-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Weston Steimel <[email protected]>
- Loading branch information
1 parent
965db0b
commit 2f32f08
Showing
17 changed files
with
859 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
{ | ||
"additionalMetadata": { | ||
"cna": "wordfence", | ||
"cveId": "CVE-2024-10567", | ||
"description": "The TI WooCommerce Wishlist plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wizard' function in all versions up to, and including, 2.9.1. This makes it possible for unauthenticated attackers to create new pages, modify plugin settings, and perform limited options updates.", | ||
"reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
"references": [ | ||
"https://plugins.trac.wordpress.org/changeset/3199516/ti-woocommerce-wishlist", | ||
"https://www.wordfence.com/threat-intel/vulnerabilities/id/0a5f2e1a-2216-4885-9b74-a08142816f2b?source=cve" | ||
] | ||
}, | ||
"adp": { | ||
"affected": [ | ||
{ | ||
"collectionURL": "https://wordpress.org/plugins", | ||
"cpes": [ | ||
"cpe:2.3:a:templateinvaders:ti_woocommerce_wishlist:*:*:*:*:*:wordpress:*:*" | ||
], | ||
"packageName": "ti-woocommerce-wishlist", | ||
"packageType": "wordpress-plugin", | ||
"product": "TI WooCommerce Wishlist", | ||
"repo": "https://plugins.svn.wordpress.org/ti-woocommerce-wishlist", | ||
"vendor": "templateinvaders", | ||
"versions": [ | ||
{ | ||
"lessThan": "2.9.2", | ||
"status": "affected", | ||
"version": "0", | ||
"versionType": "semver" | ||
} | ||
] | ||
} | ||
], | ||
"providerMetadata": { | ||
"orgId": "00000000-0000-4000-8000-000000000000", | ||
"shortName": "anchoreadp" | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
{ | ||
"additionalMetadata": { | ||
"cna": "wordfence", | ||
"cveId": "CVE-2024-10587", | ||
"description": "The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.7.4.1 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.", | ||
"reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
"references": [ | ||
"https://wordpress.org/plugins/funnelforms-free/", | ||
"https://www.wordfence.com/threat-intel/vulnerabilities/id/701e6afe-08fa-49c7-a6da-cb266db07c48?source=cve" | ||
] | ||
}, | ||
"adp": { | ||
"affected": [ | ||
{ | ||
"cpes": [ | ||
"cpe:2.3:a:funnelforms:funnelforms:*:*:*:*:free:wordpress:*:*" | ||
], | ||
"packageName": "funnelforms-free", | ||
"packageType": "wordpress-plugin", | ||
"product": "Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free", | ||
"repo": "https://plugins.svn.wordpress.org/funnelforms-free", | ||
"vendor": "funnelforms", | ||
"versions": [ | ||
{ | ||
"lessThanOrEqual": "3.7.4.1", | ||
"status": "affected", | ||
"version": "0", | ||
"versionType": "semver" | ||
} | ||
] | ||
} | ||
], | ||
"providerMetadata": { | ||
"orgId": "00000000-0000-4000-8000-000000000000", | ||
"shortName": "anchoreadp" | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
{ | ||
"additionalMetadata": { | ||
"cna": "wordfence", | ||
"cveId": "CVE-2024-10787", | ||
"description": "The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.4 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private and draft posts created by Elementor that they should not have access to.", | ||
"reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
"references": [ | ||
"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3198563%40lastudio-element-kit&new=3198563%40lastudio-element-kit&sfp_email=&sfph_mail=", | ||
"https://www.wordfence.com/threat-intel/vulnerabilities/id/2e63c0fb-7fe7-42f7-8fa9-ec159d3c8117?source=cve" | ||
] | ||
}, | ||
"adp": { | ||
"affected": [ | ||
{ | ||
"collectionURL": "https://wordpress.org/plugins", | ||
"cpes": [ | ||
"cpe:2.3:a:la-studioweb:element_kit_for_elementor:*:*:*:*:*:wordpress:*:*" | ||
], | ||
"packageName": "lastudio-element-kit", | ||
"packageType": "wordpress-plugin", | ||
"product": "LA-Studio Element Kit for Elementor", | ||
"repo": "https://plugins.svn.wordpress.org/lastudio-element-kit", | ||
"vendor": "choijun", | ||
"versions": [ | ||
{ | ||
"lessThan": "1.4.5", | ||
"status": "affected", | ||
"version": "0", | ||
"versionType": "semver" | ||
} | ||
] | ||
} | ||
], | ||
"providerMetadata": { | ||
"orgId": "00000000-0000-4000-8000-000000000000", | ||
"shortName": "anchoreadp" | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
{ | ||
"additionalMetadata": { | ||
"cna": "wordfence", | ||
"cveId": "CVE-2024-10885", | ||
"description": "The SearchIQ – The Search Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siq_searchbox' shortcode in all versions up to, and including, 4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", | ||
"reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
"references": [ | ||
"https://plugins.trac.wordpress.org/browser/searchiq/tags/4.6/library/shortcode.php#L66", | ||
"https://plugins.trac.wordpress.org/changeset/3198694/searchiq/trunk/library/shortcode.php", | ||
"https://www.wordfence.com/threat-intel/vulnerabilities/id/86e8e16f-9d93-457a-9093-2fd236e51682?source=cve" | ||
] | ||
}, | ||
"adp": { | ||
"affected": [ | ||
{ | ||
"collectionURL": "https://wordpress.org/plugins", | ||
"cpes": [ | ||
"cpe:2.3:a:searchiq:searchiq:*:*:*:*:*:wordpress:*:*" | ||
