive-lightbox", + "vendor": "dFactory", + "versions": [ + { + "lessThanOrEqual": "2.4.8", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-49283.json b/data/anchore/2024/CVE-2024-49283.json new file mode 100644 index 00000000..5626f18b --- /dev/null +++ b/data/anchore/2024/CVE-2024-49283.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-49283", + "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in VillaTheme CURCY allows Reflected XSS.This issue affects CURCY: from n/a through 2.2.3.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/woo-multi-currency/wordpress-curcy-plugin-2-2-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:villatheme:curcy:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "woo-multi-currency", + "packageType": "wordpress-plugin", + "product": "CURCY", + "repo": "https://plugins.svn.wordpress.org/woo-multi-currency", + "vendor": "VillaTheme", + "versions": [ + { + "lessThanOrEqual": "2.2.3", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-49289.json b/data/anchore/2024/CVE-2024-49289.json new file mode 100644 index 00000000..1ba2e1e1 --- /dev/null +++ b/data/anchore/2024/CVE-2024-49289.json @@ -0,0 +1,37 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-49289", + "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gora Tech LLC Cooked Pro allows Stored XSS.This issue affects Cooked Pro: from n/a before 1.8.0.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/cooked-pro/wordpress-cooked-pro-plugin-1-8-0-cross-site-scripting-xss-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 1.8.0 or a higher version." + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:boxystudio:cooked:*:*:*:*:pro:wordpress:*:*" + ], + "product": "Cooked Pro", + "vendor": "Gora Tech LLC", + "versions": [ + { + "lessThan": "1.8.0", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-49291.json b/data/anchore/2024/CVE-2024-49291.json new file mode 100644 index 00000000..ee844c25 --- /dev/null +++ b/data/anchore/2024/CVE-2024-49291.json @@ -0,0 +1,37 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-49291", + "description": "Unrestricted Upload of File with Dangerous Type vulnerability in Gora Tech LLC Cooked Pro.This issue affects Cooked Pro: from n/a before 1.8.0.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/cooked-pro/wordpress-cooked-pro-plugin-1-8-0-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 1.8.0 or a higher version." + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:boxystudio:cooked:*:*:*:*:pro:wordpress:*:*" + ], + "product": "Cooked Pro", + "vendor": "Gora Tech LLC", + "versions": [ + { + "lessThan": "1.8.0", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-49292.json b/data/anchore/2024/CVE-2024-49292.json new file mode 100644 index 00000000..c99742df --- /dev/null +++ b/data/anchore/2024/CVE-2024-49292.json @@ -0,0 +1,42 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-49292", + "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Exclusive Addons Exclusive Addons Elementor allows Stored XSS.This issue affects Exclusive Addons Elementor: from n/a through 2.7.1.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/exclusive-addons-for-elementor/wordpress-exclusive-addons-for-elementor-plugin-2-7-1-cross-site-scripting-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 2.7.2 or a higher version." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:devscred:exclusive_addons_for_elementor:*:*:*:*:*:wordpress:*:*", + "cpe:2.3:a:exclusiveaddons:exclusive_addons_for_elementor:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "exclusive-addons-for-elementor", + "packageType": "wordpress-plugin", + "product": "Exclusive Addons Elementor", + "repo": "https://plugins.svn.wordpress.org/exclusive-addons-for-elementor", + "vendor": "Exclusive Addons", + "versions": [ + { + "lessThan": "2.7.2", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-49295.json b/data/anchore/2024/CVE-2024-49295.json new file mode 100644 index 00000000..62f38bf2 --- /dev/null +++ b/data/anchore/2024/CVE-2024-49295.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-49295", + "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PressTigers Simple Testimonials Showcase.This issue affects Simple Testimonials Showcase: from n/a through 1.1.6.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/simple-testimonials-showcase/wordpress-simple-testimonials-showcase-plugin-1-1-6-cross-site-scripting-xss-vulnerability?