Skip to content

Commit

Permalink
updates 2024-12-10
Browse files Browse the repository at this point in the history
Signed-off-by: Weston Steimel <[email protected]>
  • Loading branch information
westonsteimel committed Dec 10, 2024
1 parent cd265f5 commit 52b8b74
Show file tree
Hide file tree
Showing 114 changed files with 4,981 additions and 0 deletions.
2 changes: 2 additions & 0 deletions data/anchore/2022/CVE-2022-4974.json
Original file line number Diff line number Diff line change
Expand Up @@ -1611,6 +1611,7 @@
"packageName": "quick-contact-form",
"packageType": "wordpress-plugin",
"product": "Quick Contact Form",
"repo": "https://plugins.svn.wordpress.org/quick-contact-form",
"vendor": "fullworks",
"versions": [
{
Expand Down Expand Up @@ -2026,6 +2027,7 @@
"packageName": "quick-paypal-payments",
"packageType": "wordpress-plugin",
"product": "Quick Paypal Payments",
"repo": "https://plugins.svn.wordpress.org/quick-paypal-payments",
"vendor": "fullworks",
"versions": [
{
Expand Down
46 changes: 46 additions & 0 deletions data/anchore/2023/CVE-2023-22701.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
{
"additionalMetadata": {
"cna": "patchstack",
"cveId": "CVE-2023-22701",
"description": "Missing Authorization vulnerability in Shopfiles Ltd Ebook Store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ebook Store: from n/a through 5.775.",
"reason": "Added CPE configurations because not yet analyzed by NVD.",
"references": [
"https://patchstack.com/database/wordpress/plugin/ebook-store/vulnerability/wordpress-ebook-store-plugin-5-775-broken-authentication-vulnerability?_s_id=cve"
],
"solutions": [
"No patched version is available."
]
},
"adp": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"cpes": [
"cpe:2.3:a:shopfiles:ebook_store:*:*:*:*:*:wordpress:*:*"
],
"packageName": "ebook-store",
"packageType": "wordpress-plugin",
"product": "Ebook Store",
"repo": "https://plugins.svn.wordpress.org/ebook-store",
"vendor": "Shopfiles Ltd",
"versions": [
{
"lessThan": "5.78",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-8000-000000000000",
"shortName": "anchoreadp"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d4b17cce-bb52-4125-8c85-6da15517275f?source=cve"
}
]
}
}
46 changes: 46 additions & 0 deletions data/anchore/2023/CVE-2023-22708.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
{
"additionalMetadata": {
"cna": "patchstack",
"cveId": "CVE-2023-22708",
"description": "Missing Authorization vulnerability in Karim Salman Kraken.io Image Optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kraken.io Image Optimizer: from n/a through 2.6.7.",
"reason": "Added CPE configurations because not yet analyzed by NVD.",
"references": [
"https://patchstack.com/database/wordpress/plugin/kraken-image-optimizer/vulnerability/wordpress-kraken-io-image-optimizer-plugin-2-6-7-broken-access-control?_s_id=cve"
],
"solutions": [
"Update the WordPress Kraken.io Image Optimizer plugin to the latest available version (at least 2.6.8)."
]
},
"adp": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"cpes": [
"cpe:2.3:a:kraken:kraken.io_image_optimizer:*:*:*:*:*:wordpress:*:*"
],
"packageName": "kraken-image-optimizer",
"packageType": "wordpress-plugin",
"product": "Kraken.io Image Optimizer",
"repo": "https://plugins.svn.wordpress.org/kraken-image-optimizer",
"vendor": "Karim Salman",
"versions": [
{
"lessThan": "2.6.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-8000-000000000000",
"shortName": "anchoreadp"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2497837d-dec6-4a1d-be88-5c0e659eeb46?source=cve"
}
]
}
}
46 changes: 46 additions & 0 deletions data/anchore/2023/CVE-2023-23715.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
{
"additionalMetadata": {
"cna": "patchstack",
"cveId": "CVE-2023-23715",
"description": "Missing Authorization vulnerability in JobBoardWP JobBoardWP – Job Board Listings and Submissions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobBoardWP – Job Board Listings and Submissions: from n/a through 1.2.2.",
"reason": "Added CPE configurations because not yet analyzed by NVD.",
"references": [
"https://patchstack.com/database/wordpress/plugin/jobboardwp/vulnerability/wordpress-jobboardwp-job-board-listings-and-submissions-plugin-1-2-2-idor-leading-to-job-removal-vulnerability?_s_id=cve"
],
"solutions": [
"Update the WordPress JobBoardWP – Job Board Listings and Submissions plugin to the latest available version (at least 1.2.3)."
]
},
"adp": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"cpes": [
"cpe:2.3:a:ultimatemember:jobboardwp:*:*:*:*:*:wordpress:*:*"
],
"packageName": "jobboardwp",
"packageType": "wordpress-plugin",
"product": "JobBoardWP – Job Board Listings and Submissions",
"repo": "https://plugins.svn.wordpress.org/jobboardwp",
"vendor": "JobBoardWP",
"versions": [
{
"lessThan": "1.2.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-8000-000000000000",
"shortName": "anchoreadp"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/50cc1a15-bb73-4c60-b610-e0c3bf1ef841?source=cve"
}
]
}
}
46 changes: 46 additions & 0 deletions data/anchore/2023/CVE-2023-23726.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
{
"additionalMetadata": {
"cna": "patchstack",
"cveId": "CVE-2023-23726",