], | ||
"packageName": "searchiq", | ||
"packageType": "wordpress-plugin", | ||
"product": "SearchIQ – The Search Solution", | ||
"repo": "https://plugins.svn.wordpress.org/searchiq", | ||
"vendor": "searchiq", | ||
"versions": [ | ||
{ | ||
"lessThan": "4.7", | ||
"status": "affected", | ||
"version": "0", | ||
"versionType": "semver" | ||
} | ||
] | ||
} | ||
], | ||
"providerMetadata": { | ||
"orgId": "00000000-0000-4000-8000-000000000000", | ||
"shortName": "anchoreadp" | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
{ | ||
"additionalMetadata": { | ||
"cna": "wordfence", | ||
"cveId": "CVE-2024-10952", | ||
"description": "The The Authors List plugin for WordPress is vulnerable to arbitrary shortcode execution via update_authors_list_ajax AJAX action in all versions up to, and including, 2.0.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.", | ||
"reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
"references": [ | ||
"https://plugins.trac.wordpress.org/browser/authors-list/tags/2.0.4/backend/includes/class-authors-list-item.php#L843", | ||
"https://wordpress.org/plugins/authors-list/#developers", | ||
"https://www.wordfence.com/threat-intel/vulnerabilities/id/8b3cfe0a-dcfb-40f3-ba43-4e838c113010?source=cve", | ||
"https://www.wpkube.com/" | ||
] | ||
}, | ||
"adp": { | ||
"affected": [ | ||
{ | ||
"collectionURL": "https://wordpress.org/plugins", | ||
"cpes": [ | ||
"cpe:2.3:a:wpkube:authors_list:*:*:*:*:*:wordpress:*:*" | ||
], | ||
"packageName": "authors-list", | ||
"packageType": "wordpress-plugin", | ||
"product": "Authors List", | ||
"repo": "https://plugins.svn.wordpress.org/authors-list", | ||
"vendor": "wpkube", | ||
"versions": [ | ||
{ | ||
"lessThanOrEqual": "2.0.4", | ||
"status": "affected", | ||
"version": "0", | ||
"versionType": "semver" | ||
} | ||
] | ||
} | ||
], | ||
"providerMetadata": { | ||
"orgId": "00000000-0000-4000-8000-000000000000", | ||
"shortName": "anchoreadp" | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
{ | ||
"additionalMetadata": { | ||
"cna": "wordfence", | ||
"cveId": "CVE-2024-11769", | ||
"description": "The Flower Delivery by Florist One plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'flower-delivery' shortcode in all versions up to, and including, 3.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", | ||
"reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
"references": [ | ||
"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3201180%40flower-delivery-by-florist-one&new=3201180%40flower-delivery-by-florist-one&sfp_email=&sfph_mail=", | ||
"https://www.wordfence.com/threat-intel/vulnerabilities/id/93efae1f-1e4a-48ee-8a69-558c38925250?source=cve" | ||
] | ||
}, | ||
"adp": { | ||
"affected": [ | ||
{ | ||
"collectionURL": "https://wordpress.org/plugins", | ||
"cpes": [ | ||
"cpe:2.3:a:floristone:flower_delivery:*:*:*:*:*:wordpress:*:*" | ||
], | ||
"packageName": "flower-delivery-by-florist-one", | ||
"packageType": "wordpress-plugin", | ||
"product": "Flower Delivery by Florist One", | ||
"repo": "https://plugins.svn.wordpress.org/flower-delivery-by-florist-one", | ||
"vendor": "floristone", | ||
"versions": [ | ||
{ | ||
"lessThan": "3.9.1", | ||
"status": "affected", | ||
"version": "0", | ||
"versionType": "semver" | ||
} | ||
] | ||
} | ||
], | ||
"providerMetadata": { | ||
"orgId": "00000000-0000-4000-8000-000000000000", | ||
"shortName": "anchoreadp" | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
{ | ||
"additionalMetadata": { | ||
"cna": "wordfence", | ||
"cveId": "CVE-2024-11952", | ||
"description": "The Classic Addons – WPBakery Page Builder plugin for WordPress is vulnerable to Limited Local PHP File Inclusion in all versions up to, and including, 3.0 via the 'style' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, and permissions granted by an Administrator, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. The vulnerability is limited to PHP files in a Windows environment.", | ||
"reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
"references": [ | ||
"https://plugins.trac.wordpress.org/browser/classic-addons-wpbakery-page-builder-addons/tags/3.1/addons/testimonial-slider-item/testimonial-slider-item.php#L28", | ||
"https://www.wordfence.com/threat-intel/vulnerabilities/id/9645b17e-6a7c-4cdd-ae43-7d2c84b624cc?source=cve" | ||
] | ||
}, | ||
"adp": { | ||
"affected": [ | ||
{ | ||
"collectionURL": "https://wordpress.org/plugins", | ||
"cpes": [ | ||
"cpe:2.3:a:wpbakery:page_builder:*:*:*:*:*:wordpress:*:*" | ||
], | ||
"packageName": "classic-addons-wpbakery-page-builder-addons", | ||
"packageType": "wordpress-plugin", | ||
"product": "Classic Addons – WPBakery Page Builder", | ||
"repo": "https://plugins.svn.wordpress.org/classic-addons-wpbakery-page-builder-addons", | ||
"vendor": "webcodingplace", | ||
"versions": [ | ||
{ | ||
"lessThan": "3.1", | ||
"status": "affected", | ||
"version": "0", | ||
"versionType": "semver" | ||
} | ||
] | ||
} | ||
], | ||
"providerMetadata": { | ||
"orgId": "00000000-0000-4000-8000-000000000000", | ||
"shortName": "anchoreadp" | ||
} | ||
} | ||
} |
Oops, something went wrong.