From 18e1208f384f6c71ebb9575db975b25a5cf718c9 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 26 Sep 2024 01:43:30 +0000 Subject: [PATCH] generated content from 2024-09-26 --- mapping.csv | 42 +++++++++++++++++++ ...-170dc622-3b05-49cc-b8de-ad20eee0d624.json | 22 ++++++++++ ...-3c1800bb-d59a-4c54-a022-23212234ae4f.json | 22 ++++++++++ ...-3d129973-ed80-4801-a21b-70358871dac9.json | 22 ++++++++++ ...-4408e14d-32ec-4fec-a094-abecb2a93883.json | 22 ++++++++++ ...-49b32489-109c-40d3-91c3-acf108be3383.json | 22 ++++++++++ ...-4ace7aef-1950-4eb1-91c8-e68583ab0407.json | 22 ++++++++++ ...-5fc2fef1-3953-41d8-be35-2b20e58d8ead.json | 22 ++++++++++ ...-63f50c49-9f1e-42b8-9854-5086678235d3.json | 22 ++++++++++ ...-661a3cb3-72e0-4fd9-bd83-516b18ce00ca.json | 22 ++++++++++ ...-665c570c-760a-45a6-91b9-c91b156fe95b.json | 22 ++++++++++ ...-70002f17-16f6-42af-b4ef-1876af6023d0.json | 22 ++++++++++ ...-712f7b3b-f9d7-4aa4-bdcf-419cff8d162c.json | 22 ++++++++++ ...-7ae33acb-fae8-4603-80f7-561c9100ddfc.json | 22 ++++++++++ ...-7f4e6b5d-593a-4e27-aebe-a44dc9fb6a7d.json | 22 ++++++++++ ...-819f2105-a1dd-4c20-9f48-f7d7d7ed2e64.json | 22 ++++++++++ ...-823559be-71ae-46ef-91b8-63e5cbaa948a.json | 22 ++++++++++ ...-8831c52d-6068-47db-96fb-057def0a790f.json | 22 ++++++++++ ...-8c86873b-b888-4c11-9805-8380707a85ae.json | 22 ++++++++++ ...-8eca0c08-88da-497a-89ff-90ed58b0e919.json | 22 ++++++++++ ...-92c90417-c3ac-495c-9c36-caa194860431.json | 22 ++++++++++ ...-93ae6e6a-2c3a-44d2-8e18-54a74478420b.json | 22 ++++++++++ ...-a4852da8-4540-4e47-8f9b-8279f09d5490.json | 22 ++++++++++ ...-a4b4b3b5-6223-43f4-81ce-59b982b7f6d0.json | 22 ++++++++++ ...-a66c57be-8c70-4d4f-b483-e9f8efcd6383.json | 22 ++++++++++ ...-a8289117-0e08-4ae7-abc7-da799db78486.json | 22 ++++++++++ ...-a985b603-da9c-4436-a232-5ce7b72ebcb4.json | 22 ++++++++++ ...-ab5fda40-f876-46cb-b544-80f85800c4d7.json | 22 ++++++++++ ...-ad12b03b-31ac-4f79-85c3-b5edb098df8e.json | 22 ++++++++++ ...-ade8f434-9b59-4ce7-b61b-2a71415936df.json | 22 ++++++++++ ...-af635b88-6e6d-4ccc-a2b0-412515cf95a3.json | 22 ++++++++++ ...-b162b160-819f-4e52-83ab-e8fdf069b69d.json | 22 ++++++++++ ...-b1a4aa8b-0e3d-4d19-8349-4051979d7bdc.json | 22 ++++++++++ ...-c3fc97ec-2f95-4dde-b752-ef42cc2d1abd.json | 22 ++++++++++ ...-cd1c3834-6a0f-4c72-9e40-cd0b958c87c4.json | 22 ++++++++++ ...-d968ed5d-7dbf-4972-aa09-1537626f2eaa.json | 22 ++++++++++ ...-da12521d-916f-4274-bfc6-fa86e5fd0b3e.json | 22 ++++++++++ ...-e1500a8f-912d-4868-a869-1792ebf06811.json | 22 ++++++++++ ...-e2594717-5f0f-46a0-a0cb-e2d2ce33f513.json | 22 ++++++++++ ...-ea9bd7ce-1a4d-492d-9429-36e6c0683664.json | 22 ++++++++++ ...-ec3d71e5-8e2b-44b4-b3b9-14086208a668.json | 22 ++++++++++ ...-edce108f-14f2-489f-bd42-e4d098ac05f5.json | 22 ++++++++++ ...-efa95efa-08dc-4322-8f84-543e2f8a0db4.json | 22 ++++++++++ 43 files changed, 966 insertions(+) create mode 100644 objects/vulnerability/vulnerability--170dc622-3b05-49cc-b8de-ad20eee0d624.json create mode 100644 objects/vulnerability/vulnerability--3c1800bb-d59a-4c54-a022-23212234ae4f.json create mode 100644 objects/vulnerability/vulnerability--3d129973-ed80-4801-a21b-70358871dac9.json create mode 100644 objects/vulnerability/vulnerability--4408e14d-32ec-4fec-a094-abecb2a93883.json create mode 100644 objects/vulnerability/vulnerability--49b32489-109c-40d3-91c3-acf108be3383.json create mode 100644 objects/vulnerability/vulnerability--4ace7aef-1950-4eb1-91c8-e68583ab0407.json create mode 100644 objects/vulnerability/vulnerability--5fc2fef1-3953-41d8-be35-2b20e58d8ead.json create mode 100644 objects/vulnerability/vulnerability--63f50c49-9f1e-42b8-9854-5086678235d3.json create mode 100644 objects/vulnerability/vulnerability--661a3cb3-72e0-4fd9-bd83-516b18ce00ca.json create mode 100644 objects/vulnerability/vulnerability--665c570c-760a-45a6-91b9-c91b156fe95b.json create mode 100644 objects/vulnerability/vulnerability--70002f17-16f6-42af-b4ef-1876af6023d0.json create mode 100644 objects/vulnerability/vulnerability--712f7b3b-f9d7-4aa4-bdcf-419cff8d162c.json create mode 100644 objects/vulnerability/vulnerability--7ae33acb-fae8-4603-80f7-561c9100ddfc.json create mode 100644 objects/vulnerability/vulnerability--7f4e6b5d-593a-4e27-aebe-a44dc9fb6a7d.json create mode 100644 objects/vulnerability/vulnerability--819f2105-a1dd-4c20-9f48-f7d7d7ed2e64.json create mode 100644 objects/vulnerability/vulnerability--823559be-71ae-46ef-91b8-63e5cbaa948a.json create mode 100644 objects/vulnerability/vulnerability--8831c52d-6068-47db-96fb-057def0a790f.json create mode 100644 objects/vulnerability/vulnerability--8c86873b-b888-4c11-9805-8380707a85ae.json create mode 100644 objects/vulnerability/vulnerability--8eca0c08-88da-497a-89ff-90ed58b0e919.json create mode 100644 objects/vulnerability/vulnerability--92c90417-c3ac-495c-9c36-caa194860431.json create mode 100644 objects/vulnerability/vulnerability--93ae6e6a-2c3a-44d2-8e18-54a74478420b.json create mode 100644 objects/vulnerability/vulnerability--a4852da8-4540-4e47-8f9b-8279f09d5490.json create mode 100644 objects/vulnerability/vulnerability--a4b4b3b5-6223-43f4-81ce-59b982b7f6d0.json create mode 100644 objects/vulnerability/vulnerability--a66c57be-8c70-4d4f-b483-e9f8efcd6383.json create mode 100644 objects/vulnerability/vulnerability--a8289117-0e08-4ae7-abc7-da799db78486.json create mode 100644 objects/vulnerability/vulnerability--a985b603-da9c-4436-a232-5ce7b72ebcb4.json create mode 100644 objects/vulnerability/vulnerability--ab5fda40-f876-46cb-b544-80f85800c4d7.json create mode 100644 objects/vulnerability/vulnerability--ad12b03b-31ac-4f79-85c3-b5edb098df8e.json create mode 100644 objects/vulnerability/vulnerability--ade8f434-9b59-4ce7-b61b-2a71415936df.json create mode 100644 objects/vulnerability/vulnerability--af635b88-6e6d-4ccc-a2b0-412515cf95a3.json create mode 100644 objects/vulnerability/vulnerability--b162b160-819f-4e52-83ab-e8fdf069b69d.json create mode 100644 objects/vulnerability/vulnerability--b1a4aa8b-0e3d-4d19-8349-4051979d7bdc.json create mode 100644 objects/vulnerability/vulnerability--c3fc97ec-2f95-4dde-b752-ef42cc2d1abd.json create mode 100644 objects/vulnerability/vulnerability--cd1c3834-6a0f-4c72-9e40-cd0b958c87c4.json create mode 100644 objects/vulnerability/vulnerability--d968ed5d-7dbf-4972-aa09-1537626f2eaa.json create