diff --git a/data/anchore/2019/CVE-2019-25218.json b/data/anchore/2019/CVE-2019-25218.json new file mode 100644 index 00000000..842c7aa1 --- /dev/null +++ b/data/anchore/2019/CVE-2019-25218.json @@ -0,0 +1,40 @@ +{ + "additionalMetadata": { + "cna": "wordfence", + "cveId": "CVE-2019-25218", + "description": "The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://plugins.trac.wordpress.org/browser/wp-responsive-photo-gallery/tags/1.0.3/wp-responsive-photo-gallery.php#L1393", + "https://plugins.trac.wordpress.org/browser/wp-responsive-photo-gallery/tags/1.0.4/wp-responsive-photo-gallery.php#L1614", + "https://wordpress.org/plugins/wp-responsive-photo-gallery/", + "https://www.wordfence.com/threat-intel/vulnerabilities/id/05ff1b1e-f7ba-485d-9421-9bb38f6831ef?source=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:i13websolution:web_solution_photo_gallery_slideshow_\\&_masonry_tiled_gallery:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "wp-responsive-photo-gallery", + "packageType": "wordpress-plugin", + "product": "Photo Gallery Slideshow & Masonry Tiled Gallery", + "vendor": "nik00726", + "versions": [ + { + "lessThan": "1.0.4", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2022/CVE-2022-3556.json b/data/anchore/2022/CVE-2022-3556.json index 16b77223..18deb011 100644 --- a/data/anchore/2022/CVE-2022-3556.json +++ b/data/anchore/2022/CVE-2022-3556.json @@ -22,7 +22,7 @@ "vendor": "kanev", "versions": [ { - "lessThanOrEqual": "1.1.6", + "lessThan": "1.1.7", "status": "affected", "version": "0", "versionType": "semver" diff --git a/data/anchore/2023/CVE-2023-6243.json b/data/anchore/2023/CVE-2023-6243.json new file mode 100644 index 00000000..cf42fa11 --- /dev/null +++ b/data/anchore/2023/CVE-2023-6243.json @@ -0,0 +1,41 @@ +{ + "additionalMetadata": { + "cna": "wordfence", + "cveId": "CVE-2023-6243", + "description": "The EventON PRO - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.8. This is due to missing or incorrect nonce validation on the admin_test_email function. This makes it possible for unauthenticated attackers to send test emails to arbitrary email addresses via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://docs.myeventon.com/documentations/eventon-changelog/", + "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3017939%40eventon-lite&new=3017939%40eventon-lite&sfp_email=&sfph_mail=", + "https://www.wordfence.com/threat-intel/vulnerabilities/id/1d0a40f8-4c31-447d-ac28-73cfe7a07687?source=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:myeventon:eventon-lite:*:*:*:*:*:wordpress:*:*", + "cpe:2.3:a:myeventon:eventon:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "eventon", + "packageType": "wordpress-plugin", + "product": "EventON Pro", + "repo": "https://plugins.svn.wordpress.org/eventon", + "vendor": "EventON", + "versions": [ + { + "lessThan": "4.7", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-10049.json b/data/anchore/2024/CVE-2024-10049.json new file mode 100644 index 00000000..4e1450fc --- /dev/null +++ b/data/anchore/2024/CVE-2024-10049.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "wordfence", + "cveId": "CVE-2024-10049", + "description": "The Edit WooCommerce Templates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://plugins.trac.wordpress.org/browser/woo-edit-templates/trunk/includes/list-table-theme-templates.php#L87", + "https://www.wordfence.com/threat-intel/vulnerabilities/id/3704b365-cbdf-4c74-9619-59f0a10e3c6a?source=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:ioannup:edit_woocommerce_templates:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "woo-edit-templates", + "packageType": "wordpress-plugin", + "product": "Edit WooCommerce Templates", + "vendor": "ioannup", + "versions": [ + { + "lessThanOrEqual": "1.1.2", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-10057.json b/data/anchore/2024/CVE-2024-10057.json new file mode 100644 index 00000000..1ceeb8b0 --- /dev/null +++ b/data/anchore/2024/CVE-2024-10057.json @@ -0,0 +1,39 @@ +{ + "additionalMetadata": { + "cna": "wordfence", + "cveId": "CVE-2024-10057", + "description": "The RSS Feed Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's rfw-youtube-videos shortcode in all versions up to, and including, 2.9.