Skip to content

Commit

Permalink
updates 2024-12-18
Browse files Browse the repository at this point in the history
Signed-off-by: Weston Steimel <[email protected]>
  • Loading branch information
westonsteimel committed Dec 18, 2024
1 parent 03f6923 commit 47661c2
Show file tree
Hide file tree
Showing 25 changed files with 652 additions and 26 deletions.
4 changes: 2 additions & 2 deletions data/anchore/2023/CVE-2023-44487.json
Original file line number Diff line number Diff line change
Expand Up @@ -559,7 +559,7 @@
{
"lessThan": "9.0.81",
"status": "affected",
"version": "9.0.0-M1",
"version": "9.0.0.M1",
"versionType": "maven"
},
{
Expand Down Expand Up @@ -596,7 +596,7 @@
{
"lessThan": "9.0.81",
"status": "affected",
"version": "9.0.0-M1",
"version": "9.0.0.M1",
"versionType": "maven"
},
{
Expand Down
2 changes: 1 addition & 1 deletion data/anchore/2023/CVE-2023-49921.json
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
"adp": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"collectionURL": "https://artifacts.elastic.co/downloads/elasticsearch",
"cpes": [
"cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:maven:*:*",
"cpe:2.3:a:elasticsearch:elasticsearch:*:*:*:*:*:maven:*:*",
Expand Down
2 changes: 1 addition & 1 deletion data/anchore/2024/CVE-2024-0620.json
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@
"packageName": "password-protect-page",
"packageType": "wordpress-plugin",
"product": "PPWP – Password Protect Pages",
"repo": "https://plugins.svn.wordpress.org/ppwp",
"repo": "https://plugins.svn.wordpress.org/password-protect-page",
"vendor": "yuryonfolio",
"versions": [
{
Expand Down
45 changes: 45 additions & 0 deletions data/anchore/2024/CVE-2024-10356.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
{
"additionalMetadata": {
"cna": "wordfence",
"cveId": "CVE-2024-10356",
"description": "The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.4.8 in inc/Widgets/accordion/output/content.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.",
"reason": "Added CPE configurations because not yet analyzed by NVD.",
"references": [
"https://plugins.trac.wordpress.org/changeset/3204333/element-ready-lite",
"https://www.wordfence.com/threat-intel/vulnerabilities/id/b0a48c91-7e2c-4708-b5af-dfbcfea08f83?source=cve"
],
"upstream": {
"datePublished": "2024-12-17T12:43:38.479Z",
"dateReserved": "2024-10-24T16:03:33.275Z",
"dateUpdated": "2024-12-17T17:28:56.942Z",
"digest": "23105693886bcc5d3f7989837a54278098b134f876ba4a196a434e6f0dfc7576"
}
},
"adp": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"cpes": [
"cpe:2.3:a:quomodosoft:elementsready:*:*:*:*:*:wordpress:*:*"
],
"packageName": "element-ready-lite",
"packageType": "wordpress-plugin",
"product": "ElementsReady Addons for Elementor",
"repo": "https://plugins.svn.wordpress.org/element-ready-lite",
"vendor": "quomodosoft",
"versions": [
{
"lessThan": "6.4.9",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-8000-000000000000",
"shortName": "anchoreadp"
}
}
}
45 changes: 45 additions & 0 deletions data/anchore/2024/CVE-2024-11280.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
{
"additionalMetadata": {
"cna": "wordfence",
"cveId": "CVE-2024-11280",
"description": "The PPWP – Password Protect Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.5 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.",
"reason": "Added CPE configurations because not yet analyzed by NVD.",
"references": [
"https://plugins.trac.wordpress.org/changeset/3208393/password-protect-page",
"https://www.wordfence.com/threat-intel/vulnerabilities/id/d9ac0d84-dff4-4a03-a530-cac47ffaf2bb?source=cve"
],
"upstream": {
"datePublished": "2024-12-17T11:24:29.909Z",
"dateReserved": "2024-11-15T19:22:40.649Z",
"dateUpdated": "2024-12-17T17:29:04.305Z",
"digest": "998346e4a730eb2d6ab3f8aa4eed2226fcde79294168225cad6f62d33aa9d4a6"
}
},
"adp": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"cpes": [
"cpe:2.3:a:passwordprotectwp:password_protect_wordpress:*:*:*:*:*:wordpress:*:*"
],
"packageName": "password-protect-page",
"packageType": "wordpress-plugin",
"product": "PPWP – Password Protect Pages",
"repo": "https://plugins.svn.wordpress.org/password-protect-page",
"vendor": "yuryonfolio",
"versions": [
{
"lessThan": "1.9.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-8000-000000000000",
"shortName": "anchoreadp"
}
}
}
45 changes: 45 additions & 0 deletions data/anchore/2024/CVE-2024-11294.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
{
"additionalMetadata": {
"cna": "wordfence",
"cveId": "CVE-2024-11294",
"description": "The Memberful plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.73.9 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as site members.",