mode 100644 objects/vulnerability/vulnerability--da12521d-916f-4274-bfc6-fa86e5fd0b3e.json create mode 100644 objects/vulnerability/vulnerability--e1500a8f-912d-4868-a869-1792ebf06811.json create mode 100644 objects/vulnerability/vulnerability--e2594717-5f0f-46a0-a0cb-e2d2ce33f513.json create mode 100644 objects/vulnerability/vulnerability--ea9bd7ce-1a4d-492d-9429-36e6c0683664.json create mode 100644 objects/vulnerability/vulnerability--ec3d71e5-8e2b-44b4-b3b9-14086208a668.json create mode 100644 objects/vulnerability/vulnerability--edce108f-14f2-489f-bd42-e4d098ac05f5.json create mode 100644 objects/vulnerability/vulnerability--efa95efa-08dc-4322-8f84-543e2f8a0db4.json diff --git a/mapping.csv b/mapping.csv index cdd96253ece..1f69037189a 100644 --- a/mapping.csv +++ b/mapping.csv @@ -250059,3 +250059,45 @@ vulnerability,CVE-2023-5359,vulnerability--be9e548a-ca2b-4e5a-9a06-124acdc1190b vulnerability,CVE-2021-38963,vulnerability--f40d15e8-04ab-43dd-8e4f-8ed0fea5e36a vulnerability,CVE-2022-43845,vulnerability--5f61187a-6c15-457c-9fa3-7df7c5d4cb25 vulnerability,CVE-2022-2439,vulnerability--15b9dda5-d7f4-45f9-b2ec-9cf129f9c394 +vulnerability,CVE-2024-3866,vulnerability--92c90417-c3ac-495c-9c36-caa194860431 +vulnerability,CVE-2024-9169,vulnerability--63f50c49-9f1e-42b8-9854-5086678235d3 +vulnerability,CVE-2024-9069,vulnerability--a985b603-da9c-4436-a232-5ce7b72ebcb4 +vulnerability,CVE-2024-9068,vulnerability--4408e14d-32ec-4fec-a094-abecb2a93883 +vulnerability,CVE-2024-9027,vulnerability--4ace7aef-1950-4eb1-91c8-e68583ab0407 +vulnerability,CVE-2024-9024,vulnerability--ad12b03b-31ac-4f79-85c3-b5edb098df8e +vulnerability,CVE-2024-9073,vulnerability--a4852da8-4540-4e47-8f9b-8279f09d5490 +vulnerability,CVE-2024-9028,vulnerability--712f7b3b-f9d7-4aa4-bdcf-419cff8d162c +vulnerability,CVE-2024-8549,vulnerability--819f2105-a1dd-4c20-9f48-f7d7d7ed2e64 +vulnerability,CVE-2024-8621,vulnerability--661a3cb3-72e0-4fd9-bd83-516b18ce00ca +vulnerability,CVE-2024-8275,vulnerability--3d129973-ed80-4801-a21b-70358871dac9 +vulnerability,CVE-2024-8349,vulnerability--ec3d71e5-8e2b-44b4-b3b9-14086208a668 +vulnerability,CVE-2024-8350,vulnerability--170dc622-3b05-49cc-b8de-ad20eee0d624 +vulnerability,CVE-2024-8481,vulnerability--665c570c-760a-45a6-91b9-c91b156fe95b +vulnerability,CVE-2024-8668,vulnerability--cd1c3834-6a0f-4c72-9e40-cd0b958c87c4 +vulnerability,CVE-2024-8483,vulnerability--a4b4b3b5-6223-43f4-81ce-59b982b7f6d0 +vulnerability,CVE-2024-8434,vulnerability--49b32489-109c-40d3-91c3-acf108be3383 +vulnerability,CVE-2024-8514,vulnerability--efa95efa-08dc-4322-8f84-543e2f8a0db4 +vulnerability,CVE-2024-8658,vulnerability--3c1800bb-d59a-4c54-a022-23212234ae4f +vulnerability,CVE-2024-8485,vulnerability--93ae6e6a-2c3a-44d2-8e18-54a74478420b +vulnerability,CVE-2024-8713,vulnerability--da12521d-916f-4274-bfc6-fa86e5fd0b3e +vulnerability,CVE-2024-8290,vulnerability--5fc2fef1-3953-41d8-be35-2b20e58d8ead +vulnerability,CVE-2024-8175,vulnerability--edce108f-14f2-489f-bd42-e4d098ac05f5 +vulnerability,CVE-2024-8678,vulnerability--ab5fda40-f876-46cb-b544-80f85800c4d7 +vulnerability,CVE-2024-8910,vulnerability--b162b160-819f-4e52-83ab-e8fdf069b69d +vulnerability,CVE-2024-8515,vulnerability--d968ed5d-7dbf-4972-aa09-1537626f2eaa +vulnerability,CVE-2024-8516,vulnerability--8831c52d-6068-47db-96fb-057def0a790f +vulnerability,CVE-2024-8476,vulnerability--a8289117-0e08-4ae7-abc7-da799db78486 +vulnerability,CVE-2024-8484,vulnerability--8eca0c08-88da-497a-89ff-90ed58b0e919 +vulnerability,CVE-2024-8741,vulnerability--e2594717-5f0f-46a0-a0cb-e2d2ce33f513 +vulnerability,CVE-2024-40761,vulnerability--7f4e6b5d-593a-4e27-aebe-a44dc9fb6a7d +vulnerability,CVE-2024-23454,vulnerability--70002f17-16f6-42af-b4ef-1876af6023d0 +vulnerability,CVE-2024-6590,vulnerability--ea9bd7ce-1a4d-492d-9429-36e6c0683664 +vulnerability,CVE-2024-6845,vulnerability--823559be-71ae-46ef-91b8-63e5cbaa948a +vulnerability,CVE-2024-7892,vulnerability--8c86873b-b888-4c11-9805-8380707a85ae +vulnerability,CVE-2024-7878,vulnerability--af635b88-6e6d-4ccc-a2b0-412515cf95a3 +vulnerability,CVE-2024-7386,vulnerability--b1a4aa8b-0e3d-4d19-8349-4051979d7bdc +vulnerability,CVE-2024-7491,vulnerability--a66c57be-8c70-4d4f-b483-e9f8efcd6383 +vulnerability,CVE-2024-7385,vulnerability--ade8f434-9b59-4ce7-b61b-2a71415936df +vulnerability,CVE-2024-7426,vulnerability--c3fc97ec-2f95-4dde-b752-ef42cc2d1abd +vulnerability,CVE-2024-7617,vulnerability--e1500a8f-912d-4868-a869-1792ebf06811 +vulnerability,CVE-2024-47303,vulnerability--7ae33acb-fae8-4603-80f7-561c9100ddfc diff --git a/objects/vulnerability/vulnerability--170dc622-3b05-49cc-b8de-ad20eee0d624.json b/objects/vulnerability/vulnerability--170dc622-3b05-49cc-b8de-ad20eee0d624.json new file mode 100644 index 00000000000..e7935585173 --- /dev/null +++ b/objects/vulnerability/vulnerability--170dc622-3b05-49cc-b8de-ad20eee0d624.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--843b7114-a98f-473f-b68f-ae8766e1e61f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--170dc622-3b05-49cc-b8de-ad20eee0d624", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-26T01:43:02.242441Z", + "modified": "2024-09-26T01:43:02.242441Z", + "name": "CVE-2024-8350", + "description": "The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to user group add due to a missing capability check on the /wp-json/ulgm_management/v1/add_user/ REST API endpoint in all versions up to, and including, 6.1.0.1. This makes it possible for authenticated attackers, with group leader-level access and above, to add users to their group which ultimately allows them to leverage CVE-2024-8349 and gain admin access to the site.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8350" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3c1800bb-d59a-4c54-a022-23212234ae4f.json b/objects/vulnerability/vulnerability--3c1800bb-d59a-4c54-a022-23212234ae4f.json new file mode 100644 index 00000000000..a6c5af62131 --- /dev/null +++ b/objects/vulnerability/vulnerability--3c1800bb-d59a-4c54-a022-23212234ae4f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4cd30f99-75db-40b6-a6ab-e0475d170acb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3c1800bb-d59a-4c54-a022-23212234ae4f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-26T01:43:02.274705Z", + "modified": "2024-09-26T01:43:02.274705Z", + "name": "CVE-2024-8658", + "description": "The myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mycred_update_database() function in all versions up to, and including, 2.7.3. This makes it possible for unauthenticated attackers to upgrade an out of date database.