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://plugins.trac.wordpress.org/changeset/3170773/", + "https://wordpress.org/plugins/rss-feed-widget/#developers", + "https://www.wordfence.com/threat-intel/vulnerabilities/id/b77ea258-dced-4c36-bd0d-8977a347d1c9?source=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:rss_feed_widget_project:rss_feed_widget:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "rss-feed-widget", + "packageType": "wordpress-plugin", + "product": "RSS Feed Widget", + "vendor": "fahadmahmood", + "versions": [ + { + "lessThan": "3.0.0", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-37404.json b/data/anchore/2024/CVE-2024-37404.json new file mode 100644 index 00000000..0ecb54fa --- /dev/null +++ b/data/anchore/2024/CVE-2024-37404.json @@ -0,0 +1,55 @@ +{ + "additionalMetadata": { + "cna": "hackerone", + "cveId": "CVE-2024-37404", + "description": "Improper Input Validation in the admin portal of Ivanti Connect Secure before 22.7R2.1 and 9.1R18.9, or Ivanti Policy Secure before 22.7R1.1 allows a remote authenticated attacker to achieve remote code execution.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-and-Policy-Secure-CVE-2024-37404" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:*" + ], + "product": "Connect Secure", + "vendor": "Ivanti", + "versions": [ + { + "lessThan": "22.7r2.1", + "status": "affected", + "version": "10", + "versionType": "custom" + }, + { + "lessThan": "9.1r18.9", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + }, + { + "cpes": [ + "cpe:2.3:a:ivanti:policy_secure:*:*:*:*:*:*:*:*" + ], + "product": "Policy Secure", + "vendor": "Ivanti", + "versions": [ + { + "lessThan": "22.7r1.1", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-44000.json b/data/anchore/2024/CVE-2024-44000.json new file mode 100644 index 00000000..14756bdf --- /dev/null +++ b/data/anchore/2024/CVE-2024-44000.json @@ -0,0 +1,47 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-44000", + "description": "Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Authentication Bypass.This issue affects LiteSpeed Cache: from n/a before 6.5.0.1.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/articles/critical-account-takeover-vulnerability-patched-in-litespeed-cache-plugin?_s_id=cve", + "https://patchstack.com/database/vulnerability/litespeed-cache/wordpress-litespeed-cache-plugin-6-5-0-1-unauthenticated-account-takeover-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 6.5.0.1 or a higher version." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:litespeedtech:litespeed_cache:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "litespeed-cache", + "packageType": "wordpress-plugin", + "product": "LiteSpeed Cache", + "repo": "https://plugins.svn.wordpress.org/litespeed-cache", + "vendor": "LiteSpeed Technologies", + "versions": [ + { + "lessThan": "6.5.0.1", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/31173691-28fb-46fd-a7da-28bf9c46e2bc?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-44013.json b/data/anchore/2024/CVE-2024-44013.json index 13793eea..bb6c6b88 100644 --- a/data/anchore/2024/CVE-2024-44013.json +++ b/data/anchore/2024/CVE-2024-44013.json @@ -22,7 +22,7 @@ "vendor": "Innate Images LLC", "versions": [ { - "lessThanOrEqual": "2.4.0", + "lessThan": "2.4.5", "status": "affected", "version": "0", "versionType": "custom" diff --git a/data/anchore/2024/CVE-2024-46897.json b/data/anchore/2024/CVE-2024-46897.json new file mode 100644 index 00000000..a953fe19 --- /dev/null +++ b/data/anchore/2024/CVE-2024-46897.json @@ -0,0 +1,42 @@ +{ + "additionalMetadata": { + "cna": "jpcert", + "cveId": "CVE-2024-46897", + "description": "Incorrect permission assignment for critical resource issue exists in Exment v6.1.4 and earlier and Exment v5.0.11 and earlier. A logged-in user with the permission of table management may obtain and/or alter the information of the unauthorized table.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://exment.net/docs/#/weakness/20241010_2", + "https://exment.net/vulnerability-correspondence-version-6-1-5-and-5-0-12-released/", + "https://jvn.jp/en/jp/JVN74538317/" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:exceedone:exment:*:*:*:*:*:*:*:*" + ], + "product": "Exment", + "vendor": "Kajitori Co.,Ltd", + "versions": [ + { + "lessThan": "6.1.5", + "status": "affected", + "version": "6", + "versionType": "custom" + }, + { + "lessThan": "5.0.12", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47325.json b/data/anchore/2024/CVE-2024-47325.json new file mode 100644 index 00000000..0784af03 --- /dev/null +++ b/data/anchore/2024/CVE-2024-47325.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-47325", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeisle Multiple Page Generator Plugin – MPG allows SQL Injection.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.7.