_s_id=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:presstigers:simple_testimonials_showcase:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "simple-testimonials-showcase", + "packageType": "wordpress-plugin", + "product": "Simple Testimonials Showcase", + "repo": "https://plugins.svn.wordpress.org/simple-testimonials-showcase", + "vendor": "PressTigers", + "versions": [ + { + "lessThanOrEqual": "1.1.6", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-49297.json b/data/anchore/2024/CVE-2024-49297.json new file mode 100644 index 00000000..964e2216 --- /dev/null +++ b/data/anchore/2024/CVE-2024-49297.json @@ -0,0 +1,39 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-49297", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zoho CRM Zoho CRM Lead Magnet allows SQL Injection.This issue affects Zoho CRM Lead Magnet: from n/a through 1.7.9.0.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/zoho-crm-forms/wordpress-zoho-crm-lead-magnet-plugin-1-7-9-0-sql-injection-vulnerability?_s_id=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:zoho:lead_magnet:*:*:*:*:*:wordpress:*:*", + "cpe:2.3:a:zohocorp:zoho_crm_lead_magnet:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "zoho-crm-forms", + "packageType": "wordpress-plugin", + "product": "Zoho CRM Lead Magnet", + "repo": "https://plugins.svn.wordpress.org/zoho-crm-forms", + "vendor": "Zoho CRM", + "versions": [ + { + "lessThanOrEqual": "1.7.9.0", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-49304.json b/data/anchore/2024/CVE-2024-49304.json new file mode 100644 index 00000000..8737f611 --- /dev/null +++ b/data/anchore/2024/CVE-2024-49304.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-49304", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in PINPOINT.WORLD Pinpoint Booking System allows Stored XSS.This issue affects Pinpoint Booking System: from n/a through 2.9.9.5.1.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/booking-system/wordpress-pinpoint-booking-system-plugin-2-9-9-5-1-cross-site-scripting-xss-vulnerability?_s_id=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:pinpoint:pinpoint_booking_system:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "booking-system", + "packageType": "wordpress-plugin", + "product": "Pinpoint Booking System", + "repo": "https://plugins.svn.wordpress.org/booking-system", + "vendor": "PINPOINT.WORLD", + "versions": [ + { + "lessThanOrEqual": "2.9.9.5.1", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-49307.json b/data/anchore/2024/CVE-2024-49307.json new file mode 100644 index 00000000..a45ee9a5 --- /dev/null +++ b/data/anchore/2024/CVE-2024-49307.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-49307", + "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Oliver Schlöbe Admin Management Xtended allows Stored XSS.This issue affects Admin Management Xtended: from n/a through 2.4.6.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/admin-management-xtended/wordpress-admin-management-xtended-plugin-2-4-6-cross-site-scripting-xss-vulnerability?_s_id=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:admin_management_xtended_project:admin_management_xtended:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "admin-management-xtended", + "packageType": "wordpress-plugin", + "product": "Admin Management Xtended", + "repo": "https://plugins.svn.wordpress.org/admin-management-xtended", + "vendor": "Oliver Schlöbe", + "versions": [ + { + "lessThanOrEqual": "2.4.6", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-49309.json b/data/anchore/2024/CVE-2024-49309.json new file mode 100644 index 00000000..8db900b4 --- /dev/null +++ b/data/anchore/2024/CVE-2024-49309.json @@ -0,0 +1,37 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-49309", + "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Digitally allows Reflected XSS.This issue affects Digitally: from n/a through 1.0.8.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/digitally/wordpress-digitally-theme-1-0-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/themes", + "cpes": [ + "cpe:2.3:a:omarfolgheraiter:digitally:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "digitally", + "packageType": "wordpress-theme", + "product": "Digitally", + "repo": "https://themes.svn.wordpress.org/digitally", + "versions": [ + { + "lessThanOrEqual": "1.0.8", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-49310.json b/data/anchore/2024/CVE-2024-49310.json new file mode 100644 index 00000000..e235884c --- /dev/null +++ b/data/anchore/2024/CVE-2024-49310.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-49310", + "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themesflat Themesflat Addons For Elementor allows Stored XSS.This issue affects Themesflat Addons For Elementor: from n/a through 2.2.0.