"reason": "Added CPE configurations because not yet analyzed by NVD.",
"references": [
"https://plugins.trac.wordpress.org/changeset/3204895/memberful-wp",
"https://www.wordfence.com/threat-intel/vulnerabilities/id/19ad787d-e027-48f5-8b5f-9263338b4fc3?source=cve"
],
"upstream": {
"datePublished": "2024-12-17T08:22:46.366Z",
"dateReserved": "2024-11-15T23:28:57.445Z",
"dateUpdated": "2024-12-17T14:37:53.936Z",
"digest": "607cab6eb4162e50d29c5fc2dcc0eaba3cb1fdb2ef44fb7c98818a637673d8dc"
}
},
"adp": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"cpes": [
"cpe:2.3:a:memberful:memberful:*:*:*:*:*:wordpress:*:*"
],
"packageName": "memberful-wp",
"packageType": "wordpress-plugin",
"product": "Memberful – Membership Plugin",
"repo": "https://plugins.svn.wordpress.org/memberful-wp",
"vendor": "memberful",
"versions": [
{
"lessThan": "1.74.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-8000-000000000000",
"shortName": "anchoreadp"
}
}
}
49 changes: 49 additions & 0 deletions data/anchore/2024/CVE-2024-12024.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
{
"additionalMetadata": {
"cna": "wordfence",
"cveId": "CVE-2024-12024",
"description": "The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the em_ticket_category_data and em_ticket_individual_data parameters in all versions up to, and including, 4.0.5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever an administrative user accesses an injected page.\r\nNote: this vulnerability requires the \"Guest Submissions\" setting to be enabled. It is disabled by default.",
"reason": "Added CPE configurations because not yet analyzed by NVD.",
"references": [
"https://plugins.trac.wordpress.org/browser/eventprime-event-calendar-management/tags/4.0.5.3/admin/partials/metaboxes/meta-box-tickets-panel-html.php#L216",
"https://plugins.trac.wordpress.org/browser/eventprime-event-calendar-management/tags/4.0.5.3/admin/partials/metaboxes/meta-box-tickets-panel-html.php#L264",
"https://plugins.trac.wordpress.org/browser/eventprime-event-calendar-management/tags/4.0.5.3/includes/class-ep-ajax.php#L1245",
"https://plugins.trac.wordpress.org/browser/eventprime-event-calendar-management/tags/4.0.5.3/includes/class-ep-ajax.php#L971",
"https://plugins.trac.wordpress.org/browser/eventprime-event-calendar-management/tags/4.0.5.3/includes/class-eventprime-sanitizer.php#L122",
"https://www.wordfence.com/threat-intel/vulnerabilities/id/9e51c8b5-cbb9-48aa-9c99-69f1b39fb0b4?source=cve"
],
"upstream": {
"datePublished": "2024-12-17T09:22:41.540Z",
"dateReserved": "2024-12-02T14:36:59.586Z",
"dateUpdated": "2024-12-17T17:29:41.507Z",
"digest": "caaa1bbdd891c00987f970fb18a37df213062cb14218484111700516f4e9d6c5"
}
},
"adp": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"cpes": [
"cpe:2.3:a:metagauss:eventprime:*:*:*:*:*:wordpress:*:*"
],
"packageName": "eventprime-event-calendar-management",
"packageType": "wordpress-plugin",
"product": "EventPrime – Events Calendar, Bookings and Tickets",
"repo": "https://plugins.svn.wordpress.org/eventprime-event-calendar-management",
"vendor": "metagauss",
"versions": [
{
"lessThan": "4.0.6.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-8000-000000000000",
"shortName": "anchoreadp"
}
}
}
45 changes: 45 additions & 0 deletions data/anchore/2024/CVE-2024-12239.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
{
"additionalMetadata": {
"cna": "wordfence",
"cveId": "CVE-2024-12239",
"description": "The PowerPack Lite for Beaver Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the navigate parameter in all versions up to, and including, 1.3.0.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick an administrative user into performing an action such as clicking on a link.",
"reason": "Added CPE configurations because not yet analyzed by NVD.",
"references": [
"https://plugins.trac.wordpress.org/browser/powerpack-addon-for-beaver-builder/trunk/includes/admin-settings-templates.php#L62",
"https://www.wordfence.com/threat-intel/vulnerabilities/id/5138ed4c-3e9c-45da-917e-e8d8396a62f1?source=cve"
],
"upstream": {
"datePublished": "2024-12-17T01:45:15.497Z",
"dateReserved": "2024-12-05T12:14:23.511Z",
"dateUpdated": "2024-12-17T14:35:57.246Z",
"digest": "d7e14a9a7c7fcf7824271cb7e521035cf6da9e34e13ee09edcdeaa0f475981de"
}
},
"adp": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"cpes": [
"cpe:2.3:a:wpbeaveraddons:powerpack_lite_for_beaver_builder:*:*:*:*:*:wordpress:*:*"
],
"packageName": "powerpack-addon-for-beaver-builder",
"packageType": "wordpress-plugin",
"product": "PowerPack Lite for Beaver Builder",
"repo": "https://plugins.svn.wordpress.org/powerpack-addon-for-beaver-builder",
"vendor": "ideaboxcreations",
"versions": [
{