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/multiple-pages-generator-by-porthas/wordpress-multiple-page-generator-plugin-mpg-plugin-3-4-7-sql-injection-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 3.4.8 or a higher version." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:themeisle:multiple_page_generator:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "multiple-pages-generator-by-porthas", + "packageType": "wordpress-plugin", + "product": "Multiple Page Generator Plugin – MPG", + "repo": "https://plugins.svn.wordpress.org/multiple-pages-generator-by-porthas", + "vendor": "Themeisle", + "versions": [ + { + "lessThan": "3.4.8", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f77e2d1e-7925-4343-9c22-5b77ea0d439b?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-47793.json b/data/anchore/2024/CVE-2024-47793.json new file mode 100644 index 00000000..02d7f431 --- /dev/null +++ b/data/anchore/2024/CVE-2024-47793.json @@ -0,0 +1,42 @@ +{ + "additionalMetadata": { + "cna": "jpcert", + "cveId": "CVE-2024-47793", + "description": "Stored cross-site scripting vulnerability exists in Exment v6.1.4 and earlier and Exment v5.0.11 and earlier. When accessing the edit screen containing custom columns (column type: images or files), an arbitrary script may be executed on the web browser of the user.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://exment.net/docs/#/weakness/20241010", + "https://exment.net/vulnerability-correspondence-version-6-1-5-and-5-0-12-released/", + "https://jvn.jp/en/jp/JVN74538317/" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:exceedone:exment:*:*:*:*:*:*:*:*" + ], + "product": "Exment", + "vendor": "Kajitori Co.,Ltd", + "versions": [ + { + "lessThan": "6.1.5", + "status": "affected", + "version": "6", + "versionType": "custom" + }, + { + "lessThan": "5.0.12", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-48042.json b/data/anchore/2024/CVE-2024-48042.json index f9d5ffce..fbd163eb 100644 --- a/data/anchore/2024/CVE-2024-48042.json +++ b/data/anchore/2024/CVE-2024-48042.json @@ -36,6 +36,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/20d30931-bfaf-47bb-9265-b326c959b871?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-48046.json b/data/anchore/2024/CVE-2024-48046.json index 2d79a8f3..c6859dba 100644 --- a/data/anchore/2024/CVE-2024-48046.json +++ b/data/anchore/2024/CVE-2024-48046.json @@ -36,6 +36,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c312f915-fca6-4624-bfb9-8d8fd54d1b3c?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-49248.json b/data/anchore/2024/CVE-2024-49248.json index bbaa6ca8..57a9d449 100644 --- a/data/anchore/2024/CVE-2024-49248.json +++ b/data/anchore/2024/CVE-2024-49248.json @@ -37,6 +37,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/57dc6ca5-6e6b-4364-9b82-31fe108fece8?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-49250.json b/data/anchore/2024/CVE-2024-49250.json new file mode 100644 index 00000000..867631e7 --- /dev/null +++ b/data/anchore/2024/CVE-2024-49250.json @@ -0,0 +1,43 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-49250", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in Michael Tran Table of Contents Plus allows Cross Site Request Forgery.This issue affects Table of Contents Plus: from n/a through 2408.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/table-of-contents-plus/wordpress-table-of-contents-plus-plugin-2408-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:dublue:table_of_contents_plus:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "table-of-contents-plus", + "packageType": "wordpress-plugin", + "product": "Table of Contents Plus", + "repo": "https://plugins.svn.wordpress.org/table-of-contents-plus", + "vendor": "Michael Tran", + "versions": [ + { + "lessThanOrEqual": "2408", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7f745e44-fdf1-416d-b1aa-27305533464e?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-49252.json b/data/anchore/2024/CVE-2024-49252.json index edb24c0a..4568722f 100644 --- a/data/anchore/2024/CVE-2024-49252.json +++ b/data/anchore/2024/CVE-2024-49252.json @@ -36,6 +36,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9cec5880-214b-4a35-9b36-e3a9e54e8f3b?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-49258.json b/data/anchore/2024/CVE-2024-49258.json index ed8464c4..ddfbe671 100644 --- a/data/anchore/2024/CVE-2024-49258.json +++ b/data/anchore/2024/CVE-2024-49258.json @@ -33,6 +33,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c0179947-9346-4411-a946-09d58b556b9c?