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8658" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3d129973-ed80-4801-a21b-70358871dac9.json b/objects/vulnerability/vulnerability--3d129973-ed80-4801-a21b-70358871dac9.json new file mode 100644 index 00000000000..65e9e8aade1 --- /dev/null +++ b/objects/vulnerability/vulnerability--3d129973-ed80-4801-a21b-70358871dac9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--82b695ea-dd46-4c51-922e-17589f8f6faf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3d129973-ed80-4801-a21b-70358871dac9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-26T01:43:02.238171Z", + "modified": "2024-09-26T01:43:02.238171Z", + "name": "CVE-2024-8275", + "description": "The The Events Calendar plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'tribe_has_next_event' function in all versions up to, and including, 6.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Only sites that have manually added tribe_has_next_event() will be vulnerable to this SQL injection.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8275" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4408e14d-32ec-4fec-a094-abecb2a93883.json b/objects/vulnerability/vulnerability--4408e14d-32ec-4fec-a094-abecb2a93883.json new file mode 100644 index 00000000000..9c69460c651 --- /dev/null +++ b/objects/vulnerability/vulnerability--4408e14d-32ec-4fec-a094-abecb2a93883.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--653be825-942d-482e-8363-c3638d158fb4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4408e14d-32ec-4fec-a094-abecb2a93883", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-26T01:43:02.22139Z", + "modified": "2024-09-26T01:43:02.22139Z", + "name": "CVE-2024-9068", + "description": "The OneElements – Best Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9068" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--49b32489-109c-40d3-91c3-acf108be3383.json b/objects/vulnerability/vulnerability--49b32489-109c-40d3-91c3-acf108be3383.json new file mode 100644 index 00000000000..ca3a29f3ac9 --- /dev/null +++ b/objects/vulnerability/vulnerability--49b32489-109c-40d3-91c3-acf108be3383.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2735c718-ff99-400c-a93d-659f30ab7ff5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--49b32489-109c-40d3-91c3-acf108be3383", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-26T01:43:02.252983Z", + "modified": "2024-09-26T01:43:02.252983Z", + "name": "CVE-2024-8434", + "description": "The Easy Mega Menu Plugin for WordPress – ThemeHunk plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform actions like updating plugin settings.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8434" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4ace7aef-1950-4eb1-91c8-e68583ab0407.json b/objects/vulnerability/vulnerability--4ace7aef-1950-4eb1-91c8-e68583ab0407.json new file mode 100644 index 00000000000..5d717d22913 --- /dev/null +++ b/objects/vulnerability/vulnerability--4ace7aef-1950-4eb1-91c8-e68583ab0407.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--18e4e387-5db7-4af2-a0c9-d16cf4b6c4e0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4ace7aef-1950-4eb1-91c8-e68583ab0407", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-26T01:43:02.222783Z", + "modified": "2024-09-26T01:43:02.222783Z", + "name": "CVE-2024-9027", + "description": "The WPZOOM Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'box' shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9027" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5fc2fef1-3953-41d8-be35-2b20e58d8ead.json b/objects/vulnerability/vulnerability--5fc2fef1-3953-41d8-be35-2b20e58d8ead.json new file mode 100644 index 00000000000..4c0b7c0840c --- /dev/null +++ b/objects/vulnerability/vulnerability--5fc2fef1-3953-41d8-be35-2b20e58d8ead.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6c4ef939-d5ec-4f32-b75a-256ff8616e74", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5fc2fef1-3953-41d8-be35-2b20e58d8ead", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-26T01:43:02.279157Z", + "modified": "2024-09-26T01:43:02.279157Z", + "name": "CVE-2024-8290", + "description": "The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.12 via the WCFM_Customers_Manage_Controller::processing function due to missing validation on the ID user controlled key. This makes it possible for authenticated attackers, with subscriber/customer-level access and above, to change the email address of administrator user accounts which allows them to reset the password and access the administrator account.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8290" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--63f50c49-9f1e-42b8-9854-5086678235d3.json b/objects/vulnerability/vulnerability--63f50c49-9f1e-42b8-9854-5086678235d3.json new file mode 100644 index 00000000000..15d4b780592 --- /dev/null +++ b/objects/vulnerability/vulnerability--63f50c49-9f1e-42b8-9854-5086678235d3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f2f1a5d1-fa07-45bd-b0c5-bdbd1fdfc71d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--63f50c49-9f1e-42b8-9854-5086678235d3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-26T01:43:02.216029Z", + "modified": "2024-09-26T01:43:02.216029Z", + "name": "CVE-2024-9169", + "description": "The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin debug settings in all versions up to, and including, 6.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9169" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--661a3cb3-72e0-4fd9-bd83-516b18ce00ca.json b/objects/vulnerability/vulnerability--661a3cb3-72e0-4fd9-bd83-516b18ce00ca.json new file mode 100644 index 00000000000..803a6f0df55 --- /dev/null +++ b/objects/vulnerability/vulnerability--661a3cb3-72e0-4fd9-bd83-516b18ce00ca.