-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Weston Steimel <[email protected]>
- Loading branch information
1 parent
03f6923
commit 47661c2
Showing
25 changed files
with
652 additions
and
26 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
{ | ||
"additionalMetadata": { | ||
"cna": "wordfence", | ||
"cveId": "CVE-2024-10356", | ||
"description": "The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.4.8 in inc/Widgets/accordion/output/content.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.", | ||
"reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
"references": [ | ||
"https://plugins.trac.wordpress.org/changeset/3204333/element-ready-lite", | ||
"https://www.wordfence.com/threat-intel/vulnerabilities/id/b0a48c91-7e2c-4708-b5af-dfbcfea08f83?source=cve" | ||
], | ||
"upstream": { | ||
"datePublished": "2024-12-17T12:43:38.479Z", | ||
"dateReserved": "2024-10-24T16:03:33.275Z", | ||
"dateUpdated": "2024-12-17T17:28:56.942Z", | ||
"digest": "23105693886bcc5d3f7989837a54278098b134f876ba4a196a434e6f0dfc7576" | ||
} | ||
}, | ||
"adp": { | ||
"affected": [ | ||
{ | ||
"collectionURL": "https://wordpress.org/plugins", | ||
"cpes": [ | ||
"cpe:2.3:a:quomodosoft:elementsready:*:*:*:*:*:wordpress:*:*" | ||
], | ||
"packageName": "element-ready-lite", | ||
"packageType": "wordpress-plugin", | ||
"product": "ElementsReady Addons for Elementor", | ||
"repo": "https://plugins.svn.wordpress.org/element-ready-lite", | ||
"vendor": "quomodosoft", | ||
"versions": [ | ||
{ | ||
"lessThan": "6.4.9", | ||
"status": "affected", | ||
"version": "0", | ||
"versionType": "semver" | ||
} | ||
] | ||
} | ||
], | ||
"providerMetadata": { | ||
"orgId": "00000000-0000-4000-8000-000000000000", | ||
"shortName": "anchoreadp" | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
{ | ||
"additionalMetadata": { | ||
"cna": "wordfence", | ||
"cveId": "CVE-2024-11280", | ||
"description": "The PPWP – Password Protect Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.5 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.", | ||
"reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
"references": [ | ||
"https://plugins.trac.wordpress.org/changeset/3208393/password-protect-page", | ||
"https://www.wordfence.com/threat-intel/vulnerabilities/id/d9ac0d84-dff4-4a03-a530-cac47ffaf2bb?source=cve" | ||
], | ||
"upstream": { | ||
"datePublished": "2024-12-17T11:24:29.909Z", | ||
"dateReserved": "2024-11-15T19:22:40.649Z", | ||
"dateUpdated": "2024-12-17T17:29:04.305Z", | ||
"digest": "998346e4a730eb2d6ab3f8aa4eed2226fcde79294168225cad6f62d33aa9d4a6" | ||
} | ||
}, | ||
"adp": { | ||
"affected": [ | ||
{ | ||
"collectionURL": "https://wordpress.org/plugins", | ||
"cpes": [ | ||
"cpe:2.3:a:passwordprotectwp:password_protect_wordpress:*:*:*:*:*:wordpress:*:*" | ||
], | ||
"packageName": "password-protect-page", | ||
"packageType": "wordpress-plugin", | ||
"product": "PPWP – Password Protect Pages", | ||
"repo": "https://plugins.svn.wordpress.org/password-protect-page", | ||
"vendor": "yuryonfolio", | ||
"versions": [ | ||
{ | ||
"lessThan": "1.9.6", | ||
"status": "affected", | ||
"version": "0", | ||
"versionType": "semver" | ||
} | ||
] | ||
} | ||
], | ||
"providerMetadata": { | ||
"orgId": "00000000-0000-4000-8000-000000000000", | ||
"shortName": "anchoreadp" | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
{ | ||
"additionalMetadata": { | ||
"cna": "wordfence", | ||
"cveId": "CVE-2024-11294", | ||
"description": "The Memberful plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.73.9 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as site members.", | ||
"reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
"references": [ | ||
"https://plugins.trac.wordpress.org/changeset/3204895/memberful-wp", | ||
"https://www.wordfence.com/threat-intel/vulnerabilities/id/19ad787d-e027-48f5-8b5f-9263338b4fc3?source=cve" | ||
], | ||
"upstream": { | ||
"datePublished": "2024-12-17T08:22:46.366Z", | ||
"dateReserved": "2024-11-15T23:28:57.445Z", | ||
"dateUpdated": "2024-12-17T14:37:53.936Z", | ||
"digest": "607cab6eb4162e50d29c5fc2dcc0eaba3cb1fdb2ef44fb7c98818a637673d8dc" | ||
} | ||
}, | ||
"adp": { | ||
"affected": [ | ||
{ | ||
"collectionURL": "https://wordpress.org/plugins", | ||