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/themesflat-addons-for-elementor/wordpress-themesflat-addons-for-elementor-plugin-2-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:themesflat:themesflat_addons_for_elementor:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "themesflat-addons-for-elementor", + "packageType": "wordpress-plugin", + "product": "Themesflat Addons For Elementor", + "repo": "https://plugins.svn.wordpress.org/themesflat-addons-for-elementor", + "vendor": "Themesflat", + "versions": [ + { + "lessThanOrEqual": "2.2.0", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-49311.json b/data/anchore/2024/CVE-2024-49311.json new file mode 100644 index 00000000..df48623a --- /dev/null +++ b/data/anchore/2024/CVE-2024-49311.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-49311", + "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WisdmLabs Edwiser Bridge allows Stored XSS.This issue affects Edwiser Bridge: from n/a through 3.0.7.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/edwiser-bridge/wordpress-edwiser-bridge-plugin-3-0-7-cross-site-scripting-xss-vulnerability?_s_id=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:edwiser:bridge:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "edwiser-bridge", + "packageType": "wordpress-plugin", + "product": "Edwiser Bridge", + "repo": "https://plugins.svn.wordpress.org/edwiser-bridge", + "vendor": "WisdmLabs", + "versions": [ + { + "lessThanOrEqual": "3.0.7", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-49312.json b/data/anchore/2024/CVE-2024-49312.json new file mode 100644 index 00000000..3b05e051 --- /dev/null +++ b/data/anchore/2024/CVE-2024-49312.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-49312", + "description": "Server-Side Request Forgery (SSRF) vulnerability in WisdmLabs Edwiser Bridge.This issue affects Edwiser Bridge: from n/a through 3.0.7.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/edwiser-bridge/wordpress-edwiser-bridge-plugin-3-0-7-server-side-request-forgery-ssrf-vulnerability?_s_id=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:edwiser:bridge:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "edwiser-bridge", + "packageType": "wordpress-plugin", + "product": "Edwiser Bridge", + "repo": "https://plugins.svn.wordpress.org/edwiser-bridge", + "vendor": "WisdmLabs", + "versions": [ + { + "lessThanOrEqual": "3.0.7", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-49579.json b/data/anchore/2024/CVE-2024-49579.json new file mode 100644 index 00000000..e6f810dc --- /dev/null +++ b/data/anchore/2024/CVE-2024-49579.json @@ -0,0 +1,34 @@ +{ + "additionalMetadata": { + "cna": "jetbrains", + "cveId": "CVE-2024-49579", + "description": "In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://www.jetbrains.com/privacy-security/issues-fixed/" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:jetbrains:youtrack:*:*:*:*:*:*:*:*" + ], + "product": "YouTrack", + "vendor": "JetBrains", + "versions": [ + { + "lessThan": "2024.3.47197", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-49580.json b/data/anchore/2024/CVE-2024-49580.json new file mode 100644 index 00000000..67ee69ca --- /dev/null +++ b/data/anchore/2024/CVE-2024-49580.json @@ -0,0 +1,34 @@ +{ + "additionalMetadata": { + "cna": "jetbrains", + "cveId": "CVE-2024-49580", + "description": "In JetBrains Ktor before 3.0.0 improper caching in HttpCache Plugin could lead to response information disclosure", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://www.jetbrains.com/privacy-security/issues-fixed/" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:jetbrains:ktor:*:*:*:*:*:*:*:*" + ], + "product": "Ktor", + "vendor": "JetBrains", + "versions": [ + { + "lessThan": "3.0.0", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-5229.json b/data/anchore/2024/CVE-2024-5229.json new file mode 100644 index 00000000..11f73a21 --- /dev/null +++ b/data/anchore/2024/CVE-2024-5229.json @@ -0,0 +1,41 @@ +{ + "additionalMetadata": { + "cna": "wordfence", + "cveId": "CVE-2024-5229", + "description": "The Primary Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://plugins.trac.wordpress.org/browser/primary-addon-for-elementor/trunk/elementor/widgets/basic/nabasic-pricing-table.php#L775", + "https://plugins.trac.wordpress.org/changeset/3092073/#file366", + "https://plugins.trac.wordpress.org/changeset/3092073/primary-addon-for-elementor/trunk/elementor/widgets/basic/nabasic-pricing-table.php", + "https://wordpress.org/plugins/primary-addon-for-elementor/#developers", + "https://www.wordfence.com/threat-intel/vulnerabilities/id/d6ea95b5-9e1c-41b1-9bc5-5fd5cecef65d?source=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:nicheaddons:primary-addon-for-elementor:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "primary-addon-for-elementor", + "packageType": "wordpress-plugin", + "product": "Primary