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d5ff14eb-cef5-4c97-963b-f3adfd196738", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--661a3cb3-72e0-4fd9-bd83-516b18ce00ca", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-26T01:43:02.236Z", + "modified": "2024-09-26T01:43:02.236Z", + "name": "CVE-2024-8621", + "description": "The Daily Prayer Time plugin for WordPress is vulnerable to SQL Injection via the 'max_word' attribute of the 'quran_verse' shortcode in all versions up to, and including, 2024.08.26 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8621" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--665c570c-760a-45a6-91b9-c91b156fe95b.json b/objects/vulnerability/vulnerability--665c570c-760a-45a6-91b9-c91b156fe95b.json new file mode 100644 index 00000000000..bdb0f16ea23 --- /dev/null +++ b/objects/vulnerability/vulnerability--665c570c-760a-45a6-91b9-c91b156fe95b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--41437c65-91a1-4bfe-9347-24e33003767b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--665c570c-760a-45a6-91b9-c91b156fe95b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-26T01:43:02.244347Z", + "modified": "2024-09-26T01:43:02.244347Z", + "name": "CVE-2024-8481", + "description": "The The Special Text Boxes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 6.2.2. This is due to the plugin adding the filter add_filter('comment_text', 'do_shortcode'); which will run all shortcodes in comments. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8481" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--70002f17-16f6-42af-b4ef-1876af6023d0.json b/objects/vulnerability/vulnerability--70002f17-16f6-42af-b4ef-1876af6023d0.json new file mode 100644 index 00000000000..e9dc2f4dd38 --- /dev/null +++ b/objects/vulnerability/vulnerability--70002f17-16f6-42af-b4ef-1876af6023d0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8181e8a0-e2ea-4b08-84d5-4d46dc1a8275", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--70002f17-16f6-42af-b4ef-1876af6023d0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-26T01:43:02.496811Z", + "modified": "2024-09-26T01:43:02.496811Z", + "name": "CVE-2024-23454", + "description": "Apache Hadoop’s RunJar.run() does not set permissions for temporary directory by default. If sensitive data will be present in this file, all the other local users may be able to view the content.\nThis is because, on unix-like systems, the system temporary directory is\nshared between all local users. As such, files written in this directory,\nwithout setting the correct posix permissions explicitly, may be viewable\nby all other local users.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-23454" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--712f7b3b-f9d7-4aa4-bdcf-419cff8d162c.json b/objects/vulnerability/vulnerability--712f7b3b-f9d7-4aa4-bdcf-419cff8d162c.json new file mode 100644 index 00000000000..b620c8fd08f --- /dev/null +++ b/objects/vulnerability/vulnerability--712f7b3b-f9d7-4aa4-bdcf-419cff8d162c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--99764a63-e48c-422f-b3c7-859e4467317f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--712f7b3b-f9d7-4aa4-bdcf-419cff8d162c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-26T01:43:02.229291Z", + "modified": "2024-09-26T01:43:02.229291Z", + "name": "CVE-2024-9028", + "description": "The WP GPX Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sgpx' shortcode in all versions up to, and including, 1.7.08 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9028" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7ae33acb-fae8-4603-80f7-561c9100ddfc.json b/objects/vulnerability/vulnerability--7ae33acb-fae8-4603-80f7-561c9100ddfc.json new file mode 100644 index 00000000000..e88336eb482 --- /dev/null +++ b/objects/vulnerability/vulnerability--7ae33acb-fae8-4603-80f7-561c9100ddfc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--af9e91a1-ee8c-4b62-bee9-b1eb6c58c249", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7ae33acb-fae8-4603-80f7-561c9100ddfc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-26T01:43:03.463718Z", + "modified": "2024-09-26T01:43:03.463718Z", + "name": "CVE-2024-47303", + "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Livemesh Livemesh Addons for Elementor allows Stored XSS.This issue affects Livemesh Addons for Elementor: from n/a through 8.5.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47303" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7f4e6b5d-593a-4e27-aebe-a44dc9fb6a7d.json b/objects/vulnerability/vulnerability--7f4e6b5d-593a-4e27-aebe-a44dc9fb6a7d.json new file mode 100644 index 00000000000..4e31509d202 --- /dev/null +++ b/objects/vulnerability/vulnerability--7f4e6b5d-593a-4e27-aebe-a44dc9fb6a7d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3263ee71-0803-4978-8484-98a53c3203a2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7f4e6b5d-593a-4e27-aebe-a44dc9fb6a7d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-26T01:43:02.335599Z", + "modified": "2024-09-26T01:43:02.335599Z", + "name": "CVE-2024-40761", + "description": "Inadequate Encryption Strength vulnerability in Apache Answer.\n\nThis issue affects Apache Answer: through 1.3.5.\n\nUsing the MD5 value of a user's email to access Gravatar is insecure and can lead to the leakage of user email. The official recommendation is to use SHA256 instead.\nUsers are recommended to upgrade to version 1.4.0, which fixes the issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-40761" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--819f2105-a1dd-4c20-9f48-f7d7d7ed2e64.json b/objects/vulnerability/vulnerability--819f2105-a1dd-4c20-9f48-f7d7d7ed2e64.json new file mode 100644 index 00000000000..1374c9b065b --- /dev/null +++ b/objects/vulnerability/vulnerability--819f2105-a1dd-4c20-9f48-f7d7d7ed2e64.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--60f15a4e-90a7-4df5-8c5a-71aaf85f5699", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--819f2105-a1dd-4c20-9f48-f7d7d7ed2e64", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-26T01:43:02.234759Z", + "modified": "2024-09-26T01:43:02.234759Z", + "name": "CVE-2024-8549", + "description": "The Simple Calendar – Google Calendar Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.4.