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-49259.json b/data/anchore/2024/CVE-2024-49259.json index 2877f588..ea61c62c 100644 --- a/data/anchore/2024/CVE-2024-49259.json +++ b/data/anchore/2024/CVE-2024-49259.json @@ -36,6 +36,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/90d23f3a-a67d-4f92-9ca8-926569b72a71?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-49260.json b/data/anchore/2024/CVE-2024-49260.json index 749fbeb9..af38e8f8 100644 --- a/data/anchore/2024/CVE-2024-49260.json +++ b/data/anchore/2024/CVE-2024-49260.json @@ -33,6 +33,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/121d5d4d-cf15-4c20-afb5-aa3375f2ef62?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-49263.json b/data/anchore/2024/CVE-2024-49263.json index 0a28aeaa..02d3ddd3 100644 --- a/data/anchore/2024/CVE-2024-49263.json +++ b/data/anchore/2024/CVE-2024-49263.json @@ -33,6 +33,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/103e7658-78d6-414d-ad68-e9adf77f1c60?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-49264.json b/data/anchore/2024/CVE-2024-49264.json index 96a94148..231b6270 100644 --- a/data/anchore/2024/CVE-2024-49264.json +++ b/data/anchore/2024/CVE-2024-49264.json @@ -33,6 +33,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b5c600b4-10d6-4b0b-9ca0-7c629d383d33?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-49265.json b/data/anchore/2024/CVE-2024-49265.json index c672fc2d..f28996d6 100644 --- a/data/anchore/2024/CVE-2024-49265.json +++ b/data/anchore/2024/CVE-2024-49265.json @@ -33,6 +33,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5c4e8106-6e0b-4b0b-a693-f30bfe87ff92?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-49271.json b/data/anchore/2024/CVE-2024-49271.json index 1ec85b2e..21ccc5c8 100644 --- a/data/anchore/2024/CVE-2024-49271.json +++ b/data/anchore/2024/CVE-2024-49271.json @@ -36,6 +36,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bf8d34ea-cf05-4b20-9d1c-8cf0c608dfc3?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-49272.json b/data/anchore/2024/CVE-2024-49272.json new file mode 100644 index 00000000..043951da --- /dev/null +++ b/data/anchore/2024/CVE-2024-49272.json @@ -0,0 +1,43 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-49272", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in WPWeb Social Auto Poster allows Cross Site Request Forgery.This issue affects Social Auto Poster: from n/a through 5.3.15.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/social-auto-poster/wordpress-social-auto-poster-plugin-5-3-15-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 5.3.16 or a higher version." + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:wpwebinfotech:social_auto_poster:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "social-auto-poster", + "product": "Social Auto Poster", + "vendor": "WPWeb", + "versions": [ + { + "lessThan": "5.3.16", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/79097eee-f76b-459e-9e7d-03013ee21695?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-49275.json b/data/anchore/2024/CVE-2024-49275.json new file mode 100644 index 00000000..c45f6292 --- /dev/null +++ b/data/anchore/2024/CVE-2024-49275.json @@ -0,0 +1,46 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-49275", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in Martin Gibson IdeaPush allows Cross Site Request Forgery.This issue affects IdeaPush: from n/a through 8.69.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/ideapush/wordpress-ideapush-plugin-8-69-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 8.71 or a higher version." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:northernbeacheswebsites:ideapush:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "ideapush", + "packageType": "wordpress-plugin", + "product": "IdeaPush", + "repo": "https://plugins.svn.wordpress.org/ideapush", + "vendor": "Martin Gibson", + "versions": [ + { + "lessThan": "8.71", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1972c2f5-636e-4891-a0fb-e80207787e43?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-49276.json b/data/anchore/2024/CVE-2024-49276.json index e707e975..19f1c503 100644 --- a/data/anchore/2024/CVE-2024-49276.json +++ b/data/anchore/2024/CVE-2024-49276.json @@ -33,6 +33,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/17cffc76-7b41-4dc0-90cc-695b6f5474ce?