"cpes": [ | ||
"cpe:2.3:a:memberful:memberful:*:*:*:*:*:wordpress:*:*" | ||
], | ||
"packageName": "memberful-wp", | ||
"packageType": "wordpress-plugin", | ||
"product": "Memberful – Membership Plugin", | ||
"repo": "https://plugins.svn.wordpress.org/memberful-wp", | ||
"vendor": "memberful", | ||
"versions": [ | ||
{ | ||
"lessThan": "1.74.0", | ||
"status": "affected", | ||
"version": "0", | ||
"versionType": "semver" | ||
} | ||
] | ||
} | ||
], | ||
"providerMetadata": { | ||
"orgId": "00000000-0000-4000-8000-000000000000", | ||
"shortName": "anchoreadp" | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
{ | ||
"additionalMetadata": { | ||
"cna": "wordfence", | ||
"cveId": "CVE-2024-12024", | ||
"description": "The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the em_ticket_category_data and em_ticket_individual_data parameters in all versions up to, and including, 4.0.5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever an administrative user accesses an injected page.\r\nNote: this vulnerability requires the \"Guest Submissions\" setting to be enabled. It is disabled by default.", | ||
"reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
"references": [ | ||
"https://plugins.trac.wordpress.org/browser/eventprime-event-calendar-management/tags/4.0.5.3/admin/partials/metaboxes/meta-box-tickets-panel-html.php#L216", | ||
"https://plugins.trac.wordpress.org/browser/eventprime-event-calendar-management/tags/4.0.5.3/admin/partials/metaboxes/meta-box-tickets-panel-html.php#L264", | ||
"https://plugins.trac.wordpress.org/browser/eventprime-event-calendar-management/tags/4.0.5.3/includes/class-ep-ajax.php#L1245", | ||
"https://plugins.trac.wordpress.org/browser/eventprime-event-calendar-management/tags/4.0.5.3/includes/class-ep-ajax.php#L971", | ||
"https://plugins.trac.wordpress.org/browser/eventprime-event-calendar-management/tags/4.0.5.3/includes/class-eventprime-sanitizer.php#L122", | ||
"https://www.wordfence.com/threat-intel/vulnerabilities/id/9e51c8b5-cbb9-48aa-9c99-69f1b39fb0b4?source=cve" | ||
], | ||
"upstream": { | ||
"datePublished": "2024-12-17T09:22:41.540Z", | ||
"dateReserved": "2024-12-02T14:36:59.586Z", | ||
"dateUpdated": "2024-12-17T17:29:41.507Z", | ||
"digest": "caaa1bbdd891c00987f970fb18a37df213062cb14218484111700516f4e9d6c5" | ||
} | ||
}, | ||
"adp": { | ||
"affected": [ | ||
{ | ||
"collectionURL": "https://wordpress.org/plugins", | ||
"cpes": [ | ||
"cpe:2.3:a:metagauss:eventprime:*:*:*:*:*:wordpress:*:*" | ||
], | ||
"packageName": "eventprime-event-calendar-management", | ||
"packageType": "wordpress-plugin", | ||
"product": "EventPrime – Events Calendar, Bookings and Tickets", | ||
"repo": "https://plugins.svn.wordpress.org/eventprime-event-calendar-management", | ||
"vendor": "metagauss", | ||
"versions": [ | ||
{ | ||
"lessThan": "4.0.6.0", | ||
"status": "affected", | ||
"version": "0", | ||
"versionType": "semver" | ||
} | ||
] | ||
} | ||
], | ||
"providerMetadata": { | ||
"orgId": "00000000-0000-4000-8000-000000000000", | ||
"shortName": "anchoreadp" | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
{ | ||
"additionalMetadata": { | ||
"cna": "wordfence", | ||
"cveId": "CVE-2024-12239", | ||
"description": "The PowerPack Lite for Beaver Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the navigate parameter in all versions up to, and including, 1.3.0.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick an administrative user into performing an action such as clicking on a link.", | ||
"reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
"references": [ | ||
"https://plugins.trac.wordpress.org/browser/powerpack-addon-for-beaver-builder/trunk/includes/admin-settings-templates.php#L62", | ||
"https://www.wordfence.com/threat-intel/vulnerabilities/id/5138ed4c-3e9c-45da-917e-e8d8396a62f1?source=cve" | ||
], | ||
"upstream": { | ||
"datePublished": "2024-12-17T01:45:15.497Z", | ||
"dateReserved": "2024-12-05T12:14:23.511Z", | ||
"dateUpdated": "2024-12-17T14:35:57.246Z", | ||
"digest": "d7e14a9a7c7fcf7824271cb7e521035cf6da9e34e13ee09edcdeaa0f475981de" | ||
} | ||
}, | ||
"adp": { | ||
"affected": [ | ||
{ | ||
"collectionURL": "https://wordpress.org/plugins", | ||
"cpes": [ | ||
"cpe:2.3:a:wpbeaveraddons:powerpack_lite_for_beaver_builder:*:*:*:*:*:wordpress:*:*" | ||