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8549" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--823559be-71ae-46ef-91b8-63e5cbaa948a.json b/objects/vulnerability/vulnerability--823559be-71ae-46ef-91b8-63e5cbaa948a.json new file mode 100644 index 00000000000..60cf68d6634 --- /dev/null +++ b/objects/vulnerability/vulnerability--823559be-71ae-46ef-91b8-63e5cbaa948a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--92745171-dbab-477f-bf83-4d7090a90dc7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--823559be-71ae-46ef-91b8-63e5cbaa948a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-26T01:43:02.589863Z", + "modified": "2024-09-26T01:43:02.589863Z", + "name": "CVE-2024-6845", + "description": "The Chatbot with ChatGPT WordPress plugin before 2.4.6 does not have proper authorization in one of its REST endpoint, allowing unauthenticated users to retrieve the encoded key and then decode it, thereby leaking the OpenAI API key", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6845" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8831c52d-6068-47db-96fb-057def0a790f.json b/objects/vulnerability/vulnerability--8831c52d-6068-47db-96fb-057def0a790f.json new file mode 100644 index 00000000000..3400aa44415 --- /dev/null +++ b/objects/vulnerability/vulnerability--8831c52d-6068-47db-96fb-057def0a790f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f41715f3-bb32-4e51-a7d9-219c02d4a044", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8831c52d-6068-47db-96fb-057def0a790f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-26T01:43:02.301622Z", + "modified": "2024-09-26T01:43:02.301622Z", + "name": "CVE-2024-8516", + "description": "The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.1 via the render() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract limited post information from draft and future scheduled posts.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8516" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8c86873b-b888-4c11-9805-8380707a85ae.json b/objects/vulnerability/vulnerability--8c86873b-b888-4c11-9805-8380707a85ae.json new file mode 100644 index 00000000000..249043a1b4b --- /dev/null +++ b/objects/vulnerability/vulnerability--8c86873b-b888-4c11-9805-8380707a85ae.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--127e235a-2087-4308-a50d-33840d007faf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8c86873b-b888-4c11-9805-8380707a85ae", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-26T01:43:02.977749Z", + "modified": "2024-09-26T01:43:02.977749Z", + "name": "CVE-2024-7892", + "description": "The adstxt Plugin WordPress plugin through 1.0.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7892" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8eca0c08-88da-497a-89ff-90ed58b0e919.json b/objects/vulnerability/vulnerability--8eca0c08-88da-497a-89ff-90ed58b0e919.json new file mode 100644 index 00000000000..bb6998caed0 --- /dev/null +++ b/objects/vulnerability/vulnerability--8eca0c08-88da-497a-89ff-90ed58b0e919.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8a1dc898-1117-4cbc-9a2d-6749f9810df5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8eca0c08-88da-497a-89ff-90ed58b0e919", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-26T01:43:02.308087Z", + "modified": "2024-09-26T01:43:02.308087Z", + "name": "CVE-2024-8484", + "description": "The REST API TO MiniProgram plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/watch-life-net/v1/comment/getcomments REST API endpoint in all versions up to, and including, 4.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8484" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--92c90417-c3ac-495c-9c36-caa194860431.json b/objects/vulnerability/vulnerability--92c90417-c3ac-495c-9c36-caa194860431.json new file mode 100644 index 00000000000..6e9b242e83d --- /dev/null +++ b/objects/vulnerability/vulnerability--92c90417-c3ac-495c-9c36-caa194860431.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--85a94319-e1ff-425d-b0a1-1337ceb73587", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--92c90417-c3ac-495c-9c36-caa194860431", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-26T01:43:02.151047Z", + "modified": "2024-09-26T01:43:02.151047Z", + "name": "CVE-2024-3866", + "description": "The Ninja Forms Contact Form plugin for WordPress is vulnerable to Reflected Self-Based Cross-Site Scripting via the 'Referer' header in all versions up to, and including, 3.8.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. Successful exploitation of this vulnerability requires \"maintenance mode\" for a targeted form to be enabled. However, there is no setting available to the attacker or even an administrator-level user to enable this mode. The mode is only enabled during a required update, which is a very short window of time. Additionally, because of the self-based nature of this vulnerability, attackers would have to rely on additional techniques to execute a supplied payload in the context of targeted user.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-3866" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--93ae6e6a-2c3a-44d2-8e18-54a74478420b.json b/objects/vulnerability/vulnerability--93ae6e6a-2c3a-44d2-8e18-54a74478420b.json new file mode 100644 index 00000000000..8dcc5d7131b --- /dev/null +++ b/objects/vulnerability/vulnerability--93ae6e6a-2c3a-44d2-8e18-54a74478420b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ccdd1b87-fedc-48b6-b6f3-1491e17ce39f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--93ae6e6a-2c3a-44d2-8e18-54a74478420b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-26T01:43:02.276225Z", + "modified": "2024-09-26T01:43:02.276225Z", + "name": "CVE-2024-8485", + "description": "The REST API TO MiniProgram plugin for WordPress is vulnerable to privilege escalation via account takeovr in all versions up to, and including, 4.7.1 via the updateUserInfo() due to missing validation on the 'openid' user controlled key that determines what user will be updated. This makes it possible for unauthenticated attackers to update arbitrary user's accounts, including their email to a @weixin.com email, which can the be leveraged to reset the password of the user's account, including administrators.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8485" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a4852da8-4540-4e47-8f9b-8279f09d5490.json b/objects/vulnerability/vulnerability--a4852da8-4540-4e47-8f9b-8279f09d5490.json new file mode 100644 index 00000000000..0e6deb9070d --- /dev/null +++ b/objects/vulnerability/vulnerability--a4852da8-4540-4e47-8f9b-8279f09d5490.