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-49277.json b/data/anchore/2024/CVE-2024-49277.json index 8f93d3d3..9bd7158a 100644 --- a/data/anchore/2024/CVE-2024-49277.json +++ b/data/anchore/2024/CVE-2024-49277.json @@ -33,6 +33,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b847f463-2837-4f91-bae6-a8058f36a7db?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-49282.json b/data/anchore/2024/CVE-2024-49282.json index 37e7632b..ce9ff72f 100644 --- a/data/anchore/2024/CVE-2024-49282.json +++ b/data/anchore/2024/CVE-2024-49282.json @@ -33,6 +33,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/545f10df-e473-48df-87ab-87f5e1088e93?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-49283.json b/data/anchore/2024/CVE-2024-49283.json index 5626f18b..957f72d2 100644 --- a/data/anchore/2024/CVE-2024-49283.json +++ b/data/anchore/2024/CVE-2024-49283.json @@ -33,6 +33,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a7ffc02d-190b-4494-a43f-1825914145ff?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-49289.json b/data/anchore/2024/CVE-2024-49289.json index 1ba2e1e1..46e898fa 100644 --- a/data/anchore/2024/CVE-2024-49289.json +++ b/data/anchore/2024/CVE-2024-49289.json @@ -17,6 +17,7 @@ "cpes": [ "cpe:2.3:a:boxystudio:cooked:*:*:*:*:pro:wordpress:*:*" ], + "packageName": "cooked-pro", "product": "Cooked Pro", "vendor": "Gora Tech LLC", "versions": [ @@ -32,6 +33,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/800eba54-1bfb-4f44-9d5f-ca650e7fea30?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-49290.json b/data/anchore/2024/CVE-2024-49290.json new file mode 100644 index 00000000..c146f9fb --- /dev/null +++ b/data/anchore/2024/CVE-2024-49290.json @@ -0,0 +1,43 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-49290", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in Gora Tech LLC Cooked Pro allows Cross Site Request Forgery.This issue affects Cooked Pro: from n/a before 1.8.0.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/cooked-pro/wordpress-cooked-pro-plugin-1-8-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 1.8.0 or a higher version." + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:boxystudio:cooked:*:*:*:*:pro:wordpress:*:*" + ], + "packageName": "cooked-pro", + "product": "Cooked Pro", + "vendor": "Gora Tech LLC", + "versions": [ + { + "lessThan": "1.8.0", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0ad44770-91da-4265-b292-e6e41538d0f4?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-49291.json b/data/anchore/2024/CVE-2024-49291.json index ee844c25..4852ed85 100644 --- a/data/anchore/2024/CVE-2024-49291.json +++ b/data/anchore/2024/CVE-2024-49291.json @@ -17,6 +17,7 @@ "cpes": [ "cpe:2.3:a:boxystudio:cooked:*:*:*:*:pro:wordpress:*:*" ], + "packageName": "cooked-pro", "product": "Cooked Pro", "vendor": "Gora Tech LLC", "versions": [ @@ -32,6 +33,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/40010bbd-049f-44b0-9492-4126c4894656?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-49292.json b/data/anchore/2024/CVE-2024-49292.json index c99742df..ad8e576e 100644 --- a/data/anchore/2024/CVE-2024-49292.json +++ b/data/anchore/2024/CVE-2024-49292.json @@ -37,6 +37,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3539fe09-c158-4146-9850-446bc32e7bec?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-49295.json b/data/anchore/2024/CVE-2024-49295.json index 62f38bf2..c1b9ff33 100644 --- a/data/anchore/2024/CVE-2024-49295.json +++ b/data/anchore/2024/CVE-2024-49295.json @@ -33,6 +33,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b8fcf1fb-c7ed-4a02-bb03-7f0a89f4c4e1?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-49297.json b/data/anchore/2024/CVE-2024-49297.json index 964e2216..12233a56 100644 --- a/data/anchore/2024/CVE-2024-49297.json +++ b/data/anchore/2024/CVE-2024-49297.json @@ -34,6 +34,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/14e9d0a2-a1cb-4d3e-b6df-fba01d476936?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-49304.json b/data/anchore/2024/CVE-2024-49304.json index 8737f611..b961c625 100644 --- a/data/anchore/2024/CVE-2024-49304.json +++ b/data/anchore/2024/CVE-2024-49304.json @@ -33,6 +33,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/982680a5-c534-4038-ae80-e59aa9761174?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-49306.json b/data/anchore/2024/CVE-2024-49306.json new file mode 100644 index 00000000..ff5aa83c --- /dev/null +++ b/data/anchore/2024/CVE-2024-49306.json @@ -0,0 +1,43 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-49306", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in WP-buy WP Content Copy Protection & No Right Click allows Cross Site Request Forgery.This issue affects WP Content Copy Protection & No Right Click: from n/a through 3.5.9.