Addon for Elementor", + "vendor": "nicheaddons", + "versions": [ + { + "lessThan": "1.5.6", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-5429.json b/data/anchore/2024/CVE-2024-5429.json new file mode 100644 index 00000000..64d6d145 --- /dev/null +++ b/data/anchore/2024/CVE-2024-5429.json @@ -0,0 +1,37 @@ +{ + "additionalMetadata": { + "cna": "wpscan", + "cveId": "CVE-2024-5429", + "description": "The Logo Slider WordPress plugin before 4.1.0 does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://wpscan.com/vulnerability/ddb76c88-aeca-42df-830e-abffd29f1141/" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:logichunt:logo_slider:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "logo-slider-wp", + "packageType": "wordpress-plugin", + "product": "Logo Slider", + "vendor": "logichunt", + "versions": [ + { + "lessThan": "4.1.0", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-7417.json b/data/anchore/2024/CVE-2024-7417.json new file mode 100644 index 00000000..613ed483 --- /dev/null +++ b/data/anchore/2024/CVE-2024-7417.json @@ -0,0 +1,39 @@ +{ + "additionalMetadata": { + "cna": "wordfence", + "cveId": "CVE-2024-7417", + "description": "The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.986 via the data_fetch. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract data from password protected posts.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://plugins.trac.wordpress.org/browser/royal-elementor-addons/tags/1.3.985/classes/modules/wpr-ajax-search.php#L21", + "https://plugins.trac.wordpress.org/changeset/3162784/royal-elementor-addons/tags/1.3.987/classes/modules/wpr-ajax-search.php?old=3141814&old_path=royal-elementor-addons%2Ftags%2F1.3.985%2Fclasses%2Fmodules%2Fwpr-ajax-search.php", + "https://www.wordfence.com/threat-intel/vulnerabilities/id/c3dfb0b7-5d9f-492b-9a1a-d4445d39c00c?source=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "royal-elementor-addons", + "packageType": "wordpress-plugin", + "product": "Royal Elementor Addons and Templates", + "vendor": "wproyal", + "versions": [ + { + "lessThan": "1.3.987", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-8548.json b/data/anchore/2024/CVE-2024-8548.json index a5ecac40..082934fe 100644 --- a/data/anchore/2024/CVE-2024-8548.json +++ b/data/anchore/2024/CVE-2024-8548.json @@ -33,7 +33,7 @@ "vendor": "cagdasdag", "versions": [ { - "lessThanOrEqual": "1.6.6", + "lessThan": "1.6.7", "status": "affected", "version": "0", "versionType": "semver" diff --git a/data/anchore/2024/CVE-2024-8632.json b/data/anchore/2024/CVE-2024-8632.json index 03e21dbc..5e7edd77 100644 --- a/data/anchore/2024/CVE-2024-8632.json +++ b/data/anchore/2024/CVE-2024-8632.json @@ -23,7 +23,7 @@ "vendor": "cagdasdag", "versions": [ { - "lessThanOrEqual": "1.6.6", + "lessThan": "1.6.7", "status": "affected", "version": "0", "versionType": "semver" diff --git a/data/anchore/2024/CVE-2024-9184.json b/data/anchore/2024/CVE-2024-9184.json new file mode 100644 index 00000000..f3be9c59 --- /dev/null +++ b/data/anchore/2024/CVE-2024-9184.json @@ -0,0 +1,40 @@ +{ + "additionalMetadata": { + "cna": "wordfence", + "cveId": "CVE-2024-9184", + "description": "The SendPulse Free Web Push plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.6 due to incorrect use of the wp_kses_allowed_html function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://plugins.trac.wordpress.org/browser/sendpulse-web-push/trunk/settings.php#L10", + "https://plugins.trac.wordpress.org/changeset/3169899/", + "https://wordpress.org/plugins/sendpulse-web-push/#developers", + "https://www.wordfence.com/threat-intel/vulnerabilities/id/74831bf8-0a30-4758-bfe6-5a5b4ee7ec24?source=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:sendpulse:free_web_push:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "sendpulse-web-push", + "packageType": "wordpress-plugin", + "product": "SendPulse Free Web Push", + "vendor": "sendpulse", + "versions": [ + { + "lessThan": "1.3.7", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-9213.json b/data/anchore/2024/CVE-2024-9213.json new file mode 100644 index 00000000..7deee023 --- /dev/null +++ b/data/anchore/2024/CVE-2024-9213.json @@ -0,0 +1,41 @@ +{ + "additionalMetadata": { + "cna": "wordfence", + "cveId": "CVE-2024-9213", + "description": "The افزونه پیامک ووکامرس Persian WooCommerce SMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 7.0.