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--426b6cda-a04f-43af-bff3-a29dddb56576", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a4852da8-4540-4e47-8f9b-8279f09d5490", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-26T01:43:02.227824Z", + "modified": "2024-09-26T01:43:02.227824Z", + "name": "CVE-2024-9073", + "description": "The GutenGeek Free Gutenberg Blocks for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9073" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a4b4b3b5-6223-43f4-81ce-59b982b7f6d0.json b/objects/vulnerability/vulnerability--a4b4b3b5-6223-43f4-81ce-59b982b7f6d0.json new file mode 100644 index 00000000000..2ecebccfc50 --- /dev/null +++ b/objects/vulnerability/vulnerability--a4b4b3b5-6223-43f4-81ce-59b982b7f6d0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fec3312e-58bd-4ccf-8660-b8d3af24e4ac", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a4b4b3b5-6223-43f4-81ce-59b982b7f6d0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-26T01:43:02.247269Z", + "modified": "2024-09-26T01:43:02.247269Z", + "name": "CVE-2024-8483", + "description": "The MAS Static Content plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.8 via the static_content() function. This makes it possible for authenticated attackers, with contributor-level access and above, to extract potentially sensitive information from private static content pages.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8483" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a66c57be-8c70-4d4f-b483-e9f8efcd6383.json b/objects/vulnerability/vulnerability--a66c57be-8c70-4d4f-b483-e9f8efcd6383.json new file mode 100644 index 00000000000..1cf73c209bc --- /dev/null +++ b/objects/vulnerability/vulnerability--a66c57be-8c70-4d4f-b483-e9f8efcd6383.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7b1a226a-a798-4154-a450-3a6a63b1ef8f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a66c57be-8c70-4d4f-b483-e9f8efcd6383", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-26T01:43:02.99951Z", + "modified": "2024-09-26T01:43:02.99951Z", + "name": "CVE-2024-7491", + "description": "The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.6.1 via the woof_messenger_remove_subscr AJAX action due to missing validation on the 'key' user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to unsubscribe users from a product notification sign-ups, if they can successfully obtain or brute force the key value for users who signed up to receive notifications. This vulnerability requires the plugin's Products Messenger extension to be enabled.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7491" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a8289117-0e08-4ae7-abc7-da799db78486.json b/objects/vulnerability/vulnerability--a8289117-0e08-4ae7-abc7-da799db78486.json new file mode 100644 index 00000000000..44a8a7d7557 --- /dev/null +++ b/objects/vulnerability/vulnerability--a8289117-0e08-4ae7-abc7-da799db78486.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--883cca18-63a6-470b-8daf-c156dd3c5122", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a8289117-0e08-4ae7-abc7-da799db78486", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-26T01:43:02.305573Z", + "modified": "2024-09-26T01:43:02.305573Z", + "name": "CVE-2024-8476", + "description": "The Easy PayPal Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the wpeevent_plugin_buttons() function. This makes it possible for unauthenticated attackers to delete arbitrary posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8476" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a985b603-da9c-4436-a232-5ce7b72ebcb4.json b/objects/vulnerability/vulnerability--a985b603-da9c-4436-a232-5ce7b72ebcb4.json new file mode 100644 index 00000000000..dcb32843ff4 --- /dev/null +++ b/objects/vulnerability/vulnerability--a985b603-da9c-4436-a232-5ce7b72ebcb4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4e898262-f8e7-4c1d-9578-f56e5c39ff82", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a985b603-da9c-4436-a232-5ce7b72ebcb4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-26T01:43:02.219374Z", + "modified": "2024-09-26T01:43:02.219374Z", + "name": "CVE-2024-9069", + "description": "The Graphicsly – The ultimate graphics plugin for WordPress website builder ( Gutenberg, Elementor, Beaver Builder, WPBakery ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9069" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ab5fda40-f876-46cb-b544-80f85800c4d7.json b/objects/vulnerability/vulnerability--ab5fda40-f876-46cb-b544-80f85800c4d7.json new file mode 100644 index 00000000000..2c19f71732e --- /dev/null +++ b/objects/vulnerability/vulnerability--ab5fda40-f876-46cb-b544-80f85800c4d7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2cfbb5c4-f4a0-4624-a97f-0b8dac1841f1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ab5fda40-f876-46cb-b544-80f85800c4d7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-26T01:43:02.285806Z", + "modified": "2024-09-26T01:43:02.285806Z", + "name": "CVE-2024-8678", + "description": "The Revolut Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wc/v3/revolut REST API endpoint in all versions up to, and including, 4.17.3. This makes it possible for unauthenticated attackers to mark orders as completed.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8678" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ad12b03b-31ac-4f79-85c3-b5edb098df8e.json b/objects/vulnerability/vulnerability--ad12b03b-31ac-4f79-85c3-b5edb098df8e.json new file mode 100644 index 00000000000..903ca5314c6 --- /dev/null +++ b/objects/vulnerability/vulnerability--ad12b03b-31ac-4f79-85c3-b5edb098df8e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6f621f17-5d6b-4831-a2f4-1169fd9235e0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ad12b03b-31ac-4f79-85c3-b5edb098df8e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-26T01:43:02.22566Z", + "modified": "2024-09-26T01:43:02.22566Z", + "name": "CVE-2024-9024", + "description": "The Material Design Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mdi-icon shortcode in all versions up to, and including, 0.