"description": "Cross-Site Request Forgery (CSRF) vulnerability in Tickera.com Tickera allows Cross Site Request Forgery.This issue affects Tickera: from n/a through 3.5.1.0.",
"reason": "Added CPE configurations because not yet analyzed by NVD.",
"references": [
"https://patchstack.com/database/wordpress/plugin/tickera-event-ticketing-system/vulnerability/wordpress-tickera-wordpress-event-ticketing-plugin-3-5-1-0-csrf-leading-to-post-status-change-vulnerability?_s_id=cve"
],
"solutions": [
"Update the WordPress Tickera plugin to the latest available version (at least 3.5.1.1)."
]
},
"adp": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"cpes": [
"cpe:2.3:a:tickera:tickera:*:*:*:*:*:wordpress:*:*"
],
"packageName": "tickera-event-ticketing-system",
"packageType": "wordpress-plugin",
"product": "Tickera",
"repo": "https://plugins.svn.wordpress.org/tickera-event-ticketing-system",
"vendor": "Tickera.com",
"versions": [
{
"lessThan": "3.5.1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-8000-000000000000",
"shortName": "anchoreadp"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bb0f8a0c-d02f-46e2-8808-3ffada105d13?source=cve"
}
]
}
}
47 changes: 47 additions & 0 deletions data/anchore/2023/CVE-2023-23814.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
{
"additionalMetadata": {
"cna": "patchstack",
"cveId": "CVE-2023-23814",
"description": "Missing Authorization vulnerability in CodePeople CP Multi View Event Calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CP Multi View Event Calendar : from n/a through 1.4.13.",
"reason": "Added CPE configurations because not yet analyzed by NVD.",
"references": [
"https://patchstack.com/database/wordpress/plugin/cp-multi-view-calendar/vulnerability/wordpress-calendar-event-multi-view-plugin-1-4-13-broken-access-control-vulnerability?_s_id=cve"
],
"solutions": [
"Update the WordPress CP Multi View Event Calendar plugin to the latest available version (at least 1.4.15)."
]
},
"adp": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"cpes": [
"cpe:2.3:a:cp_multi_view_event_calendar_project:cp_multi_view_event_calendar:*:*:*:*:wordpress:wordpress:*:*",
"cpe:2.3:a:dwbooster:calendar_event_multi_view:*:*:*:*:*:wordpress:*:*"
],
"packageName": "cp-multi-view-calendar",
"packageType": "wordpress-plugin",
"product": "CP Multi View Event Calendar",
"repo": "https://plugins.svn.wordpress.org/cp-multi-view-calendar",
"vendor": "CodePeople",
"versions": [
{
"lessThan": "1.4.15",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-8000-000000000000",
"shortName": "anchoreadp"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/13d0eb8a-5b63-460e-b4ba-a3ed80c84fc2?source=cve"
}
]
}
}
46 changes: 46 additions & 0 deletions data/anchore/2023/CVE-2023-23823.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
{
"additionalMetadata": {
"cna": "patchstack",
"cveId": "CVE-2023-23823",
"description": "Missing Authorization vulnerability in Clever Widgets Enhanced Text Widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Enhanced Text Widget: from n/a through 1.5.8.",
"reason": "Added CPE configurations because not yet analyzed by NVD.",
"references": [
"https://patchstack.com/database/wordpress/plugin/enhanced-text-widget/vulnerability/wordpress-enhanced-text-widget-plugin-1-5-7-broken-access-control-vulnerability?_s_id=cve"
],
"solutions": [
"No patched version is available. No reply from the vendor."
]
},
"adp": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"cpes": [
"cpe:2.3:a:themecheck:enhanced_text_widget:*:*:*:*:*:wordpress:*:*"
],
"packageName": "enhanced-text-widget",
"packageType": "wordpress-plugin",
"product": "Enhanced Text Widget",
"repo": "https://plugins.svn.wordpress.org/enhanced-text-widget",
"vendor": "Clever Widgets",
"versions": [
{
"lessThan": "1.5.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-8000-000000000000",
"shortName": "anchoreadp"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7487f72c-9852-4651-a848-239d4882bbf8?source=cve"
}
]
}
}
46 changes: 46 additions & 0 deletions data/anchore/2023/CVE-2023-23825.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
{
"additionalMetadata": {
"cna": "patchstack",
"cveId": "CVE-2023-23825",
"description": "Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.3.0.",
"reason": "Added CPE configurations because not yet analyzed by NVD.",
"references": [
"https://patchstack.com/database/wordpress/plugin/ultimate-addons-for-gutenberg/vulnerability/wordpress-spectra-wordpress-gutenberg-blocks-plugin-2-3-0-broken-access-control-csrf-on-import-wpforms-vulnerability?_s_id=cve"
],
"solutions": [
"Update the WordPress Gutenberg Blocks plugin to the latest available version (at least 2.3.1)."
]
},
"adp": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"cpes": [
"cpe:2.3:a:brainstormforce:spectra:*:*:*:*:*:wordpress:*:*"
],
"packageName": "ultimate-addons-for-gutenberg",
"packageType": "wordpress-plugin",
"product": "Spectra",
"repo": "https://plugins.svn.wordpress.org/ultimate-addons-for-gutenberg",
"vendor": "Brainstorm Force",
"versions": [
{
"lessThan": "2.3.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-8000-000000000000",
"shortName": "anchoreadp"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4b225e5e-7207-4af4-b023-ad23fd540d56?source=cve"
}
]
}
}
Loading

0 comments on commit 52b8b74

Please sign in to comment.