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/wp-content-copy-protector/wordpress-wp-content-copy-protection-no-right-click-plugin-3-5-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:wp-buy:wp_content_copy_protection_\\&_no_right_click:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "wp-content-copy-protector", + "packageType": "wordpress-plugin", + "product": "WP Content Copy Protection & No Right Click", + "repo": "https://plugins.svn.wordpress.org/wp-content-copy-protector", + "vendor": "WP-buy", + "versions": [ + { + "lessThanOrEqual": "3.5.9", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f9f273ed-2ffd-4632-9886-244c0d55ede5?source=cve" + } + ] + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-49307.json b/data/anchore/2024/CVE-2024-49307.json index a45ee9a5..061f9577 100644 --- a/data/anchore/2024/CVE-2024-49307.json +++ b/data/anchore/2024/CVE-2024-49307.json @@ -33,6 +33,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6881c774-a20f-4b18-8ce2-7e60d89073d6?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-49309.json b/data/anchore/2024/CVE-2024-49309.json index 8db900b4..d9f5a77d 100644 --- a/data/anchore/2024/CVE-2024-49309.json +++ b/data/anchore/2024/CVE-2024-49309.json @@ -32,6 +32,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ee36fec3-1fc1-43e8-8428-301cb4e5b689?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-49310.json b/data/anchore/2024/CVE-2024-49310.json index e235884c..6362a00c 100644 --- a/data/anchore/2024/CVE-2024-49310.json +++ b/data/anchore/2024/CVE-2024-49310.json @@ -33,6 +33,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/835aaf5e-08c8-4bf8-add7-82a1f1fdc2c0?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-49311.json b/data/anchore/2024/CVE-2024-49311.json index df48623a..cc9ff889 100644 --- a/data/anchore/2024/CVE-2024-49311.json +++ b/data/anchore/2024/CVE-2024-49311.json @@ -33,6 +33,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2a56b6f1-d3f1-4c6b-9657-a25ebc083b9e?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-49312.json b/data/anchore/2024/CVE-2024-49312.json index 3b05e051..90aac887 100644 --- a/data/anchore/2024/CVE-2024-49312.json +++ b/data/anchore/2024/CVE-2024-49312.json @@ -33,6 +33,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/655cd6ec-088f-4610-ae7f-76a959c290af?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-49625.json b/data/anchore/2024/CVE-2024-49625.json new file mode 100644 index 00000000..86c9ae78 --- /dev/null +++ b/data/anchore/2024/CVE-2024-49625.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-49625", + "description": "Deserialization of Untrusted Data vulnerability in Brandon Clark SiteBuilder Dynamic Components allows Object Injection.This issue affects SiteBuilder Dynamic Components: from n/a through 1.0.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/sitebuilder-dynamic-components/wordpress-sitebuilder-dynamic-components-plugin-1-0-php-object-injection-vulnerability?_s_id=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:sitebuilder_dynamic_components_project:sitebuilder_dynamic_components:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "sitebuilder-dynamic-components", + "packageType": "wordpress-plugin", + "product": "SiteBuilder Dynamic Components", + "repo": "https://plugins.svn.wordpress.org/sitebuilder-dynamic-components", + "vendor": "Brandon Clark", + "versions": [ + { + "lessThanOrEqual": "1.0", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-49628.json b/data/anchore/2024/CVE-2024-49628.json new file mode 100644 index 00000000..4ddc460b --- /dev/null +++ b/data/anchore/2024/CVE-2024-49628.json @@ -0,0 +1,41 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-49628", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in WhileTrue Most And Least Read Posts Widget allows Cross Site Request Forgery.This issue affects Most And Least Read Posts Widget: from n/a through 2.5.18.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/most-and-least-read-posts-widget/wordpress-most-and-least-read-posts-widget-plugin-2-5-18-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + ], + "solutions": [ + "Update to 2.5.19 or a higher version." + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:whiletrue:most_and_least_read_posts_widget:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "most-and-least-read-posts-widget", + "packageType": "wordpress-plugin", + "product": "Most And Least Read Posts Widget", + "repo": "https://plugins.svn.wordpress.org/most-and-least-read-posts-widget", + "vendor": "WhileTrue", + "versions": [ + { + "lessThan": "2.5.19", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-49630.json b/data/anchore/2024/CVE-2024-49630.json new file mode 100644 index 00000000..4d111079 --- /dev/null +++ b/data/anchore/2024/CVE-2024-49630.