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9024" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ade8f434-9b59-4ce7-b61b-2a71415936df.json b/objects/vulnerability/vulnerability--ade8f434-9b59-4ce7-b61b-2a71415936df.json new file mode 100644 index 00000000000..842bee54604 --- /dev/null +++ b/objects/vulnerability/vulnerability--ade8f434-9b59-4ce7-b61b-2a71415936df.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--710c7107-cb20-411e-a75f-54404f65ed7d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ade8f434-9b59-4ce7-b61b-2a71415936df", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-26T01:43:03.005703Z", + "modified": "2024-09-26T01:43:03.005703Z", + "name": "CVE-2024-7385", + "description": "The WordPress Simple HTML Sitemap plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7385" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--af635b88-6e6d-4ccc-a2b0-412515cf95a3.json b/objects/vulnerability/vulnerability--af635b88-6e6d-4ccc-a2b0-412515cf95a3.json new file mode 100644 index 00000000000..b5b831b7fce --- /dev/null +++ b/objects/vulnerability/vulnerability--af635b88-6e6d-4ccc-a2b0-412515cf95a3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4cbc3748-ffa3-4258-acdd-3c9b219f5f9e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--af635b88-6e6d-4ccc-a2b0-412515cf95a3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-26T01:43:02.980071Z", + "modified": "2024-09-26T01:43:02.980071Z", + "name": "CVE-2024-7878", + "description": "The WP ULike WordPress plugin before 4.7.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7878" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b162b160-819f-4e52-83ab-e8fdf069b69d.json b/objects/vulnerability/vulnerability--b162b160-819f-4e52-83ab-e8fdf069b69d.json new file mode 100644 index 00000000000..4594b30f00b --- /dev/null +++ b/objects/vulnerability/vulnerability--b162b160-819f-4e52-83ab-e8fdf069b69d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5368eb96-0ed5-4fa5-9049-f47ee851833c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b162b160-819f-4e52-83ab-e8fdf069b69d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-26T01:43:02.289728Z", + "modified": "2024-09-26T01:43:02.289728Z", + "name": "CVE-2024-8910", + "description": "The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.5 via the render function in includes/widgets/htmega_accordion.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8910" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b1a4aa8b-0e3d-4d19-8349-4051979d7bdc.json b/objects/vulnerability/vulnerability--b1a4aa8b-0e3d-4d19-8349-4051979d7bdc.json new file mode 100644 index 00000000000..19120902ef2 --- /dev/null +++ b/objects/vulnerability/vulnerability--b1a4aa8b-0e3d-4d19-8349-4051979d7bdc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e8da8f19-8535-46e9-8480-77608432043b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b1a4aa8b-0e3d-4d19-8349-4051979d7bdc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-26T01:43:02.993109Z", + "modified": "2024-09-26T01:43:02.993109Z", + "name": "CVE-2024-7386", + "description": "The Premium Packages – Sell Digital Products Securely plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.9.1. This is due to missing nonce validation on the wpdmpp_async_request() function. This makes it possible for unauthenticated attackers to perform actions such as initiating refunds via a forged request granted they can trick a site administrator or shop manager into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7386" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c3fc97ec-2f95-4dde-b752-ef42cc2d1abd.json b/objects/vulnerability/vulnerability--c3fc97ec-2f95-4dde-b752-ef42cc2d1abd.json new file mode 100644 index 00000000000..8275104eb93 --- /dev/null +++ b/objects/vulnerability/vulnerability--c3fc97ec-2f95-4dde-b752-ef42cc2d1abd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--90f3a07d-e4a5-4da1-a1ad-e6bfe130b245", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c3fc97ec-2f95-4dde-b752-ef42cc2d1abd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-26T01:43:03.019942Z", + "modified": "2024-09-26T01:43:03.019942Z", + "name": "CVE-2024-7426", + "description": "The Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 6.4.6.0. This is due to the plugin displaying errors and allowing direct access to the sse.php file. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7426" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cd1c3834-6a0f-4c72-9e40-cd0b958c87c4.json b/objects/vulnerability/vulnerability--cd1c3834-6a0f-4c72-9e40-cd0b958c87c4.json new file mode 100644 index 00000000000..510d18d08de --- /dev/null +++ b/objects/vulnerability/vulnerability--cd1c3834-6a0f-4c72-9e40-cd0b958c87c4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bf59cd53-149b-4515-bfa5-9c9d8cafdf47", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cd1c3834-6a0f-4c72-9e40-cd0b958c87c4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-26T01:43:02.246104Z", + "modified": "2024-09-26T01:43:02.246104Z", + "name": "CVE-2024-8668", + "description": "The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the tooltip and countdown functionality in all versions up to, and including, 2.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8668" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d968ed5d-7dbf-4972-aa09-1537626f2eaa.json b/objects/vulnerability/vulnerability--d968ed5d-7dbf-4972-aa09-1537626f2eaa.json new file mode 100644 index 00000000000..19dca960118 --- /dev/null +++ b/objects/vulnerability/vulnerability--d968ed5d-7dbf-4972-aa09-1537626f2eaa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--10732523-b91c-4949-bf0d-461e5748776f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d968ed5d-7dbf-4972-aa09-1537626f2eaa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-26T01:43:02.298651Z", + "modified": "2024-09-26T01:43:02.298651Z", + "name": "CVE-2024-8515", + "description": "The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets like 'TF E Slider Widget', 'TF Video Widget', 'TF Team Widget' and more in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on URL attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8515" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--da12521d-916f-4274-bfc6-fa86e5fd0b3e.json b/objects/vulnerability/vulnerability--da12521d-916f-4274-bfc6-fa86e5fd0b3e.json new file mode 100644 index 00000000000..406a8739b45 --- /dev/null +++ b/objects/vulnerability/vulnerability--da12521d-916f-4274-bfc6-fa86e5fd0b3e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--096a9c9a-f76d-40bb-9a10-c957a14083fd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--da12521d-916f-4274-bfc6-fa86e5fd0b3e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-26T01:43:02.277297Z", + "modified": "2024-09-26T01:43:02.277297Z", + "name": "CVE-2024-8713", + "description": "The Kodex Posts likes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.5.