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://plugins.trac.wordpress.org/browser/persian-woocommerce-sms/tags/7.0.2/src/Subscribe/Contacts.php#L290", + "https://plugins.trac.wordpress.org/browser/persian-woocommerce-sms/tags/7.0.2/src/Subscribe/Contacts.php#L412", + "https://plugins.trac.wordpress.org/browser/persian-woocommerce-sms/tags/7.0.2/src/Subscribe/Contacts.php#L527", + "https://plugins.trac.wordpress.org/changeset/3170258/persian-woocommerce-sms/trunk/src/Subscribe/Contacts.php", + "https://www.wordfence.com/threat-intel/vulnerabilities/id/e8845d56-2e8a-472a-bc32-e26b388ce58d?source=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:woocommerce:persian_woocommerce_sms:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "persian-woocommerce-sms", + "packageType": "wordpress-plugin", + "product": "افزونه پیامک ووکامرس Persian WooCommerce SMS", + "vendor": "persianscript", + "versions": [ + { + "lessThan": "7.0.3", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-9240.json b/data/anchore/2024/CVE-2024-9240.json new file mode 100644 index 00000000..77b8415b --- /dev/null +++ b/data/anchore/2024/CVE-2024-9240.json @@ -0,0 +1,39 @@ +{ + "additionalMetadata": { + "cna": "wordfence", + "cveId": "CVE-2024-9240", + "description": "The ReDi Restaurant Reservation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 24.0902. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://plugins.trac.wordpress.org/browser/redi-restaurant-reservation/trunk/templates/admin_welcome_no_page.php?rev=2988247#L41", + "https://plugins.trac.wordpress.org/changeset/3167881/redi-restaurant-reservation/trunk/templates/admin_welcome_no_page.php", + "https://www.wordfence.com/threat-intel/vulnerabilities/id/bb9fc87e-b376-49ce-ba69-5acef9deda4d?source=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:catzsoft:redi_restaurant_reservation:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "redi-restaurant-reservation", + "packageType": "wordpress-plugin", + "product": "ReDi Restaurant Reservation", + "vendor": "thecatkin", + "versions": [ + { + "lessThan": "24.1015", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-9347.json b/data/anchore/2024/CVE-2024-9347.json new file mode 100644 index 00000000..4cdb054c --- /dev/null +++ b/data/anchore/2024/CVE-2024-9347.json @@ -0,0 +1,39 @@ +{ + "additionalMetadata": { + "cna": "wordfence", + "cveId": "CVE-2024-9347", + "description": "The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wpext-export' parameter in all versions up to, and including, 3.0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://plugins.trac.wordpress.org/browser/wpextended/tags/3.0.9/includes/libraries/wpext_export/wpext_export.php#L209", + "https://plugins.trac.wordpress.org/changeset/3169963/wpextended/trunk/includes/libraries/wpext_export/wpext_export.php", + "https://www.wordfence.com/threat-intel/vulnerabilities/id/822c0a33-e57e-48c7-b8df-fddf3bb2e552?source=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:wpextended:wp_extended:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "wpextended", + "packageType": "wordpress-plugin", + "product": "The Ultimate WordPress Toolkit – WP Extended", + "vendor": "wpextended", + "versions": [ + { + "lessThan": "3.0.10", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-9414.json b/data/anchore/2024/CVE-2024-9414.json new file mode 100644 index 00000000..32bb3c9e --- /dev/null +++ b/data/anchore/2024/CVE-2024-9414.json @@ -0,0 +1,37 @@ +{ + "additionalMetadata": { + "cna": "icscert", + "cveId": "CVE-2024-9414", + "description": "In LAquis SCADA version 4.7.1.511, a cross-site scripting vulnerability could allow an attacker to inject arbitrary code into a web page. This could allow an attacker to steal cookies, redirect users, or perform unauthorized actions.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://www.cisa.gov/news-events/ics-advisories/icsa-24-291-02" + ], + "solutions": [ + "LCDS recommends users update to version 4.7.1.611 or newer https://laquisscada.com/  versions of LAquis SCADA." + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:lcds:laquis_scada:*:*:*:*:*:*:*:*" + ], + "product": "LAquis SCADA", + "vendor": "LCDS - Leão Consultoria e Desenvolvimento de Sistemas Ltda ME", + "versions": [ + { + "lessThan": "4.7.1.611", + "status": "affected", + "version": "4.7.1.511", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-9820.json b/data/anchore/2024/CVE-2024-9820.json new file mode 100644 index 00000000..b5012cde --- /dev/null +++ b/data/anchore/2024/CVE-2024-9820.