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "patchstack", + "cveId": "CVE-2024-49630", + "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in HT Plugins WP Education allows Stored XSS.This issue affects WP Education: from n/a through 1.2.8.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://patchstack.com/database/vulnerability/wp-education/wordpress-wp-education-for-elementor-plugin-1-2-8-stored-cross-site-scripting-xss-vulnerability?_s_id=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:hasthemes:wp_education:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "wp-education", + "packageType": "wordpress-plugin", + "product": "WP Education", + "repo": "https://plugins.svn.wordpress.org/wp-education", + "vendor": "HT Plugins", + "versions": [ + { + "lessThanOrEqual": "1.2.8", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-5429.json b/data/anchore/2024/CVE-2024-5429.json index 64d6d145..f14760e2 100644 --- a/data/anchore/2024/CVE-2024-5429.json +++ b/data/anchore/2024/CVE-2024-5429.json @@ -32,6 +32,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7ad6aaf4-7727-4b4a-920a-0d1754405163?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-9021.json b/data/anchore/2024/CVE-2024-9021.json index 54903496..69d8b780 100644 --- a/data/anchore/2024/CVE-2024-9021.json +++ b/data/anchore/2024/CVE-2024-9021.json @@ -32,6 +32,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/049ec60a-fa84-4c03-a766-7f2a56e5295a?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-9067.json b/data/anchore/2024/CVE-2024-9067.json index 194921f9..6b41c65a 100644 --- a/data/anchore/2024/CVE-2024-9067.json +++ b/data/anchore/2024/CVE-2024-9067.json @@ -22,7 +22,7 @@ "vendor": "youzify", "versions": [ { - "lessThanOrEqual": "1.3.0", + "lessThan": "1.3.1", "status": "affected", "version": "0", "versionType": "semver" diff --git a/data/anchore/2024/CVE-2024-9156.json b/data/anchore/2024/CVE-2024-9156.json index eaea250e..3727b5e2 100644 --- a/data/anchore/2024/CVE-2024-9156.json +++ b/data/anchore/2024/CVE-2024-9156.json @@ -31,6 +31,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4985680e-f7ba-40c7-bca9-f347f1c1cb3b?source=cve" + } + ] } } \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-9264.json b/data/anchore/2024/CVE-2024-9264.json new file mode 100644 index 00000000..a0d3e5fb --- /dev/null +++ b/data/anchore/2024/CVE-2024-9264.json @@ -0,0 +1,68 @@ +{ + "additionalMetadata": { + "cna": "grafana", + "cveId": "CVE-2024-9264", + "description": "The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries containing user input. These queries are insufficiently sanitized before being passed to `duckdb`, leading to a command injection and local file inclusion vulnerability. Any user with the VIEWER or higher permission is capable of executing this attack. The `duckdb` binary must be present in Grafana's $PATH for this attack to function; by default, this binary is not installed in Grafana distributions.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://grafana.com/security/security-advisories/cve-2024-9264/" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://pkg.go.dev", + "cpes": [ + "cpe:2.3:a:grafana:grafana:*:*:*:*:*:go:*:*" + ], + "packageName": "github.com/grafana/grafana", + "packageType": "go-module", + "product": "Grafana", + "repo": "https://github.com/grafana/grafana", + "vendor": "Grafana", + "versions": [ + { + "lessThan": "11.0.5", + "status": "affected", + "version": "11.0.0", + "versionType": "semver" + }, + { + "lessThan": "11.1.6", + "status": "affected", + "version": "11.1.0", + "versionType": "semver" + }, + { + "lessThan": "11.2.1", + "status": "affected", + "version": "11.2.0", + "versionType": "semver" + }, + { + "lessThan": "11.0.6", + "status": "affected", + "version": "11.0.0", + "versionType": "semver" + }, + { + "lessThan": "11.1.7", + "status": "affected", + "version": "11.1.0", + "versionType": "semver" + }, + { + "lessThan": "11.2.2", + "status": "affected", + "version": "11.2.0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-9350.json b/data/anchore/2024/CVE-2024-9350.json new file mode 100644 index 00000000..250f6947 --- /dev/null +++ b/data/anchore/2024/CVE-2024-9350.