"lessThan": "1.3.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-8000-000000000000",
"shortName": "anchoreadp"
}
}
}
46 changes: 46 additions & 0 deletions data/anchore/2024/CVE-2024-12539.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
{
"additionalMetadata": {
"cna": "elastic",
"cveId": "CVE-2024-12539",
"description": "An issue was discovered where improper authorization controls affected certain queries that could allow a malicious actor to circumvent Document Level Security in Elasticsearch and get access to documents that their roles would normally not allow.",
"reason": "Added CPE configurations because not yet analyzed by NVD.",
"references": [
"https://discuss.elastic.co/t/elasticsearch-8-16-2-8-17-0-security-update/372091"
],
"upstream": {
"datePublished": "2024-12-17T20:50:04.968Z",
"dateReserved": "2024-12-11T20:10:08.792Z",
"dateUpdated": "2024-12-17T21:23:57.366Z",
"digest": "bbab2295ea166199d85c58ced483484b7db10aa273b84102472127c9f39314ad"
}
},
"adp": {
"affected": [
{
"collectionURL": "https://artifacts.elastic.co/downloads/elasticsearch",
"cpes": [
"cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:maven:*:*",
"cpe:2.3:a:elasticsearch:elasticsearch:*:*:*:*:*:maven:*:*",
"cpe:2.3:a:org.elasticsearch:elasticsearch:*:*:*:*:*:maven:*:*"
],
"packageName": "org.elasticsearch:elasticsearch",
"packageType": "maven",
"product": "Elasticsearch",
"repo": "https://github.com/elastic/elasticsearch",
"vendor": "Elastic",
"versions": [
{
"lessThan": "8.16.2",
"status": "affected",
"version": "8.16.0",
"versionType": "semver"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-8000-000000000000",
"shortName": "anchoreadp"
}
}
}
47 changes: 47 additions & 0 deletions data/anchore/2024/CVE-2024-12601.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
{
"additionalMetadata": {
"cna": "wordfence",
"cveId": "CVE-2024-12601",
"description": "The Calculated Fields Form plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 5.2.63. This is due to unlimited height and width parameters for CAPTCHA images. This makes it possible for unauthenticated attackers to send multiple requests with large values, resulting in slowing server resources if the server does not mitigate Denial of Service attacks.",
"reason": "Added CPE configurations because not yet analyzed by NVD.",
"references": [
"https://plugins.trac.wordpress.org/browser/calculated-fields-form/trunk/captcha/captcha.php#L74",
"https://plugins.trac.wordpress.org/browser/calculated-fields-form/trunk/captcha/captcha.php#L75",
"https://plugins.trac.wordpress.org/changeset/3207826/",
"https://www.wordfence.com/threat-intel/vulnerabilities/id/1eade2ed-9a75-4857-a2c5-a21e016e7029?source=cve"
],
"upstream": {
"datePublished": "2024-12-17T11:10:17.899Z",
"dateReserved": "2024-12-13T00:38:11.068Z",
"dateUpdated": "2024-12-17T17:29:22.544Z",
"digest": "e0f2373cc4b3b13bd8bab2b313a49172a135718eae27d99e0f9009f6be5436a1"
}
},
"adp": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"cpes": [
"cpe:2.3:a:codepeople:calculated_fields_form:*:*:*:*:*:wordpress:*:*"
],
"packageName": "calculated-fields-form",
"packageType": "wordpress-plugin",
"product": "Calculated Fields Form",
"repo": "https://plugins.svn.wordpress.org/calculated-fields-form",
"vendor": "codepeople",
"versions": [
{
"lessThan": "5.2.64",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-8000-000000000000",
"shortName": "anchoreadp"
}
}
}
2 changes: 1 addition & 1 deletion data/anchore/2024/CVE-2024-23444.json
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
"adp": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"collectionURL": "https://artifacts.elastic.co/downloads/elasticsearch",
"cpes": [
"cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:maven:*:*",
"cpe:2.3:a:elasticsearch:elasticsearch:*:*:*:*:*:maven:*:*",
Expand Down
2 changes: 1 addition & 1 deletion data/anchore/2024/CVE-2024-23445.json
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
"adp": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"collectionURL": "https://artifacts.elastic.co/downloads/elasticsearch",
"cpes": [
"cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:maven:*:*",
"cpe:2.3:a:elasticsearch:elasticsearch:*:*:*:*:*:maven:*:*",
Expand Down
2 changes: 1 addition & 1 deletion data/anchore/2024/CVE-2024-23449.json
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
"adp": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"collectionURL": "https://artifacts.elastic.co/downloads/elasticsearch",
"cpes": [
"cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:maven:*:*",
"cpe:2.3:a:elasticsearch:elasticsearch:*:*:*:*:*:maven:*:*",
Expand Down
Loading

0 comments on commit 47661c2

Please sign in to comment.