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "wordfence", + "cveId": "CVE-2024-9820", + "description": "The WP 2FA with Telegram plugin for WordPress is vulnerable to Two-Factor Authentication Bypass in versions up to, and including, 3.0. This is due to the two-factor code being stored in a cookie, which makes it possible to bypass two-factor authentication.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://plugins.trac.wordpress.org/browser/two-factor-login-telegram/tags/3.0/includes/class-wp-factor-telegram-plugin.php#L228", + "https://www.wordfence.com/threat-intel/vulnerabilities/id/ccd73030-7185-4302-b3fd-29cbbe716e3e?source=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:dueclic:wp_2fa_with_telegram:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "two-factor-login-telegram", + "packageType": "wordpress-plugin", + "product": "WP 2FA with Telegram", + "vendor": "dueclic", + "versions": [ + { + "lessThan": "3.1", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-9898.json b/data/anchore/2024/CVE-2024-9898.json new file mode 100644 index 00000000..b00d3bf6 --- /dev/null +++ b/data/anchore/2024/CVE-2024-9898.json @@ -0,0 +1,41 @@ +{ + "additionalMetadata": { + "cna": "wordfence", + "cveId": "CVE-2024-9898", + "description": "The Parallax Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's dd-parallax shortcode in all versions up to, and including, 1.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://plugins.trac.wordpress.org/browser/parallax-image/trunk/assets/shortcode.php#L145", + "https://plugins.trac.wordpress.org/changeset/3170176/", + "https://plugins.trac.wordpress.org/changeset/3170176/#file16", + "https://wordpress.org/plugins/parallax-image/#developers", + "https://www.wordfence.com/threat-intel/vulnerabilities/id/57641366-85d3-4375-8cde-041227c9f811?source=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:howardehrenberg:parallax_image:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "parallax-image", + "packageType": "wordpress-plugin", + "product": "Parallax Image", + "vendor": "thehowarde", + "versions": [ + { + "lessThan": "1.9", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-9940.json b/data/anchore/2024/CVE-2024-9940.json new file mode 100644 index 00000000..07248151 --- /dev/null +++ b/data/anchore/2024/CVE-2024-9940.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "wordfence", + "cveId": "CVE-2024-9940", + "description": "The Calculated Fields Form plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 5.2.45. This is due to the plugin not properly neutralizing HTML elements from submitted forms. This makes it possible for unauthenticated attackers to inject arbitrary HTML that will render when the administrator views form submissions in their email.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3168950%40calculated-fields-form&new=3168950%40calculated-fields-form&sfp_email=&sfph_mail=", + "https://www.wordfence.com/threat-intel/vulnerabilities/id/e2c9f6a5-8698-4452-bf0a-c1d796b2fdad?source=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:codepeople:calculated_fields_form:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "calculated-fields-form", + "packageType": "wordpress-plugin", + "product": "Calculated Fields Form", + "vendor": "codepeople", + "versions": [ + { + "lessThan": "5.2.46", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-9951.json b/data/anchore/2024/CVE-2024-9951.json new file mode 100644 index 00000000..85b3c9d1 --- /dev/null +++ b/data/anchore/2024/CVE-2024-9951.json @@ -0,0 +1,40 @@ +{ + "additionalMetadata": { + "cna": "wordfence", + "cveId": "CVE-2024-9951", + "description": "The WP Photo Album Plus plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wppa-tab' parameter in all versions up to, and including, 8.8.05.003 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3170202%40wp-photo-album-plus&new=3170202%40wp-photo-album-plus&sfp_email=&sfph_mail=", + "https://www.wordfence.com/threat-intel/vulnerabilities/id/3a4f0c06-db88-4950-b1f5-b2aab480c974?source=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:wp_photo_album_plus_project:wp_photo_album_plus:*:*:*:*:*:wordpress:*:*", + "cpe:2.3:a:wppa.opajaap:wp-photo-album-plus:*:*:*:*:*:wordpress:*:*", + "cpe:2.3:a:wppa:wp_photo_album_plus:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "wp-photo-album-plus", + "packageType": "wordpress-plugin", + "product": "WP Photo Album Plus", + "vendor": "opajaap", + "versions": [ + { + "lessThan": "8.8.07.004", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file