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8713" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e1500a8f-912d-4868-a869-1792ebf06811.json b/objects/vulnerability/vulnerability--e1500a8f-912d-4868-a869-1792ebf06811.json new file mode 100644 index 00000000000..d01c5ec8d48 --- /dev/null +++ b/objects/vulnerability/vulnerability--e1500a8f-912d-4868-a869-1792ebf06811.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--faf51015-f564-413b-a8ec-cc8a4edfb65b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e1500a8f-912d-4868-a869-1792ebf06811", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-26T01:43:03.030986Z", + "modified": "2024-09-26T01:43:03.030986Z", + "name": "CVE-2024-7617", + "description": "The Contact Form to Any API plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Contact Form 7 form fields in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7617" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e2594717-5f0f-46a0-a0cb-e2d2ce33f513.json b/objects/vulnerability/vulnerability--e2594717-5f0f-46a0-a0cb-e2d2ce33f513.json new file mode 100644 index 00000000000..a4611c9b27b --- /dev/null +++ b/objects/vulnerability/vulnerability--e2594717-5f0f-46a0-a0cb-e2d2ce33f513.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5c8bd892-0c69-4713-9a58-a6af58fddc5d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e2594717-5f0f-46a0-a0cb-e2d2ce33f513", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-26T01:43:02.310414Z", + "modified": "2024-09-26T01:43:02.310414Z", + "name": "CVE-2024-8741", + "description": "The Beam me up Scotty – Back to Top Button plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.21. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8741" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ea9bd7ce-1a4d-492d-9429-36e6c0683664.json b/objects/vulnerability/vulnerability--ea9bd7ce-1a4d-492d-9429-36e6c0683664.json new file mode 100644 index 00000000000..fc997f4a0da --- /dev/null +++ b/objects/vulnerability/vulnerability--ea9bd7ce-1a4d-492d-9429-36e6c0683664.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--44aa7ba2-4cf6-4b51-9e63-542773ffba7b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ea9bd7ce-1a4d-492d-9429-36e6c0683664", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-26T01:43:02.583569Z", + "modified": "2024-09-26T01:43:02.583569Z", + "name": "CVE-2024-6590", + "description": "The Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. Also, Display Google sheet as a Table. plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 3.7.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to edit post status, edit Google sheet integrations, and create Google sheet integrations.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6590" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ec3d71e5-8e2b-44b4-b3b9-14086208a668.json b/objects/vulnerability/vulnerability--ec3d71e5-8e2b-44b4-b3b9-14086208a668.json new file mode 100644 index 00000000000..3a4897e94ba --- /dev/null +++ b/objects/vulnerability/vulnerability--ec3d71e5-8e2b-44b4-b3b9-14086208a668.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9bcd38bd-7309-4a5a-8637-183641d2b4bf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ec3d71e5-8e2b-44b4-b3b9-14086208a668", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-26T01:43:02.241306Z", + "modified": "2024-09-26T01:43:02.241306Z", + "name": "CVE-2024-8349", + "description": "The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0.1. This is due to the plugin not properly restricting what users a group leader can edit. This makes it possible for authenticated attackers, with group leader-level access and above, to change admin account email addresses which can subsequently lead to admin account access.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8349" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--edce108f-14f2-489f-bd42-e4d098ac05f5.json b/objects/vulnerability/vulnerability--edce108f-14f2-489f-bd42-e4d098ac05f5.json new file mode 100644 index 00000000000..1cf246fed2c --- /dev/null +++ b/objects/vulnerability/vulnerability--edce108f-14f2-489f-bd42-e4d098ac05f5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--acd5b73d-728a-4e59-9e8c-854e365d0261", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--edce108f-14f2-489f-bd42-e4d098ac05f5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-26T01:43:02.284227Z", + "modified": "2024-09-26T01:43:02.284227Z", + "name": "CVE-2024-8175", + "description": "An unauthenticated remote attacker can causes the CODESYS web server to access invalid memory which results in a DoS.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8175" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--efa95efa-08dc-4322-8f84-543e2f8a0db4.json b/objects/vulnerability/vulnerability--efa95efa-08dc-4322-8f84-543e2f8a0db4.json new file mode 100644 index 00000000000..979e0e6b29d --- /dev/null +++ b/objects/vulnerability/vulnerability--efa95efa-08dc-4322-8f84-543e2f8a0db4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f71f01ac-6165-46c9-a783-66442c5f7f2b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--efa95efa-08dc-4322-8f84-543e2f8a0db4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-09-26T01:43:02.254427Z", + "modified": "2024-09-26T01:43:02.254427Z", + "name": "CVE-2024-8514", + "description": "The Prisna GWT – Google Website Translator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.11 via deserialization of untrusted input from the 'prisna_import' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8514" + } + ] + } + ] +} \ No newline at end of file