], | ||
"packageName": "powerpack-addon-for-beaver-builder", | ||
"packageType": "wordpress-plugin", | ||
"product": "PowerPack Lite for Beaver Builder", | ||
"repo": "https://plugins.svn.wordpress.org/powerpack-addon-for-beaver-builder", | ||
"vendor": "ideaboxcreations", | ||
"versions": [ | ||
{ | ||
"lessThan": "1.3.1", | ||
"status": "affected", | ||
"version": "0", | ||
"versionType": "semver" | ||
} | ||
] | ||
} | ||
], | ||
"providerMetadata": { | ||
"orgId": "00000000-0000-4000-8000-000000000000", | ||
"shortName": "anchoreadp" | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
{ | ||
"additionalMetadata": { | ||
"cna": "elastic", | ||
"cveId": "CVE-2024-12539", | ||
"description": "An issue was discovered where improper authorization controls affected certain queries that could allow a malicious actor to circumvent Document Level Security in Elasticsearch and get access to documents that their roles would normally not allow.", | ||
"reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
"references": [ | ||
"https://discuss.elastic.co/t/elasticsearch-8-16-2-8-17-0-security-update/372091" | ||
], | ||
"upstream": { | ||
"datePublished": "2024-12-17T20:50:04.968Z", | ||
"dateReserved": "2024-12-11T20:10:08.792Z", | ||
"dateUpdated": "2024-12-17T21:23:57.366Z", | ||
"digest": "bbab2295ea166199d85c58ced483484b7db10aa273b84102472127c9f39314ad" | ||
} | ||
}, | ||
"adp": { | ||
"affected": [ | ||
{ | ||
"collectionURL": "https://artifacts.elastic.co/downloads/elasticsearch", | ||
"cpes": [ | ||
"cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:maven:*:*", | ||
"cpe:2.3:a:elasticsearch:elasticsearch:*:*:*:*:*:maven:*:*", | ||
"cpe:2.3:a:org.elasticsearch:elasticsearch:*:*:*:*:*:maven:*:*" | ||
], | ||
"packageName": "org.elasticsearch:elasticsearch", | ||
"packageType": "maven", | ||
"product": "Elasticsearch", | ||
"repo": "https://github.com/elastic/elasticsearch", | ||
"vendor": "Elastic", | ||
"versions": [ | ||
{ | ||
"lessThan": "8.16.2", | ||
"status": "affected", | ||
"version": "8.16.0", | ||
"versionType": "semver" | ||
} | ||
] | ||
} | ||
], | ||
"providerMetadata": { | ||
"orgId": "00000000-0000-4000-8000-000000000000", | ||
"shortName": "anchoreadp" | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
{ | ||
"additionalMetadata": { | ||
"cna": "wordfence", | ||
"cveId": "CVE-2024-12601", | ||
"description": "The Calculated Fields Form plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 5.2.63. This is due to unlimited height and width parameters for CAPTCHA images. This makes it possible for unauthenticated attackers to send multiple requests with large values, resulting in slowing server resources if the server does not mitigate Denial of Service attacks.", | ||
"reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
"references": [ | ||
"https://plugins.trac.wordpress.org/browser/calculated-fields-form/trunk/captcha/captcha.php#L74", | ||
"https://plugins.trac.wordpress.org/browser/calculated-fields-form/trunk/captcha/captcha.php#L75", | ||
"https://plugins.trac.wordpress.org/changeset/3207826/", | ||
"https://www.wordfence.com/threat-intel/vulnerabilities/id/1eade2ed-9a75-4857-a2c5-a21e016e7029?source=cve" | ||
], | ||
"upstream": { | ||
"datePublished": "2024-12-17T11:10:17.899Z", | ||
"dateReserved": "2024-12-13T00:38:11.068Z", | ||
"dateUpdated": "2024-12-17T17:29:22.544Z", | ||
"digest": "e0f2373cc4b3b13bd8bab2b313a49172a135718eae27d99e0f9009f6be5436a1" | ||
} | ||
}, | ||
"adp": { | ||
"affected": [ | ||
{ | ||
"collectionURL": "https://wordpress.org/plugins", | ||
"cpes": [ | ||
"cpe:2.3:a:codepeople:calculated_fields_form:*:*:*:*:*:wordpress:*:*" | ||
], | ||
"packageName": "calculated-fields-form", | ||
"packageType": "wordpress-plugin", | ||
"product": "Calculated Fields Form", | ||
"repo": "https://plugins.svn.wordpress.org/calculated-fields-form", | ||
"vendor": "codepeople", | ||
"versions": [ | ||
{ | ||
"lessThan": "5.2.64", | ||
"status": "affected", | ||
"version": "0", | ||
"versionType": "semver" | ||
} | ||
] | ||
} | ||
], | ||
"providerMetadata": { | ||
"orgId": "00000000-0000-4000-8000-000000000000", | ||
"shortName": "anchoreadp" | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.