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "wordfence", + "cveId": "CVE-2024-9350", + "description": "The DPD Baltic Shipping plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search_value' parameter in all versions up to, and including, 1.2.83 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://plugins.trac.wordpress.org/browser/woo-shipping-dpd-baltic/trunk/includes/class-dpd.php#L318", + "https://www.wordfence.com/threat-intel/vulnerabilities/id/6251d0f6-b536-4122-8fdf-bb77665a4f41?source=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:dpdgroup:woocommerce_shipping:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "woo-shipping-dpd-baltic", + "packageType": "wordpress-plugin", + "product": "DPD Baltic Shipping", + "vendor": "dpdbaltics", + "versions": [ + { + "lessThanOrEqual": "1.2.83", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-9364.json b/data/anchore/2024/CVE-2024-9364.json new file mode 100644 index 00000000..ba7e80e8 --- /dev/null +++ b/data/anchore/2024/CVE-2024-9364.json @@ -0,0 +1,39 @@ +{ + "additionalMetadata": { + "cna": "wordfence", + "cveId": "CVE-2024-9364", + "description": "The SendGrid for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'wp_mailplus_clear_logs' function in all versions up to, and including, 1.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete the plugin's log files.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://plugins.svn.wordpress.org/wp-sendgrid-mailer/tags/1.4/wp-sendgrid-mailer.php", + "https://plugins.trac.wordpress.org/browser/wp-sendgrid-mailer/trunk/wp-sendgrid-mailer.php#L167", + "https://www.wordfence.com/threat-intel/vulnerabilities/id/bb7d99a7-1e7d-43e1-839c-286b454c8276?source=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:smackcoders:sendgrid:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "wp-sendgrid-mailer", + "packageType": "wordpress-plugin", + "product": "SendGrid for WordPress", + "vendor": "smackcoders", + "versions": [ + { + "lessThanOrEqual": "1.4", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-9383.json b/data/anchore/2024/CVE-2024-9383.json new file mode 100644 index 00000000..bac121f4 --- /dev/null +++ b/data/anchore/2024/CVE-2024-9383.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "wordfence", + "cveId": "CVE-2024-9383", + "description": "The Parcel Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'action' parameter in all versions up to, and including, 1.8.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://plugins.trac.wordpress.org/browser/woo-parcel-pro/trunk/admin/class-parcelpro-admin.php#L274", + "https://www.wordfence.com/threat-intel/vulnerabilities/id/8e8fe6f4-7e41-44d3-9980-b5e7f43aa849?source=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:parcelpro:parcel_pro:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "woo-parcel-pro", + "packageType": "wordpress-plugin", + "product": "Parcel Pro", + "vendor": "parcelpro", + "versions": [ + { + "lessThanOrEqual": "1.8.4", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-9703.json b/data/anchore/2024/CVE-2024-9703.json new file mode 100644 index 00000000..958c9f7e --- /dev/null +++ b/data/anchore/2024/CVE-2024-9703.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "wordfence", + "cveId": "CVE-2024-9703", + "description": "The Arconix Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button' shortcode in all versions up to, and including, 2.1.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3170741%40arconix-shortcodes&new=3170741%40arconix-shortcodes&sfp_email=&sfph_mail=", + "https://www.wordfence.com/threat-intel/vulnerabilities/id/ef395956-477c-4970-becd-4f437e4807a3?source=cve" + ] + }, + "adp": { + "affected": [ + { + "collectionURL": "https://wordpress.org/plugins", + "cpes": [ + "cpe:2.3:a:tychesoftwares:arconix_shortcodes:*:*:*:*:*:wordpress:*:*" + ], + "packageName": "arconix-shortcodes", + "packageType": "wordpress-plugin", + "product": "Arconix Shortcodes", + "vendor": "tychesoftwares", + "versions": [ + { + "lessThan": "2.1.13", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2024/CVE-2024-9796.json b/data/anchore/2024/CVE-2024-9796.json index 74c041d9..91a3d498 100644 --- a/data/anchore/2024/CVE-2024-9796.json +++ b/data/anchore/2024/CVE-2024-9796.json @@ -33,6 +33,11 @@ "providerMetadata": { "orgId": "00000000-0000-4000-8000-000000000000", "shortName": "anchoreadp" - } + }, + "references": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/de74cf61-d15f-4d77-9c7e-950f48579d22?source=cve" + } + ] } } \ No newline at end of file